Advertisement:

Author Topic: Forum Firewall  (Read 313281 times)

Offline Joazo

  • Jr. Member
  • **
  • Posts: 159
Re: Forum Firewall
« Reply #100 on: January 24, 2011, 05:54:07 PM »
Ok thanks butchs, because of you I fixed it :). What caused the problem was the "Enable Bypass Protection".

I got some questions if you got time to answer please:
1. Where can I see the logs of the forum firewall?
2. How can I test the forum firewall is really working (please a easy & fast way)
3. I have written : "SECURITY RISK: MAGIC_QUOTES ARE ON!". what should I do?

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #101 on: January 24, 2011, 06:02:38 PM »
Here you go:

1.  Admin/Forum Firewall/Visitors -  This shows the log.  Use it before turning on block.
2.  If you have data in the visitor log it is working.
3.  As your host if they can turn off magic quotes.  Do not tell them why because they can get weird.  But SMF does not require it.  Ir if you have access edit your php.ini.
 8)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline Joazo

  • Jr. Member
  • **
  • Posts: 159
Re: Forum Firewall
« Reply #102 on: January 24, 2011, 06:22:43 PM »
I asked my host to turn off MAGIC_QUOTES. Let's see their answer.

Btw How can I clean the visitors logs?

Also do you have any more suggestions on how to protect my forum?


Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #103 on: January 24, 2011, 07:16:25 PM »
The log cleans it's self every week.  If you are using RC4 you can go to Scheduled Tasks/ Auto Delete Old Firewall Visitor Log Entries to adjust it.

Give it time.  You should see less visits as time progresses and you are removed from lists.
 ;)

Check out the 1st post for more info about protection.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline Joazo

  • Jr. Member
  • **
  • Posts: 159
Re: Forum Firewall
« Reply #104 on: January 25, 2011, 12:57:34 AM »
Ok thanks a lot butchs.

Btw I looked my visitors logs and found this: http://img600.imageshack.us/img600/7482/dosattack.jpg

What should I do?
 Is it blocked automatic?
Is it a real dos attack?

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #105 on: January 25, 2011, 06:34:14 AM »
Yes but it is more like a caputa brute force access attempt.  They are banned the duration you set in the "Longterm Ban".  Since their ip changes all the time it is a waste of time to ban them more than a day. 1 hr is good for most.
« Last Edit: January 25, 2011, 06:38:50 AM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline qtime

  • Full Member
  • ***
  • Posts: 501
Re: Forum Firewall
« Reply #106 on: January 25, 2011, 12:51:07 PM »
What is the advantage above using a system firewall like Security & Firewall - csf v5.15

I am using Security & Firewall - csf v5.15
mod security
ossim
snort

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #107 on: January 25, 2011, 01:24:26 PM »
This does not replace any other firewall software and should only be used in conjunction with other measures.  Not sure what the advantages or disadvantages are; honestly, I do not plan to research either.

This mod is designed for SMF and hopefully will catch the issues that will otherwise cause SMF not to work if tested outside of SMF.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline qtime

  • Full Member
  • ***
  • Posts: 501
Re: Forum Firewall
« Reply #108 on: January 25, 2011, 01:27:19 PM »
ok thanks for fast reply, I like to advice the use of Security & Firewall - csf v5.15, it's easy to configure using webmin for example, and it's blocking a lot of bad guys or maybe the girls as well.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #109 on: January 25, 2011, 01:33:29 PM »
Excellent!  I forgot, my host uses CSF Firewall as a front end to the ForumFirewall mod.  it does do a great job. and reduces the work required by FF.  They swear by it.
 :)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline THE BRA1N

  • Jr. Member
  • **
  • Posts: 133
  • Gender: Male
    • The Third Rail Forum
Re: Forum Firewall
« Reply #110 on: January 25, 2011, 02:54:47 PM »
A couple of members have gotten autobanned by the DOS protection (they weren't trying to DOS). How can I adjust the settings to make it less sensitive than the default? In other words, how do i make it so that a higher threshold must be met before the DOS attack ban kicks in?

Edit - btw, both members had the Forum Firewall Whitelist Group permission enabled and they still were banned.
« Last Edit: January 25, 2011, 02:58:40 PM by THE BRA1N »

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #111 on: January 25, 2011, 03:03:55 PM »
What version of SMF?  Were they banned when not logged in?

You can whitelist the members group. In RC4 got to:  "Admin/Members/Manage Permissions: Forum Firewall Whitelist Group" to do so.

Or
Adjust the "Trigger" by increasing it.  Less likely, the "Cache Duration" made some tuning.  Click on the help icons "?" in the mod for instructions.

Or
Shorten or set the "Longterm Ban"to "Never" until you figure out what is going on.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline JoeB

  • Jr. Member
  • **
  • Posts: 220
Re: Forum Firewall
« Reply #112 on: January 25, 2011, 06:41:19 PM »
Great mod
 Installed fine on SMF 2.0 RC4

How to fix this?
SECURITY RISK: MAGIC_QUOTES ARE ON!

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #113 on: January 25, 2011, 06:45:53 PM »
How to fix this?
SECURITY RISK: MAGIC_QUOTES ARE ON!

See post # 112 in this thread. ;)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline busterone

  • SMF Hero
  • ******
  • Posts: 2,136
  • Gender: Male
  • Devil Dog
    • The Demon's Den
Re: Forum Firewall
« Reply #114 on: January 25, 2011, 09:03:25 PM »
I just discovered that the firewall logs will not delete. I went to scheduled tasks and attempted it twice. Both times, the message was task completed, but when I looked at the log, all entries were still there.  I thought it might be something on my site since it was upgraded several times, so I tried it on my test forum, and got same result. Both are RC4. The test forum is a clean install with just Firewall mod, Stop Spammer and httpBL installed., no members, just me.  :)

No biggie, I just truncated the table in database for my main site to get same result.  I just posted it in the event anyone else has same issue. I am still unsure if it is just my forums or the mod. 

Offline Joazo

  • Jr. Member
  • **
  • Posts: 159
Re: Forum Firewall
« Reply #115 on: January 26, 2011, 02:49:08 AM »
Btw,
You wrote that there are 6 things you need:
1. Proxy Firewall.
2. Htaccess protection such as blocking nasty ip addresses, CrawlProtect and GeoIP.
3. Forum Firewall (this mod).
4. Bad Behavior mod.
5. Project Honeypot.
6. Stop Spammer.

How do I get Proxy Firewall, is this a mod?
How do I get Htaccess protection such as blocking nasty ip addresses, CrawlProtect and GeoIP?
How do I get Project Honeypot?

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #116 on: January 26, 2011, 06:55:44 AM »
I just discovered that the firewall logs will not delete. I went to scheduled tasks and attempted it twice. Both times, the message was task completed, but when I looked at the log, all entries were still there.  I thought it might be something on my site since it was upgraded several times, so I tried it on my test forum, and got same result. Both are RC4. The test forum is a clean install with just Firewall mod, Stop Spammer and httpBL installed., no members, just me.  :)

Yes the auto purge deletes log entries greater than 7 days old.  Maybe I will add a purge button in a future version.


EDIT:  You can always uninstall the mod and check the database items then reinstall for a complete purge?
« Last Edit: January 26, 2011, 07:08:48 AM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #117 on: January 26, 2011, 07:01:34 AM »
1) How do I get Proxy Firewall, is this a mod?
2) How do I get Htaccess protection such as blocking nasty ip addresses, CrawlProtect and GeoIP?
3) How do I get Project Honeypot?

1)  See reply 129 in this thread.  Your host may have it installed already.
2)  Search this site I posted a how to a while back on CrawlProtect.  GeoIP may be installed by your host.
3)  That is a mod called httpbl in the mod section.  As are the others.
 :D
« Last Edit: January 26, 2011, 07:11:31 AM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline JoeB

  • Jr. Member
  • **
  • Posts: 220
Re: Forum Firewall
« Reply #118 on: January 26, 2011, 07:53:53 AM »
As an admin, Now I can not log in the forum :

HTTP Error 403 Forbidden You don't have permission to access
/forums/index.php?action=login on this server.
Your computer may be infected with a virus or a trojan. The Firewall has determined that you: Invalid ip!
If you get this message in error, please contact the ADM1N and provide the date and time of this message.


Please advice. Only can use FTP to change any file

I stopped two commands by downloding index.php by ftp

//      'forumfirewall' => array('ForumFirewall.php', 'forumfirewall'),

   // start ForumFirewall
//   if (isset($modSettings['forumfirewall_enable']) && !empty($modSettings['forumfirewall_enable']) && $modSettings['forumfirewall_enable']) {
//      require_once($sourcedir . '/ForumFirewall.php'); }
   // end ForumFirewall
« Last Edit: January 26, 2011, 08:12:14 AM by JoeB »

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #119 on: January 26, 2011, 08:40:04 AM »
You should not turn on banned until you are sure that you are not going to ban yourself.

I will send you a pm.

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.