Forum Firewall

[NanoSector]

yoshi... you must not have readthe previous post...

nb1.  After some search,  it seems that "get2by2host_copyright()" comes from Twitter @anywhere.
  I removed it (the code from "global headers and footers while ago", but seems that code remained in template. Can it be that, mean if I remove it from template, then it will be a smooth inst ?

it was added by the twitter mod, which he removed...   but apparently the mod did not completely uninstall.
he's fine.

Heh, sorry, I need glasses

[teos55]

Thanks for the translation :-)

[Angelina Belle]

My bad.  Sorry.

[NanoSector]

My bad.  Sorry.

Meh, I should have readed the whole conversation first

But this is getting OT.

[butchs]

Thanks for the translation :-)

Oooo...  What language??

[teos55]

Recently installed FF tom my SMF 1.1.13

    It's been running in test mode for almost 7 days, 8 pages of log up to now mainly keep-alives and and I received following msg for one my members:
----------------------------------------------------------------------------------------
233   46.2.207.167   2011-05-06 18:21:10   GET /index.php?action=dlattach;topic=713.0;attach=7941;image HTTP/1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 http://mysite/index.php?topic=713.msg4716   DOS Attack!
--------------------------------------------------------------------------------------------

IP adr 46.2.207.167 is for one of my members. Can it be virus on his machine ? I dont think he is digging around
(hopefully not)

[butchs]

Could be antivirus software...  I would not worry about it unless it happens too much.  If it does and he is not doing anything bad add him to the "Forum Firewall Whitelist Group" in Manage Permissions/General Permission" settings.

I added the Whitelist because my site has a member who accessed the site from work where he had a boat load of antivirus software.  Every day he will get banned for a DOS attack.  This option prevented that.

[teos55]

Thanks Butchs. I'll try your recommendation.

[teos55]

  After running in test mode for a reasonable time, now I turrned "block violations" on.  Some members
blocked with reason being dos attack.

"88.246.126.246   2011-05-12 22:23:28   GET /index.php?action=dlattach;topic=687t.0;attach=8182 HTTP/1.1 Opera/9.80 (Windows NT 5.1; U; tr) Presto/2.2.15 Version/10.00 http://karavanturk.org/index.php   DOS Attack!"

  He ran antivirus software to clear up his pc, logged in after several hours then he is banned again  :-)

Any recommendation. I didnt see the whitelist in manage permission. I'm running smf 1.1.13 can this be the reason ?. I put his user name on the settings page of FF  in stead, for the time being and wathcing ...

[butchs]

Forum Firewall Whitelist Group is an option in SMF 1.1.x to prevent being blocked by DOS attacks, look at:

Admin/PERMISSIONS BY MEMBERGROUP/"select the group you want"/Forum Firewall Whitelist Group

[teos55]

     Found the option, I looked through main options rather then inside the membergroups, sorry.
Thanks ..

  Any other recommendation to set ?  like:
  ports, sql injection, cross site scripting , http header attacks . 

  Is it time to enable also these options ? Any consequences like heavy cpu usage, performance degradation and such ? Not too much members though around 100 .
 

[teos55]

SMF 1.1.13  default theme  FF V1.0.10

  Transfered the site to another provider. Everything modified according to the new site,
one setting remaining, which is: Admin Domain name .

existing one in the format of  :   dsl88-246-56299.xxxxx.net.tr

Looking through the whois database, I couldn't find the proper field to enter.

Any guidance ?

[butchs]

This mod runs on minimal memory and CPU usage.  It is recommended to operate it in  logging mode for the first few days.

existing one in the format of  :   dsl88-246-56299.xxxxx.net.tr

If you clicked on the "?" the help would have explained that you use "xxxxx.net.tr".

[teos55]

  SMF 1.1.3  default theme Forum Firewall 1.0.10

  Some thing strange happening. I appiled the steps mentioned in : http://www.simplemachines.org/community/index.php?topic=434341.0

Then installed every before existing Mods one by one.  Forum Firewall implemented sucessfuly. I have it in
my admin menu, enabled, running, no errors in the error log.

After sometime ....
When when I look  admin > packages > installed packages , I didnt see Forum Firewall in the list.

- Then I checked /packages directory it was not in directory so I ftp'd previously downloaded forumfirewall zip
file from my computer to the /packages directory.  Up to now it's ok. When I do admin > packages > installed packages . it's there as installed.

- Planned to uninstall Forum Firewall ( since I want to change apply sequence of Mods , in order to apply
some new mods, which gives errors in php files, during applying)

  Now I get :

"Unable to find package file!" 

When I check the /packages dir, I see the timestamp is different then the others . Can this be the reason, or any other thing I made wrongly ? Any DB mismatch to check ?

nb. repair.settings.php  didnot solve the issue.


In order to test if my package manager has corrupted some way, I tested with installing 2 additional
packages. ( New topic in seperate color, Package Manager sort 1.0)

  All installed and functions properly.

  Right after that trying to uninstall Forum Firewall fails with : "Unable to find package file!"  again.

  Checked DB entries, there is only one entry : package_make_backups : 1 (enabled) that is all.

Where to look

Help please ...

[Masterd]

There's a BOM in Spanish Es UTF-8.

[teos55]

 This is not the case, since I used file_check.php a few days ago,  corrected all BOM errors in my system.

[żεχเ๏ภ]

Hi all. Just upgraded from ForumFirewall 1.0.8 to 1.0.10 on SMF 1.1.xx...

I'm getting alot of this error on my homepage and in error log to do with forumfirewall...

Code Select Expand

xxxxx Today at 19:08
xx.xx.xx.xx.xx   63fbc681fef3dedb8f2d4dd6a4cb5f94
http://mainmedia.me/forum/index.php?action=forumfirewall;sa=settings;sesc
2: exec() has been disabled for security reasons
File: /web/users/xxxxx/forum/Sources/ForumFirewall-Admin.php
Line: 32

Is this my host's fault? What exactly does "exec" do..? >_> Thanks for your time and help.

Note: I wasn't getting any errors on ForumFirewall 1.0.8 and earlier.

Jason

[teos55]

 In order to debug further, I need which firewall php is called upon "uninstall" is clicked next to Forum Firewall ,
on packager manager ?

[butchs]

Hi all. Just upgraded from ForumFirewall 1.0.8 to 1.0.10 on SMF 1.1.xx...

I'm getting alot of this error on my homepage and in error log to do with forumfirewall...
Is this my host's fault? What exactly does "exec" do..? >_> Thanks for your time and help.

There was an issue with some servers that lost or the users did not install the cache directory.  Exec was one method to check for its presence.  If the command is disabled on your server , the mod finds another way to check for the directory.

In conclusion, if you do not see any errors in the SMF error log you can ignore it.

[butchs]

In order to debug further, I need which firewall php is called upon "uninstall" is clicked next to Forum Firewall ,
on packager manager ?

Try uninstalling it using the advanced pane and simulate an older version of SMF.  Other than that this seems to be an SMF issue.