Forum Firewall

RickDen · July 20, 2012, 09:10:40 AM

I'm using SMF 2.0.2 and the Dirt3 Theme.

NanoSector · July 20, 2012, 10:50:52 AM

Can you attach said file in your next post?

RickDen · July 20, 2012, 04:20:27 PM

There ya go... and it was applied through adding a package through the SMF admin panel.

I installed the mod initially and everythign went smoothly. But over the next few days, while running in test mode I was seeing a lot of errors show up in my logs, so through the acp, I uninstalled it. That crashed my system completely. Completely. So I restored from backup of the /forum folder from my local hard drive via FTP. That corrected the crisis.

But then, when I tried to go into the scheduled tasks, that is the error I get. Yers, I have tried to re-install (one time) to see if I could correct it, and I've probably done more hard than good.

SMF 2.0.2
Dirt 3 theme
Auto installed
Auto Un-installed

butchs · July 20, 2012, 08:01:11 PM

Your problem is due to human error.

According to that file you uploaded, you performed a double installation of the mod. This can happen with any SMF mod. I removed the second installation from the attached file. If you uninstalled the mod then you need to remove the code at the end between "// ForumFirewall Start" and "// ForumFirewall End".

If you uninstalled the mod then you will need to manually review your code and remove the duplicates. One trick is to leave all the code then, copy the zipped mod to your package directory and uninstall the mod a second time using package manager.

All the above is not part of this support topic. It is better dealt with SMF support as this is really human error, not a issue with this mod.

RickDen · July 20, 2012, 08:07:54 PM

I greatly appreciate your assistance. I figured it was something I had done but had no clue as to what seeing how when I installed everything fell apart. But then I'm mechanically inclined.... I can screw anything up.

Thanks again.

butchs · July 23, 2012, 08:47:12 PM

Thank you for asking the question and not shooting first... Users like you are the reason I share some of my code...

MiY4Gi · July 25, 2012, 08:35:21 AM

I dunno. That "duplicate installation" thing happened with one of the other mods on my forum. It's specifically a mod that I'm busy troubleshooting. The un-installer pretended to uninstall a mod, but it didn't undo all of the changes it made to the files, even though no un-installation problems were reported by the installer. So when I reinstalled the mod, some files ended up with duplicate code. I don't believe it was a mistake on my part.

In any case, this could be human error, but it could also be a problem with the SMF installer itself, or the mod package. It could even be cosmic radiation that confused your computer, no ******. However, who or what's to blame isn't really important here, unless the problem occurs frequently enough to warrant special attention.

Texan78 · August 07, 2012, 12:04:12 AM

Quote from: butchs on May 29, 2012, 07:58:40 PM
To change the crawl rate:

1. On the Webmaster Tools Home page, click the site you want.
2. Under Configuration, click Settings.
3. In the Crawl rate section, select the option you want.

The new crawl rate will be valid for 90 days.

I am revisiting this to make sure I have everything set correctly in all my mods for the launch. The only question I have is in my robots.txt the crawl rate is set to 10, but in Webmaster Tools the highest you can set it is 2.

So should I set it to 2 and then change it to 2 in the robots.txt? I believe I read the recommended setting was 10 but that can't be achieved in the webmaster tools so please correct me if I am wrong.

-Thanks

KRISHNA0007 · August 07, 2012, 03:25:45 PM

thanks for this extra layer security for my forum

butchs · August 07, 2012, 09:27:26 PM

The setting on the mod is the "Trigger (#/sec) ". So if your have Google set to 2. It can hit you're site every 2 seconds. The mod counts the hits in your cache. So if you have your cache set to 20, Google can hit you 10 times. That will give Google a minimum Trigger of 10/20 = 0.5.

Google ignores robots.tst. So your setting there does not matter. In 20 seconds the bot will visit you 2 times. A minimum Trigger of 2/20 = 0.1.

If you have a crawl rate of .7, a bot will need to hit you 20 x .7 - 14 times to get blocked. This Trigger is a good starting point. I do not recommend going below it.

Set it to what you want. I suggest:
robots.tst 10
Google 2
Trigger .7

If you uninstall the mod and reinstall it, the mod will try to read your robots.tst file. Or just make your changes manually...

make sure you test before going live and start blocking.

emwe · August 14, 2012, 10:47:12 AM

Hello,

I have installed that mod on SMF 2.0.2 a few days ago and so far it looks good. Great work. Thank you for doing that.

But I have some little problems

1. Server Ports
I want to have the server available on ports 80 and 443. When I add 80|443 into the server port field I see warnings for both ports in the firewall (Invalid Port Access: 443! or Invalid Port Access: 80!). As long as I add only one port I get the warning only for the other port.
2. I get a lot of entries like this: Hack: %3d!
Header: GET /index.php?action=helpadmin%3Bhelp%3Dforumfirewall_good_ua HTTP/1.1 facebookexternalhit/1.1 (+hxxp:www.facebook.com/externalhit_uatext.php [nonactive])
I assume this is because there is a %3d in the SQL Injection rules.
However that URL is generated by another mod Social Buttons http://custom.simplemachines.org/mods/index.php?mod=3354.
Adding that useragent to the ua whitelist did not help. This is still logged.
Question: What do I risk if I remove %3d from the SQL Injection Rules?

butchs · August 14, 2012, 09:25:40 PM

Quote from: emwe on August 14, 2012, 10:47:12 AM
1. Server Ports
I want to have the server available on ports 80 and 443. When I add 80|443 into the server port field I see warnings for both ports in the firewall (Invalid Port Access: 443! or Invalid Port Access: 80!). As long as I add only one port I get the warning only for the other port.

Oh, I will look at that this weekend. Could be an error in the code.

Quote from: emwe on August 14, 2012, 10:47:12 AM
2. I get a lot of entries like this: Hack: %3d!
Header: GET /index.php?action=helpadmin%3Bhelp%3Dforumfirewall_good_ua HTTP/1.1 facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
I assume this is because there is a %3d in the SQL Injection rules.
However that URL is generated by another mod Social Buttons

If you use that mod you will need to remove "|%3d" from the SQL Injection rules.

In Hexadecimal %3d represents a '='. Could be used against you. But you have other protection measures. Not sure if it is a big deal... The again, you could change it from "%3d" to "&#61" which is a more preferred sanitization.

Texan78 · August 14, 2012, 10:35:19 PM

Quote from: butchs on August 07, 2012, 09:27:26 PM
The setting on the mod is the "Trigger (#/sec) ". So if your have Google set to 2. It can hit you're site every 2 seconds. The mod counts the hits in your cache. So if you have your cache set to 20, Google can hit you 10 times. That will give Google a minimum Trigger of 10/20 = 0.5.

Google ignores robots.tst. So your setting there does not matter. In 20 seconds the bot will visit you 2 times. A minimum Trigger of 2/20 = 0.1.

If you have a crawl rate of .7, a bot will need to hit you 20 x .7 - 14 times to get blocked. This Trigger is a good starting point. I do not recommend going below it.

Set it to what you want. I suggest:
robots.tst 10
Google 2
Trigger .7

If you uninstall the mod and reinstall it, the mod will try to read your robots.tst file. Or just make your changes manually...

make sure you test before going live and start blocking.

Thank you for your help Butchs, I have used your suggestion and everything seems to be functioning smoothly. Now I can just tweak as needed as the forum grows should issues arise.

-Thanks!

butchs · September 02, 2012, 01:49:18 PM

Quote from: butchs on August 14, 2012, 09:25:40 PM
Quote from: emwe on August 14, 2012, 10:47:12 AM
1. Server Ports
I want to have the server available on ports 80 and 443. When I add 80|443 into the server port field I see warnings for both ports in the firewall (Invalid Port Access: 443! or Invalid Port Access: 80!). As long as I add only one port I get the warning only for the other port.

Oh, I will look at that this weekend. Could be an error in the code.

Can you try this fix. Search ForumFirewall.php

Code Select

foreach ($good_port as $good_ports) {
			$pos = strpos($forumfirewall_port, $good_ports);
			if ($pos === false) {
				//  Good port is not being used so block
				$forumfirewall_data['sql_reason'] = $forumfirewall_port;
				$result[0] = '11';
				unset($good_port, $good_ports);
				forumfirewall_block($forumfirewall_data, $result);
				return;
		}	}

replace with:

Code Select

$ffports_validated = false;
		foreach ($good_port as $good_ports) {
			$pos = strpos($forumfirewall_port, $good_ports);
			if ($pos !== false) {
				//  Good port is detected
				$ffports_validated = true;
		}	}
		if ($ffports_validated === false) {
				//  Good port is not being used so block
				$forumfirewall_data['sql_reason'] = $forumfirewall_port;
				$result[0] = '11';
				unset($good_port, $good_ports);
				unset($ffports_validated);
				forumfirewall_block($forumfirewall_data, $result);
				return;
		}
	unset($ffports_validated);

tMicky · September 07, 2012, 04:50:34 PM

For some reason, this Firewall Mod and the Bad Behavior Mod - have an issue with:
./Themes/Glacier/index.template.php - for both mods, I got Test Failed.

I haven't had issues with other mods and this Theme.

Kindred · September 07, 2012, 06:08:03 PM

as I said in the other thread... Glacier themes are horrible. almost no mod will install automatically into them, so get used to doing manual installations.

(and please try using search and/or the wiki?)
http://wiki.simplemachines.org/smf/Error_in_mod_installation

butchs · September 07, 2012, 09:06:49 PM

You should try the mod parser at SMF Helper.

Kindred · September 07, 2012, 09:10:35 PM

the mod site itself has a mod parser built in and accessible form each mod's download page.

Bigguy · September 07, 2012, 09:23:09 PM

Kindred is right but I gotta say thanks for postin the link Butchs.

gwc16 · September 21, 2012, 07:43:43 PM

I installed this mod on SMF 2.0.2 and now I get this message on top of the forum pages.

"// ForumFirewall Start $txt['permissionname_forumfirewall_goodgroup'] = 'Forum Firewall Whitelist Group'; $txt['permissionhelp_forumfirewall_goodgroup'] = 'This option will make a member group exempt from the Forum Firewall bandwidth check. This group will not to be tested for Forum Firewall DOS attempts.'; // ForumFirewall End ".

I think this was caused by another so called "tested" mod install aftewards so I unistalled it and still got the above message on the forum pages at the top.

I next uninstalled Forum Firewall and still got the message. So I uninstalled all mods and I still get this message.

I then restored my backup db I made before any installs and the message is still there.

Does anyone know which file or files I need to edit to remove this message from my forums?

Thanks,

Gary

News:

Forum Firewall