Forum Firewall

glennmckenna · April 14, 2013, 06:33:42 AM

has any one tested this on smf 2.0.4 may i ask ?

butchs · April 14, 2013, 09:33:21 AM

I am using it on 2.0.4.

MangosMadMax · May 15, 2013, 09:21:06 AM

Quote from: glennmckenna on April 14, 2013, 06:33:42 AM
has any one tested this on smf 2.0.4 may i ask ?

I'm running it on here - http://www.mangosbackupforum.com/

Adrek · June 03, 2013, 11:49:04 AM

Can I ban IP addresses from China with this mod? I have lately issue with DDoS attack from China (in April server used 10GB transfer, in May - 250GB...)

Kindred · June 03, 2013, 12:14:06 PM

you should stop those at the server level (using your host's ban utility or .htaccess)

frankfenderbender · June 24, 2013, 11:35:25 AM

I'm using the following on SMF 2.0.4
   ForumFirewall 1.1.5
   botsvsbrowsers_1.1
   Bad_Behavior_1.5.6
   StopSpammer_v2_3_9

I changed my server port list in the firewall from "80" to "80|443|3306" (as the "?" note shows in its example, and now I cannot access the page as the admin (or anyone else) at all, even after having a backup of 5 days previous restoration of the [domain]/forum directory completely replaced.
I get the following error:

   HTTP Error 403 Forbidden
   You don't have permission to access
   /forum/ on this server.
   Your computer may be infected with a virus or a trojan. The Firewall has determined that you: Bypass attempt!
   If you get this message in error, please contact the ADM1N and provide the date and time of this message.

I manually tweaked the MySQL setting in smf_settings for forumfirewall_enable from 1 to 0.
Now I get the following error:

   Connection Problems
   Sorry, SMF was unable to connect to the database.
   This may be caused by the server being busy.
   Please try again later.

Better, but where can I undo my change made to the ports list?
I need to do this so that I do not start letting in the likes of the 700 bypass attempts that tried to get in last week alone.

Thanks,
Chris
[email protected]
[email protected]

Kindred · June 24, 2013, 12:16:57 PM

you can not connect to the database, because, when you tweaked settings.php, you messed up the connection info (what did you use to edit settings.php?)

The reason a restore of files did not fix anything is because the firewall settings are stored in the database...

hustreamload · November 03, 2013, 01:52:32 AM

Hello,
as I see I'm not the first who marked the Block Violations after the install process, and then was banned from his own forum...ok, its already done. I reupped the last upgrade, so the modifications disappeared, i could login again. I wanted to uncheck the box "Block violations" (as I've read this topic here), reupped the firewall, but the smf "remembers", and when I activate the firewall, I am banned again.
Where can I set in SMF DB this Block Violations?
Thnx
HuStreamload

Kindred · November 03, 2013, 07:12:29 AM

ummmm..... did you try reading the first post, which has a series of FAQ links?

specifically, the first linkin the list: BLOCKED MYSELF.... linking to http://www.simplemachines.org/community/index.php?topic=417490.msg3139830#msg3139830

hustreamload · November 03, 2013, 09:23:43 AM

Hello Kindred, its another solution on the problem, if you are banned, how to login as admin again (I made it with reup the SMF, this FAQ recommends it through phpmyadmin). I checked in phpmyadmin, there is only one value to change, and it is 0, as recommended. And the firewall is switced off in that case. Bur I can manage this "Block Violations" value only through the installed firewall, and when I install it again, the login problem is returning (as I set it after the 1st installation of the firewall).
The question : how to set it through the file system or phpmyadmin?

Kindred · November 03, 2013, 11:10:47 AM

you don't need to UNINSTALL the mod...

Disable it (per the instructions) but leave it installed.

Then change the settings to allow yourself through
http://www.simplemachines.org/community/index.php?topic=417490.msg3092408;topicseen#msg3092408

then re-enable it...

butchs · November 03, 2013, 11:28:33 AM

Besides white-listing all your members. You should look at the forum firewall log for the reason you banned yourself. Then review all the mods settings and make adjustments. Click on the help "?" for instructions.

hustreamload · November 03, 2013, 11:36:33 AM

Thnx guys, the last: where to set the whitelisting. I understand how to make safe member's group, but then? Try it myself, of course, but if u are here :-)

JourdanDixon · December 08, 2013, 12:30:04 AM

I'm on SMF 2.06 and I installed this mod, but when I try to save the page after enabling I get the error "This webpage is not available". I get slightly different messages by browser. This is the url ending it's trying to send to:

/forum/index.php?action=admin;area=forumfirewall;save;sa=settings

Any ideas?

butchs · December 08, 2013, 09:52:49 AM

Do not know. I use it on 2.06 with no issues.

It could be an issue with your hosts firewall? They could be blocking one of the tests.

Un-check "Block violations" and check "Logging". Monitor the log for a few weeks while adjusting the settings based on your log for your forum before you check "Block violations".

Zavoolon · December 10, 2013, 03:42:18 PM

I got this error message when I swiched on Firewall manualy in database by phpmyadmin - SECURITY RISK: ENSURE ALLOW_URL_FOPEN AND ALLOW_URL_INCLUDE ARE BOTH DISABLED TO PROTECT AGAINST RFI! Should I switch of this options in my htaccess file?

butchs · December 10, 2013, 07:01:44 PM

If you can do it. Most hosts force to you ask them to do it for you.

Zavoolon · December 11, 2013, 02:28:45 AM

But what it gives? Do i need to switch off both of them? May it be the error because of wich I couldn't activate this mode in my Admin section?

butchs · December 11, 2013, 08:36:47 PM

Yes both. RFI = remote file inclusion vulnerabilities.

ALLOW_URL_FOPEN
ALLOW_URL_INCLUDE

MDARULZ · December 12, 2013, 02:27:09 PM

Hello butchs - thanks for your fantastic mod, and for feedback in this topic !

I am using SMF version 2.06 and FF version 1.1.6.

Perhaps you can speculate on an error (see the bottom of this post) that's new on my forums (and, I have done no updates or mods, or removed mods, to cause it). I realized just before writing this that one change that happened at almost the same time was a MySQL update by my web host (from 5.1.70 to version 5.5.32, according to a notice from them), along with a PHP update (5.3.27 to version 5.4.22). Apache was also updated (2.2.25 to version 2.4.6), but I doubt that is the issue, based on my limited knowledge of forum software.

I'm pretty sure that one of the updates is causing the error. Do you have any suggestions for correcting this error ? Thanks in advance.

.../forums/index.php?action=pm;sa=send2
8: Array to string conversion
File: .../forums/Sources/ForumFirewall.php
Line: 367

Line 367 is: $enity_content = $h.': '.$v;

BTW, why use the word 'enity' instead of 'entity' ??

News:

Forum Firewall