News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Forum Firewall

Started by butchs, January 15, 2011, 11:00:37 AM

Previous topic - Next topic

butchs

To be honest,this mod is not for newbies.  I suggest using BadBehavor with CrawlProtect and some user questions.

I spent some time making tutorials throughout this thread.  I then added them to my first post.  Someone who I have a pretty good idea who decided to replace that post with the first post for the mod.  If you feel energetic you can find them...

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

brynn

Thanks butchs.

I already do have Bad Behavior, which at least I understand the concept, and might even be able to set it up on my own, if I had to.  Actually have the whole security setup that was created for me originally.  (Forum Firewall, Bad Behavior, Stop Spammer)  I just need to learn how to use them all.  Because I'm guessing having moved to a new server, I might have to change some settings - ip address maybe, in some mods?

I've never heard of CrawlProtect, and don't find any mod by that name.  Oh ok, I found.  I will investigate.

When you say "some user questions", do you mean of the type "are you human?" on registration?  Yes, I have what I think are some very strong questions there.  Or do you mean I should ask user questions about security in the forum?

Do you mean the tutorials are scattered in this thread?  Or are they all over the forum?  If I find them, I'll make a list with links, so others can find them.

Maybe it would be better for me to shoot for a more broad goal for learning about forum or website security.  Do you (or anyone) know of any articles or tutorials or websites which address this general subject?  I need to start learning somehow. 

I certainly will search myself.  But not knowing the proper terminology, will limit what I can find.

I mean, there must be best practices, or something like that?  Something that compare/contrast different methods and techniques, pros and cons, and all that.  I'll search, but appreciate any tips, if anyone has any.

Thanks again   :)

aegersz

Quote from: butchs on July 09, 2017, 03:36:38 PM
It too me a little over a year of hard work to write this software.  Honestly, I have no idea what you did so I cannot answer your question.

wow, a whole year ? i am running it on my dev system now, on the strength of that !

I'm still relatively new to the world of web enabled software so I don't really understand many of my vulnerabilities well enough.

I will do some research into the features that this offers and that should be educational. thanks. 
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

butchs

If you are upgrading SMF to v2.0.14 and currently have this mod installed you will have to uninstall this mod, then update SMF to v2.0.14 and then reinstall this mod.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

dynaweb

Just an FYI that I installed this plugin yesterday and my Maldet scanner quarantined it as a trojan. 2.X latest version got it from this site :(
FSS to HTML Widget [nofollow] - Snowboarding Forums [nofollow]

butchs

Funny, so they finally caught up to FF as FF has been doing this since 2010!  So you run a program that scans for malware on a program that scans for malware and input from malware and you think this is an issue?  Of course NOT, FF uses the same search strings?  Either make FF a safe program or delete something. 

Please note that FF scans files too.  But FF stops malware when they attack not after it is on your server. 
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

sieemma

If I leave all the cells that ask to input codes, will FF still work?
Where they ask to input xx/yy

butchs

I do not understand.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

Dear FF users,
As some of you know I designed FF to work with cloudflare (CF) and detect when CF is bypassed.  Some of the feature I added I did so because they were not available in CF at the time.  Now that CF has caught up with bots and country blocking for free services I can decrease the stress on my forum even more with "Firewall Rules".  You are only allower 5 rules with the free service.  I still keep my settings in FF just in case it is bypassed and I duplicate most of the settings in CF.

Here are some suggested rules (see attached list):
Bad Bots 1 (http.user_agent contains "@nonymouse") or (http.user_agent contains "ADSARobot") or (http.user_agent contains "ah-ha") or (http.user_agent contains "Ahrefs") or (http.user_agent contains "AhrefsBot") or (http.user_agent contains "aktuelles") or (http.user_agent contains "almaden") or (http.user_agent contains "amzn_assoc") or (http.user_agent contains "Anarchie") or (http.user_agent contains "Art-Online") or (http.user_agent contains "AspiWeb") or (http.user_agent contains "ASPSeek") or (http.user_agent contains "ASSORT") or (http.user_agent contains "ATHENS") or (http.user_agent contains "Atomz") or (http.user_agent contains "attach") or (http.user_agent contains "attache") or (http.user_agent contains "autoemailspider") or (http.user_agent contains "BackWeb") or (http.user_agent contains "Bandit") or (http.user_agent contains "BatchFTP") or (http.user_agent contains "bdfetch") or (http.user_agent contains "Baiduspider") or (http.user_agent contains "Baiduspider-image") or (http.user_agent contains "Baiduspider-video") or (http.user_agent contains "Baiduspider-news") or (http.user_agent contains "Baiduspider-favo") or (http.user_agent contains "Baiduspider-cpro") or (http.user_agent contains "Baiduspider-ads") or (http.user_agent contains "BlackWidow") or (http.user_agent contains "BLEXBot") or (http.user_agent contains "bmclient") or (http.user_agent contains "BUbiNG") or (http.user_agent contains "Buddy") or (http.user_agent contains "Bullseye") or (http.user_agent contains "bumblebee") or (http.user_agent contains "capture") or (http.user_agent contains "CCBot") or (http.user_agent contains "CherryPicker") or (http.user_agent contains "ChinaClaw") or (http.user_agent contains "CICC") or (http.user_agent contains "clipping") or (http.user_agent contains "CFNetwork") or (http.user_agent contains "cURL") or (http.user_agent contains "Custo") or (http.user_agent contains "cyberalert") or (http.user_agent contains "Deweb") or (http.user_agent contains "diagem") or (http.user_agent contains "Digger") or (http.user_agent contains "DigExt") or (http.user_agent contains "Digimarc") or (http.user_agent contains "DIIbot") or (http.user_agent contains "DirectUpdate") or (http.user_agent contains "DISCo") or (http.user_agent contains "Drip") or (http.user_agent contains "DSurf15a") or (http.user_agent contains "EasyDL") or (http.user_agent contains "eCatch") or (http.user_agent contains "ecollector") or (http.user_agent contains "EirGrabber") or (http.user_agent contains "EmailCollector") or (http.user_agent contains "EmailSiphon") or (http.user_agent contains "EmailWolf") or (http.user_agent contains "ExtractorPro") or (http.user_agent contains "EyeNetIE") or (http.user_agent contains "Ezooms") or (http.user_agent contains "fastlwspider")

Bad Bots 2(http.user_agent contains "FavOrg") or (http.user_agent contains "FEZhead") or (http.user_agent contains "FileHound") or (http.user_agent contains "FlashGet") or (http.user_agent contains "FlickBot") or (http.user_agent contains "fluffy") or (http.user_agent contains "frontpage") or (http.user_agent contains "GalaxyBot") or (http.user_agent contains "Generic") or (http.user_agent contains "Getleft") or (http.user_agent contains "GetSmart") or (http.user_agent contains "GetWeb!") or (http.user_agent contains "GetWebPage") or (http.user_agent contains "gigabaz") or (http.user_agent contains "Girafabot") or (http.user_agent contains "Go!Zilla") or (http.user_agent contains "Go-Ahead-Got-It") or (http.user_agent contains "GornKer") or (http.user_agent contains "Grabber") or (http.user_agent contains "GrabNet") or (http.user_agent contains "Grafula") or (http.user_agent contains "Harvest") or (http.user_agent contains "hhjhj@yahoo") or (http.user_agent contains "hloader") or (http.user_agent contains "HMView") or (http.user_agent contains "HomePageSearch") or (http.user_agent contains "HTTPConnect") or (http.user_agent contains "httpdown") or (http.user_agent contains "HTTrack") or (http.user_agent contains "IBM_Planetwide") or (http.user_agent contains "ichiro") or (http.user_agent contains "imagefetch") or (http.user_agent contains "IncyWincy") or (http.user_agent contains "informant") or (http.user_agent contains "Ingelin") or (http.user_agent contains "InterGET") or (http.user_agent contains "InternetLinkAgent") or (http.user_agent contains "iOpus") or (http.user_agent contains "Iria") or (http.user_agent contains "Irvine") or (http.user_agent contains "Jakarta") or (http.user_agent contains "JBH*Agent") or (http.user_agent contains "JetCar") or (http.user_agent contains "JustView") or (http.user_agent contains "Kapere") or (http.user_agent contains "knowledge") or (http.user_agent contains "KWebGet") or (http.user_agent contains "Lachesis") or (http.user_agent contains "larbin") or (http.user_agent contains "LeechFTP") or (http.user_agent contains "LexiBot") or (http.user_agent contains "lftp") or (http.user_agent contains "libwww") or (http.user_agent contains "likse") or (http.user_agent contains "Link*Sleuth") or (http.user_agent contains "LinkWalker") or (http.user_agent contains "lwp-trivial") or (http.user_agent contains "majestic12") or (http.user_agent contains "Mag-Net") or (http.user_agent contains "Magnet") or (http.user_agent contains "MCspider") or (http.user_agent contains "MemoWeb") or (http.user_agent contains "moget") or (http.user_agent contains "MSProxy") or (http.user_agent contains "multithreaddb") or (http.user_agent contains "muckrack") or (http.user_agent contains "MJ12") or (http.user_agent contains "nationaldirectory") or (http.user_agent contains "NaverBot") or (http.user_agent contains "Navroad") or (http.user_agent contains "NearSite") or (http.user_agent contains "NetAnts") or (http.user_agent contains "NetCarta") or (http.user_agent contains "netcraft") or (http.user_agent contains "netfactual") or (http.user_agent contains "NetMechanic") or (http.user_agent contains "netprospector") or (http.user_agent contains "NetResearchServer") or (http.user_agent contains "NetSpider") or (http.user_agent contains "NetZIP") or (http.user_agent contains "NEWT") or (http.user_agent contains "nicerspro") or (http.user_agent contains "NPBot") or (http.user_agent contains "Octopus") or (http.user_agent contains "OpaL") or (http.user_agent contains "Openfind") or (http.user_agent contains "OpenTextSiteCrawler") or (http.user_agent contains "OutWit") or (http.user_agent contains "PackRat") or (http.user_agent contains "PageGrabber") or (http.user_agent contains "pavuk") or (http.user_agent contains "pcBrowser") or (http.user_agent contains "PersonaPilot") or (http.user_agent contains "PingALink") or (http.user_agent contains "Pockey") or (http.user_agent contains "psbot") or (http.user_agent contains "PSurf") or (http.user_agent contains "puf") or (http.user_agent contains "Pump")

Bad Bots 3 (http.user_agent contains "PushSite") or (http.user_agent contains "python-requests") or (http.user_agent contains "QRVA") or (http.user_agent contains "Qwantify") or (http.user_agent contains "QuepasaCreep") or (http.user_agent contains "RealDownload") or (http.user_agent contains "Reaper") or (http.user_agent contains "Recorder") or (http.user_agent contains "ReGet") or (http.user_agent contains "replacer") or (http.user_agent contains "RepoMonkey") or (http.user_agent contains "Robozilla") or (http.user_agent contains "Rover") or (http.user_agent contains "RPT-HTTPClient") or (http.user_agent contains "Rsync") or (http.user_agent contains "scoutjet") or (http.user_agent contains "Scrapy") or (http.user_agent contains "SearchExpress") or (http.user_agent contains "searchhippo") or (http.user_agent contains "Shai") or (http.user_agent contains "SISTRIX") or (http.user_agent contains "sitecheck") or (http.user_agent contains "Semrush") or (http.user_agent contains "SemrushBot") or (http.user_agent contains "SiteMapper") or (http.user_agent contains "SiteSnagger") or (http.user_agent contains "SlySearch") or (http.user_agent contains "SmartDownload") or (http.user_agent contains "snagger") or (http.user_agent contains "Sogou") or (http.user_agent contains "sogou spider") or (http.user_agent contains "SpaceBison") or (http.user_agent contains "spbot") or (http.user_agent contains "Spegla") or (http.user_agent contains "SpiderBot") or (http.user_agent contains "SqWorm") or (http.user_agent contains "Stripper") or (http.user_agent contains "Sucker") or (http.user_agent contains "SuperBot") or (http.user_agent contains "SuperHTTP") or (http.user_agent contains "Surfbot") or (http.user_agent contains "SurfWalker") or (http.user_agent contains "Szukacz") or (http.user_agent contains "TalkTalk") or (http.user_agent contains "tAkeOut") or (http.user_agent contains "tarspider") or (http.user_agent contains "Telesoft") or (http.user_agent contains "Templeton") or (http.user_agent contains "traffixer") or (http.user_agent contains "TrueRobot") or (http.user_agent contains "TuringOS") or (http.user_agent contains "TurnitinBot") or (http.user_agent contains "TV33_Mercator") or (http.user_agent contains "UIowaCrawler") or (http.user_agent contains "URL_Spider_Pro") or (http.user_agent contains "UtilMind") or (http.user_agent contains "Vacuum") or (http.user_agent contains "vagabondo") or (http.user_agent contains "vayala") or (http.user_agent contains "visibilitygap") or (http.user_agent contains "vobsub") or (http.user_agent contains "VoidEYE") or (http.user_agent contains "vspider") or (http.user_agent contains "w3mir") or (http.user_agent contains "WebAuto") or (http.user_agent contains "webbandit") or (http.user_agent contains "Webclipping") or (http.user_agent contains "webcollage") or (http.user_agent contains "webcollector") or (http.user_agent contains "WebCopier") or (http.user_agent contains "webcraft@bea") or (http.user_agent contains "WebDAV") or (http.user_agent contains "webdevil") or (http.user_agent contains "webdownloader") or (http.user_agent contains "Webdup") or (http.user_agent contains "WebEmailExtractor") or (http.user_agent contains "WebFetch") or (http.user_agent contains "WebHook") or (http.user_agent contains "Webinator") or (http.user_agent contains "WebLeacher") or (http.user_agent contains "WebMiner") or (http.user_agent contains "WebMirror") or (http.user_agent contains "webmole") or (http.user_agent contains "WebReaper") or (http.user_agent contains "WebSauger") or (http.user_agent contains "WEBsaver") or (http.user_agent contains "WebSnake") or (http.user_agent contains "Webster") or (http.user_agent contains "WebStripper") or (http.user_agent contains "websucker") or (http.user_agent contains "webvac")

Bad Bots 4 (http.user_agent contains "webwalk") or (http.user_agent contains "webweasel") or (http.user_agent contains "WebWhacker") or (http.user_agent contains "WebZIP") or (http.user_agent contains "Wget") or (http.user_agent contains "whizbang") or (http.user_agent contains "WhosTalking") or (http.user_agent contains "Widow") or (http.user_agent contains "WISEbot") or (http.user_agent contains "WUMPUS") or (http.user_agent contains "Wweb") or (http.user_agent contains "WWWOFFLE") or (http.user_agent contains "Wysigot") or (http.user_agent contains "x-Tractor") or (http.user_agent contains "XGET") or (http.user_agent contains "Yandex") or (http.user_agent contains "YoudaoBot") or (http.user_agent contains "Yeti") or (http.user_agent contains "80legs") or (http.user_agent contains "Zeus.*")

Block Countries (ip.geoip.country in {"AD" "AE" "AF" "AG" "AI" "AL" "AM" "AN" "AO" "AQ" "AR" "AS" "AT" "AW" "AX" "AZ" "BA" "BB" "BD" "BE" "BF" "BG" "BH" "BI" "BJ" "BN" "BO" "BR" "BT" "BV" "BW" "BY" "BZ" "CC" "CD" "CF" "CG" "CH" "CI" "CK" "CL" "CM" "CN" "CO" "CR" "CV" "CX" "CY" "CZ" "DE" "DJ" "DK" "DM" "DO" "DZ" "EC" "EE" "EH" "ER" "ET" "FI" "FJ" "FK" "FM" "FO" "FR" "GA" "GE" "GF" "GG" "GH" "GI" "GL" "GM" "GN" "GP" "GQ" "GS" "GT" "GU" "GW" "GY" "HK" "HM" "HN" "HR" "HT" "HU" "ID" "IM" "IQ" "IO" "IR" "IS" "JE" "JM" "JO" "KE" "KG" "KH" "KI" "KM" "KN" "KP" "KR" "KZ" "LA" "LB" "LC" "LI" "LK" "LR" "LS" "LT" "LU" "LV" "LY" "MA" "MC" "MD" "ME" "MG" "MH" "MK" "ML" "MM" "MN" "MO" "MP" "MQ" "MR" "MS" "MT" "MU" "MV" "MW" "MY" "MZ" "NC" "NE" "NF" "NG" "NI" "NL" "NO" "NP" "NR" "NU" "OM" "PA" "PE" "PF" "PG" "PK" "PL" "PM" "PN" "PR" "PS" "PT" "PW" "PY" "QA" "RE" "RO" "RS" "RU" "RW" "SA" "SB" "SC" "SD" "SE" "SG" "SH" "SI" "SJ" "SK" "SL" "SM" "SN" "SO" "SR" "ST" "SV" "SY" "SZ" "TC" "TD" "TF" "TG" "TH" "TJ" "TK" "TL" "TM" "TN" "TO" "TR" "TT" "TV" "TW" "TZ" "UA" "UG" "UY" "UZ" "VC" "VE" "VG" "VI" "VN" "VU" "WF" "WS" "YE" "YT" "ZA" "ZM" "ZW"} and not cf.client.bot)

Be carefull with the las tone as I live in the US and it may block you if you live elsewhere.  Please check you website before leaving for the night.

If you have better tested rules please post them here...
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Мel

Hi! After deleting FF for some tests, I get this error below.
Any tips how to handle it?
"The ability to speak does not make you intelligent."
- Qui-Gon Jinn

Shambles

Quote from: Мel
After deleting FF for some tests ...

Did you uninstall the mod or just hard delete some of its artifacts?   If you went down the 'uninstall' route it looks like you may have ignored some warnings issued.

Мel

Quote from: Shambles on February 01, 2020, 06:09:06 PM
Quote from: Мel
After deleting FF for some tests ...

Did you uninstall the mod or just hard delete some of its artifacts?   If you went down the 'uninstall' route it looks like you may have ignored some warnings issued.
I've uninstalled a mod via admin panel with an error in Subs-Members.php, then I've clean up manually, following the manual for the mod. Still...
"The ability to speak does not make you intelligent."
- Qui-Gon Jinn

butchs

I always add the install sequence number to a mod when I install it so I can uninstall in order.

The error you are having is not related to a problem in the mod.  It is the manual clean-up.  Maybe you can recover your directory from a back-up.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Andres08

Hello,

On my forum your mod can´t pass through due to template fails in instalation. I using 2.0.17 version.

Amdres

butchs

The mod is made for the default theme.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Andres08

Quote from: Kindred on March 24, 2020, 06:03:18 PM
Andres08

https://wiki.simplemachines.org/smf/Error_in_mod_installation

Thank you Kindred.  I installed that Firewall, but have other dificulties regarding my forum, so it will go down I think.   
Andres

[email protected]

I am getting an error in the SMF logs.

: Trying to access array offset on value of type bool
/var/www/weatheryyc.com/smf/Sources/ForumFirewall.php
Line: 159

Can  anyone tell me how to fix it?

Kindred

I suspect that this mod would require some fairly major updates to be compatible with 2.0.18 and php 7.x
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

[email protected]

I agree. I wish t he author would update it.

Advertisement: