News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Forum Firewall

Started by butchs, January 15, 2011, 11:00:37 AM

Previous topic - Next topic

Glasso

#240
buchs,

Your mods are fantastic, thank you very much for making them available.

1. I have installed forum firewall and most blocks are with an invalid IP. The IP reported by FF is a phrase such as 'Keep-Alive', 'unknown' etc. and not exactly a number. How can I avoid this since I tried connecting from a Nokia phone and it is blocked?

Typical blocks with invalid IP are like:
GET /forum/ HTTP/1.0 Mozilla/4.0 (compatible; MSIE 5.5; Windows 95) http://<removed>/

Similar thing with Bad Behavior where a connection is blocked from Nokia - I will post it on the relevant thread.

2. When I enable SQL Injection, though '-' is in the list of allowed characters, URLs with that symbol get blocked. Any solution to this?

I am using SMF 2.0 RC5

Thanks.

Jesna

Thanks for a great mod

Im getting this error on my page

Fatal error: Call to undefined function ffcopyright() in /home/whsforum/public_html/forum/Themes/default/index.template.php on line 525

In the bottom where there should be; Protected by Forum firewall

My line 525 is this:
', theme_copyright(), FFCopyright(), '

Is there any there can see a problem here

It shows it correct when im in the admin/forum firewall

Im using smf 1.1.13 Danish language, so was thinking if its something to do with the danish part??

/Jakob

butchs

#242
Glasso I answered your question in the BB support thread.


Jesna I did not know there was a Danish translation?   :P  Try this:
Open "$themedir/index.template.php
      Search for "global $context, $settings, $options, $scripturl, $txt;

echo
"

Replace with "global $context, $settings, $options, $scripturl, $txt, $sourcedir;

require_once($sourcedir . '/ForumFirewall.php');

echo
"

EDIT:  YOU DO NO NEED TO DO THIS IF YOU ENABLE THE MOD.   I will fix it in a future version.

8)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

Quote from: Glasso on February 26, 2011, 02:14:56 PM
Butchs, if you don't mind taking a look at the Forum Firewall log with a bunch of 'keep-alive's in the IP field, please PM me your email id.

What happened in BB is not the same as FF.  BB does not look at the ip address field.  It checks the "Connection " where Keep-alive is supposed to reside.

Keep-alive's will not be allowed to pass the FF ip test in FF since they are not valid ip address.  I have seen many examples where 'keep-alive's in the IP field have been used in a site hack attack.  Allowing it to pass in FF will only be a vulnerability.

The attached file provides an example of a blocked ip address where FF stopped cold one of the many bots that have been hammering the register/login functions that so many people who do not use FF complain about.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Glasso

Oh I see, so this is fairly common error and wrong values get passed in the IP field intentionally or unintentionally.
Thanks for clarifying.

hartiberlin

Does it work together with SMF 2.0RC5 / PortaMX 1.0RC4 and PortaMX SEF
enabled ?

Many thanks.
Regards, Stefan.

Jesna

I have only enabled "Enable Testing". My log/visitors is clean. Is that because I havent enabled anything else yet? or will there first be something in the log when I enable "Block Violations" ?

/Jakob

butchs

Quote from: hartiberlin on February 27, 2011, 02:24:29 AM
Does it work together with SMF 2.0RC5 / PortaMX 1.0RC4 and PortaMX SEF
enabled ?

Not sure but, it works with SMF 2.0RC5 and SimplePortal.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

Quote from: Jesna on February 27, 2011, 06:03:45 AM
I have only enabled "Enable Testing". My log/visitors is clean. Is that because I havent enabled anything else yet? or will there first be something in the log when I enable "Block Violations" ?

You should at least check:
"Enable Testing", "Logging", "DOS Attack" and "Enable IP Validation"

Run it for a few days and make sure you will not ban your critical members or yourself then select "Block Violations" to block access.

The mod has built i n help click the "?" for more information.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

Update posted today.  Some of the fixes are:

1)  Copyright now showing correctly when mod is not enabled.
2)  Added 7 day auto trimming of the visitor log for SMF 1.1.x users when "Logging" is on.
3)  Minor improvements.

2.0RC2 users need not update unless they have errors in their log or wish to fix the copyright issue.

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MCK

Thanks for your continued time invested in this mod. If possible, could you include perhaps a check box to control whether or not the credits are shown? It would be up to the person to honor your licensing of course but this is not so much different than how it is now if only a little more manual & tedious.

Jesna


butchs

MCK sorry for all the updates.  I think I should be done debugging for a while now...   :o

Time to work on a new version and I will look into a better way to handle the licensing.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MCK

No worries. The updates are for our benefit so I appreciate your efforts and thank you. Will look forward to your next update. Regards

lovearat

I just found this awesome mod!! Thank you for all the work you did/do!!
<span style="font-size: 12px; color: red;">Do Not Pm Me For Support. Please use the appropriate board</span>

ppscslv

Hi! I have a big problem: after I installed Forum Firewall on 1.1.13 SMF after I login I can't acces the admin panel:

An Error Has Occurred!
Session verification failed. Please try logging out and back in again, and then try again.

Nor I can't post anything. How can I remove/disable the package? And yes, the violation rule was activated.

qtime

can you edit the files? If so, you can remove the code

busterone

look in your database for the table smf_settings or (whatever your prefix is)_settings  if you went with something besides the default db prefix.
change the value for forumfirewall_enable_block from 1 to 0
That will get you back in the forum.

butchs

Quote from: ppscslv on March 02, 2011, 05:29:28 PM
An Error Has Occurred!
Session verification failed. Please try logging out and back in again, and then try again.


That error is a SMF 1.1.13 bug issue and has nothing to do with this mod.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

An0nymousHelper

Hey! So i've been using the mod for a while now and love it, it's great! But i've noticed that there is a person i guess trying trying to attack my site, but for some reason it doesn't show there IP it shows "Keep-Alive" What does this mean? Here are two screen shots:





Thats just two of them and there are quite a few more. If anyone knows what this is it would be greatly appreciated if you could let me no! Thanks!

Advertisement: