Forum Firewall

Started by butchs, January 15, 2011, 11:00:37 AM

Previous topic - Next topic

butchs

This is so safe it is absurd!  You set-up your robots files as per the link.  Go to google, yahoo and bing's webmaster pages and test the robots file to make sure all the good bots obey.  Then turn on the Validation then all those sneaky bots who have been pretending to be someone else, ripping through your site doing sucking up bandwidth, trying to log in and etc will get blocked and go elsewhere.  You will be left with just the good bots.
O:)

When I tested this feature.  I had a few thousand google, bing and yahoo blocks in one day.  A constant hum of 20,000 bits per second 24 hours per day was gone!  I went to the webmasters site and they recoded no blocks.  Proving that the mod removed just the weeds.
8)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

#521
I use PortaMx SEF (like Pretty URLs), and have already modified my robots.txt file to reflect that. So will the following also work in the Firewall's "Robots.txt action's" space? I don't have any "actions" in my URL anymore, except for action=admin.

/attachments/|/avatars/|/avt/|/cache/|/editor_uploads/|/fckeditor/|/Packages/|/Smileys/|/Sources/|/Themes/|/videos/|/activate/|/arcade/|/calendar/|/collapse/|/credits/|/help/|action=admin

Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

Mp As per the build in help "?":

Action array values must be entered in the format of "XX|YY" where XX and YY are the Entity. ie "action=activate|action=admin".

It will not test directory searches.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

Quote from: butchs on August 06, 2011, 11:17:02 AM
Mp As per the build in help "?":

Huh?

Quote from: butchs on August 06, 2011, 11:17:02 AM
Action array values must be entered in the format of "XX|YY" where XX and YY are the Entity. ie "action=activate|action=admin".

It will not test directory searches.

Will you support directories in a future release?
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

The mod has built in help.  Click on the icon.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

Quote from: butchs on August 06, 2011, 02:00:35 PM
The mod has built in help.  Click on the icon.

I know that, but like I said, my forum doesn't have "actions" anymore. So, could you maybe include directories as well as actions, and implement it in a future release? Or, is there some code I can change?
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

#526
Sorry...  I have no plans for directories.  My opinion is it is not needed.  The requested test will just cause me hours of wasted time with no benefits.

FYI - Every release of SMF has the action array.  Look at index.php!   :-\
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Alex' Manson

Quote from: MiY4Gi on August 05, 2011, 05:12:09 PM
What does the setting "Robots.txt action's" do?

What I want is to block any bots/crawlers that disobey my robots.txt file. Does this setting do that?

Also, is it possible to add an option in the firewall to block any users that browse too quickly or use excessive traffic in a short time?
yes the bot will block any bot (except the one's in the whitelist) that will not follow your robots.txt.
and users that browse too quickly are also banned because of "DDOS" attacking.

MiY4Gi

#528
Quote from: butchs on August 06, 2011, 09:45:45 PM
Sorry...  I have no plans for directories.  My opinion is it is not needed.  The requested test will just cause me hours of wasted time with no benefits.

I see. I guess one thing I could do is to change some of the SEF URL's back to the standard actions, then block them using robots.txt. Blocking action=help and action=search might be all that's needed since their URL's appear in every pages header, so most bots would probably crawl them.

Are there any other mods that prevent spoofing?

Quote from: butchs on August 06, 2011, 09:45:45 PM
FYI - Every release of SMF has the action array.  Look at index.php!   :-\

Yes, but what I meant was that my URL's don't have "action" in them anymore. All my webpages look like directories now (eg. http://simplemachines.org/1/forum-firewall/ Versus http://www.simplemachines.org/community/index.php?action=post;msg=3129239;topic=417490.520)

Alright, so I blocked myself yesterday by entering my admin password wrong, and well, I also logged out and refreshed my admin page which probably also contributed to the block. Now I already disabled the Firewall using phpMyAdmin, so I got website access, but how do I remove the block from the firewall?

Edit: I think I unblocked myself. What I did was change the ban duration to Never, then saved, then reloaded the page, then changed it back to Permanent, then enabled Testing, and I still have website access. I guess it worked then.
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

#529
Quote from: MiY4Gi on August 07, 2011, 08:12:13 AM
Are there any other mods that prevent spoofing?

Though not 100% effective, Bad Behavior (BB) has some basic tests for good bots.  With Search Engine DNS enabled it can catch some of the more tricky ones (Some servers such as Ubuntu 10.04 will not work.  It works fine with many other servers such as my host).  With Search Engine DNS disabled BB will go through an ip range test for good bot spoofing.  Like I said before if the spoof is well done it will still pass the both BB tests.

Quote from: MiY4Gi on August 07, 2011, 08:12:13 AM
Yes, but what I meant was that my URL's don't have "action" in them anymore. All my webpages look like directories now (eg. http://simplemachines.org/1/forum-firewall/ Versus http://www.simplemachines.org/community/index.php?action=post;msg=3129239;topic=417490.520)

Readers please note that we are not supporting the default SMF installation and these questions are not what you should expect to see at your site since they are for a modified site.

Unless you rewrite SMF, I would still believe if you type action=search you will still search.  I see no reason not to have them all in your robots... as the bad bots will still try to access action='s.

Quote from: MiY4Gi on August 07, 2011, 08:12:13 AM
Alright, so I blocked myself yesterday by entering my admin password wrong, and well, I also logged out and refreshed my admin page which probably also contributed to the block. Now I already disabled the Firewall using phpMyAdmin, so I got website access, but how do I remove the block from the firewall?
... 
Edit: I think I unblocked myself. What I did was change the ban duration to Never, then saved, then reloaded the page, then changed it back to Permanent, then enabled Testing, and I still have website access. I guess it worked then

What you did will not work.  You can not ban your self with this mod if you are the admin.  The only way for the admin to get blocked by the mod is with incorrect settings in bypass protection.  Your bypass protection may be incorrect.  Check out the bypass protection post.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

I've disabled IP validation, since I may need to login to my admin account from elsewhere.

And yes, I DID ban myself. I logged out since I wanted to see what guests would see, but I didn't close the tab at the admin URL. Then while logged out, I refreshed my admin tab, which probably triggered my firewall, but it didn't block me yet, then when the admin section prompted me to enter my password, I entered it incorrectly, then the firewall blocked me.

You say that what I did won't remove my IP from the block list, but then why do I have access to my website again, even with the firewall enabled?
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

Quote from: butchs on August 07, 2011, 11:53:35 AM
Luck???   :o

:D

Let's be serious now. Say now I do block myself, then how do I unblock myself?
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

Sigh.  ???   If you made an error read this post to correct access.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

Okay, when I do that, does the Firewall reset itself and delete any IP's that were blocked?
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

Turning off the mod does not remove any settings.  Another way to turn off the mod is by uninstalling and reinstalling it in package manager.  If done, all settings will remain except the mod will be turned off.

The mod only blocks addresses for a short time as specified by the cache settings.  If the cache setting is set to zero it blocks per click.

The mod does not ban any ip's.  It sends all banned ip's to SMF.  All banned ip's are handled via SMF.

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

Quote from: butchs on August 07, 2011, 12:48:39 PM
Turning off the mod does not remove any settings.  Another way to turn off the mod is by uninstalling and reinstalling it in package manager.  If done, all settings will remain except the mod will be turned off.

The mod only blocks addresses for a short time as specified by the cache settings.  If the cache setting is set to zero it blocks per click.

The mod does not ban any ip's.  It sends all banned ip's to SMF.  All banned ip's are handled via SMF.

I see. So what happens when I set the Longterm Ban to Permanent, and I get myself banned? Does SMF remember my Ban?
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

#537
BANNING INFO

The mod is designed to protect you from banning yourself.  But it can only be idiot proof to a point.  :laugh:  You can get banned by the mod if you are not logged in as the admin.

The mod sends the ban information to SMF's built in banning system.  So you will have to edit "smf_ban_groups" and/ or "smf_ban_items" via phpmyadmin.  Questions on how to use and/ or modify SMF's banning system is outside of the scope of this support topic.   :-X

I do not recommend setting "Ban to Permanent".  Either 1 or 24 hours is all you need.  Anymore will be a waste of database space.
8)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

#538
Quote from: butchs on August 07, 2011, 01:51:03 PM
I do not recommend setting "Ban to Permanent".  Either 1 or 24 hours is all you need.  Anymore will be a waste of database space.
8)

Thanks, I didn't realize that. I changed it now to 24 hours.

What does this mean:

_____________________

466   

41.177.21.151   

2011-08-07 22:34:34   

GET /Themes/Ambassador_20/images/theme/frame_repeat.png HTTP/1.1 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.18 Safari/535.1 http://theanimeclub.co.za/

Hack: Themes/!

_____________________

467   

41.177.21.151   

2011-08-07 22:34:37   

GET /31/icon-2011/msg68/ HTTP/1.1 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.18 Safari/535.1 http://theanimeclub.co.za/   

Hack: Repeated!
______________________

I keeps producing infractions when I browse as a guest.
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

#539
Oh geese, I forgot...   :o  My bad! :-[  I have some major directories in the "injection list".  :-*

The first block is when visitor tried to download, directly copy or edit a file that was contained in your "theme" directory.  The second block is the cache.  Once blocked the visitor will continue to be blocked no matter what they do, until the cache (recommended min 20 seconds) expires.  This feature is meant to slow down fast bots.
:)

If your site is just directories you need to delete them form the "injection list".  The mod was created for default SMF urls.  Your weird urls you are using are custom and will require you to make edits to the default FF settings.  It is my opinion they will reduce your security.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Advertisement: