News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Forum Firewall

Started by butchs, January 15, 2011, 11:00:37 AM

Previous topic - Next topic

butchs

#320
I decided to move it to the FF admin panel for the same reason.

Quote from: Arantor on March 29, 2011, 02:25:00 PM
No, the warning isn't there, it's in startup...

It is not in index.php and/ or Load.php in SMF 2RC5 as you say.  The problem with your supposed help "in this thread" is that it is confusing and sometimes riddled with misinformation.  If I wanted coding help, I would have posted in "SMF Coding Discussion".
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Xarcell

This mod seems awesome, and I can't wait for the next release.

butchs

The mod is working well.  So I am working on something to make another version worth while.  I have been testing a better way to handle the language files so that translations for the SMF 1.1.x version will be just like SMF 2.x version.  The fist translated language will be spanish.
8)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Bagheera

Not sure whats that all about but I thought you would like to see it.
The first image is the last two firewall logs.
But today I got in the forum logs errors from forumfirewall.php please look at the second image.
I am using the firewall 1.0.0 on SMF2 RC4.

Bagheera

Btw that is a spammer ip in the second image  :)

butchs

#325
The first image is being blocked because they %5b which is in the "Injection List".  This visitor is being bad.

Not sure what to make of the second visitor.  The error only says that "host" is not part of the referrer.  Odd...  I will try to stop it from happening in the next release.

Still a closer look at what this ip is doing may be in order.  CrawlTrack is a nice tool for that kind of stuff.

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

busterone

I get that same undefined error occasionally.  This is the line from forumfirewall.php that kicks it out once in a while, although I couldn't say why.
line 279- if($referer_parts['host'] != forumfirewall_get_env('HTTP_HOST')) {

I don't get it but a few times a day, so I have been deleting them and continue on.

Bagheera

Quote from: butchs on April 06, 2011, 08:48:26 PM
The first image is being blocked because they %5b which is in the "Injection List".  This visitor is being bad.

Not sure what to make of the second visitor.  The error only says that "host" is not part of the referrer.  Odd...  I will try to stop it from happening in the next release.

Still a closer look at what this ip is doing may be in order.  CrawlTrack is a nice tool for that kind of stuff.

Thank you for the info.
CrawlTrack looks like nice toll to have. I'll install it and see.  :D

butchs

Quote from: busterone on April 06, 2011, 09:09:16 PM
I get that same undefined error occasionally.  This is the line from forumfirewall.php that kicks it out once in a while, although I couldn't say why.
line 279-

I noticed that it could be handled better.  I will change how that part is handled in the next version (coming as soon as I have time to test it).
;)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

busterone

Cool. No problem with it as is until then.  :)

alexandervba

Hello. Ive installed this mod today on my forum, its been on for about 6 hours now and yet I have 264 PAGES of bad visitors. Forum has about 21k registered users.

Im hoping someone can tell me what the following "hacking attempts" mean, and maybe tell me what i can do best to protect myself against them?



Theres also so many options in the firewall, i enabled a lot of them, I dont know what most of them do to be honoust xP... But when I enabled block visitors, a load of my members community were having problems, mainly this error:

QuoteTheres a few topics that I get the error message but that's about it.

HTTP Error 403 Forbidden

You don't have permission to access

/forums/members-board/(foe)-~-spring-awards-2011-~-(foe)/ on this server.

Your computer may be infected with a virus or a trojan. The Firewall has determined that you: Hacking attempt has been blocked!

If you get this message in error, please contact the ADM1N and provide the date and time of this message.

I really want to be safe, because a few days ago someone managed to get ACP access on our forums by bruteforcing an admin, and it had real bad consequences, so if this firewall is actually good, and works good and you can proof it, u can expect a donation from me.

butchs

Read the about in the mod admin page for some more security ideas.

Though your blocks look like attacks you should set up your site for robots to prevent accidental blocks.  See reply 102.

Quote from: alexandervba on April 08, 2011, 07:05:32 PM
Theres also so many options in the firewall, i enabled a lot of them, I dont know what most of them do to be honoust xP... But when I enabled block visitors, a load of my members community were having problems, mainly this error

You should not enable blocking until you get this fixed.

If you see "HTTP Error 403 Forbidden" you should look at the "result" column in the visitors log.  The warning pages does not provide details but the "result" column in the visitor log does.  The first attack is the one you want to see.  Repeated attacks do not provide details because the mod is trying to save bandwidth and memory.  The result provides enough information for you to find out why they were blocked.

Changes are you have something set up incorrectly or need to adjust some attack codes.

Click the helps "?" in your settings page for details.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

New version today.  Undefined "host" error bug fix.  Defined cache folder better.  Improved language handling making translating much easier.  The mod now will automatically install Spanish if that is your language.  The read-me is in both Spanish and English.

Enjoy!  :o
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Xarcell

Quote from: butchs on April 08, 2011, 08:12:40 PM
New version today.  Undefined "host" error bug fix.  Defined cache folder better.  Improved language handling making translating much easier.  The mod now will automatically install Spanish if that is your language.  The read-me is in both Spanish and English.

Enjoy!  :o

Thanks!

butchs

I re downloaded the package today with some minor read me text corrections and broke out the Spanish read me.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Storman™

Note that in the new version 1.0.10 (for 2.0) the "Installation Readme" is showing as version 1.0.9

Minor error but shows up at install time.

Cheers for update  ;)

butchs

Ooops, the about should have the correct version.  :)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

alexandervba

Looking everywhere i can never find a result of any 'hacks' :s

Any idea why?

butchs

Look at the first occurrence in the visitor log under the result column.  Click on the numbers up top to move to older fields.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

#339
Quote from: DoctorMalboro on January 16, 2011, 09:19:22 AM
I mean if it does too many queries to the database... you know, some mods can be heavy and eat a lot of resources... that's what i'm asking.

I just noticed I never answered this question.

This is nothing but a rumor.

The mod does not use database queries to do the tests.  Instead it uses arrays that are stored in memory and checks the ip addresses via disk cache.  The cache can be turned on or off and automatically clears it's self.

The mod uses the cache to check repeat visitors to ban them before any tests are made and to limit the tests they get when they return during the cache duration.

Memory management and speed was a priority in creating this mod. This mod takes care to delete excess memory resources.  The code is designed with speed in mind.  Great effort has been put in speed. It is my opinion that "database queries" slow things down so I limited their use.

There are only three instances when database queries are used.  First when you are using the Whitelist.   Second when a bad visitor is found and logging is enabled.  The third is when auto-Banning is selected.  The mod WILL block visitors with logging disabled and blocking enabled.

So if you disable logging, Longterm Ban and do not use Whitelist there should be NO database queries and you still can BLOCK visitors.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Advertisement: