Advertisement:

Author Topic: Forum Firewall  (Read 305013 times)

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,728
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #1040 on: July 10, 2017, 07:09:30 PM »
To be honest,this mod is not for newbies.  I suggest using BadBehavor with CrawlProtect and some user questions.

I spent some time making tutorials throughout this thread.  I then added them to my first post.  Someone who I have a pretty good idea who decided to replace that post with the first post for the mod.  If you feel energetic you can find them...

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline brynn

  • Full Member
  • ***
  • Posts: 515
  • Gender: Female
    • Inkscape Community
Re: Forum Firewall
« Reply #1041 on: July 10, 2017, 09:05:06 PM »
Thanks butchs.

I already do have Bad Behavior, which at least I understand the concept, and might even be able to set it up on my own, if I had to.  Actually have the whole security setup that was created for me originally.  (Forum Firewall, Bad Behavior, Stop Spammer)  I just need to learn how to use them all.  Because I'm guessing having moved to a new server, I might have to change some settings - ip address maybe, in some mods?

I've never heard of CrawlProtect, and don't find any mod by that name.  Oh ok, I found.  I will investigate.

When you say "some user questions", do you mean of the type "are you human?" on registration?  Yes, I have what I think are some very strong questions there.  Or do you mean I should ask user questions about security in the forum?

Do you mean the tutorials are scattered in this thread?  Or are they all over the forum?  If I find them, I'll make a list with links, so others can find them.

Maybe it would be better for me to shoot for a more broad goal for learning about forum or website security.  Do you (or anyone) know of any articles or tutorials or websites which address this general subject?  I need to start learning somehow. 

I certainly will search myself.  But not knowing the proper terminology, will limit what I can find.

I mean, there must be best practices, or something like that?  Something that compare/contrast different methods and techniques, pros and cons, and all that.  I'll search, but appreciate any tips, if anyone has any.

Thanks again   :)
Inkscape Community  (SMF with Tiny Portal)

Inkscape for Cutting Design  (originally a phpBB forum, converted to SMF, and using Simple Portal)

Offline aegersz

  • SMF Hero
  • ******
  • Posts: 1,490
  • Gender: Male
  • "mods" junkie
    • dopetalk
Re: Forum Firewall
« Reply #1042 on: July 11, 2017, 06:51:01 AM »
It too me a little over a year of hard work to write this software.  Honestly, I have no idea what you did so I cannot answer your question.

wow, a whole year ? i am running it on my dev system now, on the strength of that !

I'm still relatively new to the world of web enabled software so I don't really understand many of my vulnerabilities well enough.

I will do some research into the features that this offers and that should be educational. thanks. 
The configuration of my Linux VPS (SMF 2.0 with 145 mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum)

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,728
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #1043 on: September 24, 2017, 07:51:55 AM »
If you are upgrading SMF to v2.0.14 and currently have this mod installed you will have to uninstall this mod, then update SMF to v2.0.14 and then reinstall this mod.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline dynaweb

  • Semi-Newbie
  • *
  • Posts: 12
    • RSS Dog
Re: Forum Firewall
« Reply #1044 on: January 30, 2018, 03:52:31 PM »
Just an FYI that I installed this plugin yesterday and my Maldet scanner quarantined it as a trojan. 2.X latest version got it from this site :(
FSS to HTML Widget [nofollow] - Snowboarding Forums [nofollow]

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,728
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #1045 on: February 01, 2018, 06:17:02 PM »
Funny, so they finally caught up to FF as FF has been doing this since 2010!  So you run a program that scans for malware on a program that scans for malware and input from malware and you think this is an issue?  Of course NOT, FF uses the same search strings?  Either make FF a safe program or delete something. 

Please note that FF scans files too.  But FF stops malware when they attack not after it is on your server. 
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline sieemma

  • Newbie
  • *
  • Posts: 3
Re: Forum Firewall
« Reply #1046 on: April 30, 2018, 10:21:19 AM »
If I leave all the cells that ask to input codes, will FF still work?
Where they ask to input xx/yy

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,728
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #1047 on: June 10, 2018, 09:47:14 AM »
I do not understand.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,728
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Forum Firewall
« Reply #1048 on: July 21, 2019, 02:57:45 PM »
Dear FF users,
As some of you know I designed FF to work with cloudflare (CF) and detect when CF is bypassed.  Some of the feature I added I did so because they were not available in CF at the time.  Now that CF has caught up with bots and country blocking for free services I can decrease the stress on my forum even more with "Firewall Rules".  You are only allower 5 rules with the free service.  I still keep my settings in FF just in case it is bypassed and I duplicate most of the settings in CF.

Here are some suggested rules (see attached list):
Bad Bots 1
Code: [Select]
(http.user_agent contains "@nonymouse") or (http.user_agent contains "ADSARobot") or (http.user_agent contains "ah-ha") or (http.user_agent contains "Ahrefs") or (http.user_agent contains "AhrefsBot") or (http.user_agent contains "aktuelles") or (http.user_agent contains "almaden") or (http.user_agent contains "amzn_assoc") or (http.user_agent contains "Anarchie") or (http.user_agent contains "Art-Online") or (http.user_agent contains "AspiWeb") or (http.user_agent contains "ASPSeek") or (http.user_agent contains "ASSORT") or (http.user_agent contains "ATHENS") or (http.user_agent contains "Atomz") or (http.user_agent contains "attach") or (http.user_agent contains "attache") or (http.user_agent contains "autoemailspider") or (http.user_agent contains "BackWeb") or (http.user_agent contains "Bandit") or (http.user_agent contains "BatchFTP") or (http.user_agent contains "bdfetch") or (http.user_agent contains "Baiduspider") or (http.user_agent contains "Baiduspider-image") or (http.user_agent contains "Baiduspider-video") or (http.user_agent contains "Baiduspider-news") or (http.user_agent contains "Baiduspider-favo") or (http.user_agent contains "Baiduspider-cpro") or (http.user_agent contains "Baiduspider-ads") or (http.user_agent contains "BlackWidow") or (http.user_agent contains "BLEXBot") or (http.user_agent contains "bmclient") or (http.user_agent contains "BUbiNG") or (http.user_agent contains "Buddy") or (http.user_agent contains "Bullseye") or (http.user_agent contains "bumblebee") or (http.user_agent contains "capture") or (http.user_agent contains "CCBot") or (http.user_agent contains "CherryPicker") or (http.user_agent contains "ChinaClaw") or (http.user_agent contains "CICC") or (http.user_agent contains "clipping") or (http.user_agent contains "CFNetwork") or (http.user_agent contains "cURL") or (http.user_agent contains "Custo") or (http.user_agent contains "cyberalert") or (http.user_agent contains "Deweb") or (http.user_agent contains "diagem") or (http.user_agent contains "Digger") or (http.user_agent contains "DigExt") or (http.user_agent contains "Digimarc") or (http.user_agent contains "DIIbot") or (http.user_agent contains "DirectUpdate") or (http.user_agent contains "DISCo") or (http.user_agent contains "Drip") or (http.user_agent contains "DSurf15a") or (http.user_agent contains "EasyDL") or (http.user_agent contains "eCatch") or (http.user_agent contains "ecollector") or (http.user_agent contains "EirGrabber") or (http.user_agent contains "EmailCollector") or (http.user_agent contains "EmailSiphon") or (http.user_agent contains "EmailWolf") or (http.user_agent contains "ExtractorPro") or (http.user_agent contains "EyeNetIE") or (http.user_agent contains "Ezooms") or (http.user_agent contains "fastlwspider")
Bad Bots 2
Code: [Select]
(http.user_agent contains "FavOrg") or (http.user_agent contains "FEZhead") or (http.user_agent contains "FileHound") or (http.user_agent contains "FlashGet") or (http.user_agent contains "FlickBot") or (http.user_agent contains "fluffy") or (http.user_agent contains "frontpage") or (http.user_agent contains "GalaxyBot") or (http.user_agent contains "Generic") or (http.user_agent contains "Getleft") or (http.user_agent contains "GetSmart") or (http.user_agent contains "GetWeb!") or (http.user_agent contains "GetWebPage") or (http.user_agent contains "gigabaz") or (http.user_agent contains "Girafabot") or (http.user_agent contains "Go!Zilla") or (http.user_agent contains "Go-Ahead-Got-It") or (http.user_agent contains "GornKer") or (http.user_agent contains "Grabber") or (http.user_agent contains "GrabNet") or (http.user_agent contains "Grafula") or (http.user_agent contains "Harvest") or (http.user_agent contains "hhjhj@yahoo") or (http.user_agent contains "hloader") or (http.user_agent contains "HMView") or (http.user_agent contains "HomePageSearch") or (http.user_agent contains "HTTPConnect") or (http.user_agent contains "httpdown") or (http.user_agent contains "HTTrack") or (http.user_agent contains "IBM_Planetwide") or (http.user_agent contains "ichiro") or (http.user_agent contains "imagefetch") or (http.user_agent contains "IncyWincy") or (http.user_agent contains "informant") or (http.user_agent contains "Ingelin") or (http.user_agent contains "InterGET") or (http.user_agent contains "InternetLinkAgent") or (http.user_agent contains "iOpus") or (http.user_agent contains "Iria") or (http.user_agent contains "Irvine") or (http.user_agent contains "Jakarta") or (http.user_agent contains "JBH*Agent") or (http.user_agent contains "JetCar") or (http.user_agent contains "JustView") or (http.user_agent contains "Kapere") or (http.user_agent contains "knowledge") or (http.user_agent contains "KWebGet") or (http.user_agent contains "Lachesis") or (http.user_agent contains "larbin") or (http.user_agent contains "LeechFTP") or (http.user_agent contains "LexiBot") or (http.user_agent contains "lftp") or (http.user_agent contains "libwww") or (http.user_agent contains "likse") or (http.user_agent contains "Link*Sleuth") or (http.user_agent contains "LinkWalker") or (http.user_agent contains "lwp-trivial") or (http.user_agent contains "majestic12") or (http.user_agent contains "Mag-Net") or (http.user_agent contains "Magnet") or (http.user_agent contains "MCspider") or (http.user_agent contains "MemoWeb") or (http.user_agent contains "moget") or (http.user_agent contains "MSProxy") or (http.user_agent contains "multithreaddb") or (http.user_agent contains "muckrack") or (http.user_agent contains "MJ12") or (http.user_agent contains "nationaldirectory") or (http.user_agent contains "NaverBot") or (http.user_agent contains "Navroad") or (http.user_agent contains "NearSite") or (http.user_agent contains "NetAnts") or (http.user_agent contains "NetCarta") or (http.user_agent contains "netcraft") or (http.user_agent contains "netfactual") or (http.user_agent contains "NetMechanic") or (http.user_agent contains "netprospector") or (http.user_agent contains "NetResearchServer") or (http.user_agent contains "NetSpider") or (http.user_agent contains "NetZIP") or (http.user_agent contains "NEWT") or (http.user_agent contains "nicerspro") or (http.user_agent contains "NPBot") or (http.user_agent contains "Octopus") or (http.user_agent contains "OpaL") or (http.user_agent contains "Openfind") or (http.user_agent contains "OpenTextSiteCrawler") or (http.user_agent contains "OutWit") or (http.user_agent contains "PackRat") or (http.user_agent contains "PageGrabber") or (http.user_agent contains "pavuk") or (http.user_agent contains "pcBrowser") or (http.user_agent contains "PersonaPilot") or (http.user_agent contains "PingALink") or (http.user_agent contains "Pockey") or (http.user_agent contains "psbot") or (http.user_agent contains "PSurf") or (http.user_agent contains "puf") or (http.user_agent contains "Pump")
Bad Bots 3
Code: [Select]
(http.user_agent contains "PushSite") or (http.user_agent contains "python-requests") or (http.user_agent contains "QRVA") or (http.user_agent contains "Qwantify") or (http.user_agent contains "QuepasaCreep") or (http.user_agent contains "RealDownload") or (http.user_agent contains "Reaper") or (http.user_agent contains "Recorder") or (http.user_agent contains "ReGet") or (http.user_agent contains "replacer") or (http.user_agent contains "RepoMonkey") or (http.user_agent contains "Robozilla") or (http.user_agent contains "Rover") or (http.user_agent contains "RPT-HTTPClient") or (http.user_agent contains "Rsync") or (http.user_agent contains "scoutjet") or (http.user_agent contains "Scrapy") or (http.user_agent contains "SearchExpress") or (http.user_agent contains "searchhippo") or (http.user_agent contains "Shai") or (http.user_agent contains "SISTRIX") or (http.user_agent contains "sitecheck") or (http.user_agent contains "Semrush") or (http.user_agent contains "SemrushBot") or (http.user_agent contains "SiteMapper") or (http.user_agent contains "SiteSnagger") or (http.user_agent contains "SlySearch") or (http.user_agent contains "SmartDownload") or (http.user_agent contains "snagger") or (http.user_agent contains "Sogou") or (http.user_agent contains "sogou spider") or (http.user_agent contains "SpaceBison") or (http.user_agent contains "spbot") or (http.user_agent contains "Spegla") or (http.user_agent contains "SpiderBot") or (http.user_agent contains "SqWorm") or (http.user_agent contains "Stripper") or (http.user_agent contains "Sucker") or (http.user_agent contains "SuperBot") or (http.user_agent contains "SuperHTTP") or (http.user_agent contains "Surfbot") or (http.user_agent contains "SurfWalker") or (http.user_agent contains "Szukacz") or (http.user_agent contains "TalkTalk") or (http.user_agent contains "tAkeOut") or (http.user_agent contains "tarspider") or (http.user_agent contains "Telesoft") or (http.user_agent contains "Templeton") or (http.user_agent contains "traffixer") or (http.user_agent contains "TrueRobot") or (http.user_agent contains "TuringOS") or (http.user_agent contains "TurnitinBot") or (http.user_agent contains "TV33_Mercator") or (http.user_agent contains "UIowaCrawler") or (http.user_agent contains "URL_Spider_Pro") or (http.user_agent contains "UtilMind") or (http.user_agent contains "Vacuum") or (http.user_agent contains "vagabondo") or (http.user_agent contains "vayala") or (http.user_agent contains "visibilitygap") or (http.user_agent contains "vobsub") or (http.user_agent contains "VoidEYE") or (http.user_agent contains "vspider") or (http.user_agent contains "w3mir") or (http.user_agent contains "WebAuto") or (http.user_agent contains "webbandit") or (http.user_agent contains "Webclipping") or (http.user_agent contains "webcollage") or (http.user_agent contains "webcollector") or (http.user_agent contains "WebCopier") or (http.user_agent contains "webcraft@bea") or (http.user_agent contains "WebDAV") or (http.user_agent contains "webdevil") or (http.user_agent contains "webdownloader") or (http.user_agent contains "Webdup") or (http.user_agent contains "WebEmailExtractor") or (http.user_agent contains "WebFetch") or (http.user_agent contains "WebHook") or (http.user_agent contains "Webinator") or (http.user_agent contains "WebLeacher") or (http.user_agent contains "WebMiner") or (http.user_agent contains "WebMirror") or (http.user_agent contains "webmole") or (http.user_agent contains "WebReaper") or (http.user_agent contains "WebSauger") or (http.user_agent contains "WEBsaver") or (http.user_agent contains "WebSnake") or (http.user_agent contains "Webster") or (http.user_agent contains "WebStripper") or (http.user_agent contains "websucker") or (http.user_agent contains "webvac")
Bad Bots 4
Code: [Select]
(http.user_agent contains "webwalk") or (http.user_agent contains "webweasel") or (http.user_agent contains "WebWhacker") or (http.user_agent contains "WebZIP") or (http.user_agent contains "Wget") or (http.user_agent contains "whizbang") or (http.user_agent contains "WhosTalking") or (http.user_agent contains "Widow") or (http.user_agent contains "WISEbot") or (http.user_agent contains "WUMPUS") or (http.user_agent contains "Wweb") or (http.user_agent contains "WWWOFFLE") or (http.user_agent contains "Wysigot") or (http.user_agent contains "x-Tractor") or (http.user_agent contains "XGET") or (http.user_agent contains "Yandex") or (http.user_agent contains "YoudaoBot") or (http.user_agent contains "Yeti") or (http.user_agent contains "80legs") or (http.user_agent contains "Zeus.*")
Block Countries
Code: [Select]
(ip.geoip.country in {"AD" "AE" "AF" "AG" "AI" "AL" "AM" "AN" "AO" "AQ" "AR" "AS" "AT" "AW" "AX" "AZ" "BA" "BB" "BD" "BE" "BF" "BG" "BH" "BI" "BJ" "BN" "BO" "BR" "BT" "BV" "BW" "BY" "BZ" "CC" "CD" "CF" "CG" "CH" "CI" "CK" "CL" "CM" "CN" "CO" "CR" "CV" "CX" "CY" "CZ" "DE" "DJ" "DK" "DM" "DO" "DZ" "EC" "EE" "EH" "ER" "ET" "FI" "FJ" "FK" "FM" "FO" "FR" "GA" "GE" "GF" "GG" "GH" "GI" "GL" "GM" "GN" "GP" "GQ" "GS" "GT" "GU" "GW" "GY" "HK" "HM" "HN" "HR" "HT" "HU" "ID" "IM" "IQ" "IO" "IR" "IS" "JE" "JM" "JO" "KE" "KG" "KH" "KI" "KM" "KN" "KP" "KR" "KZ" "LA" "LB" "LC" "LI" "LK" "LR" "LS" "LT" "LU" "LV" "LY" "MA" "MC" "MD" "ME" "MG" "MH" "MK" "ML" "MM" "MN" "MO" "MP" "MQ" "MR" "MS" "MT" "MU" "MV" "MW" "MY" "MZ" "NC" "NE" "NF" "NG" "NI" "NL" "NO" "NP" "NR" "NU" "OM" "PA" "PE" "PF" "PG" "PK" "PL" "PM" "PN" "PR" "PS" "PT" "PW" "PY" "QA" "RE" "RO" "RS" "RU" "RW" "SA" "SB" "SC" "SD" "SE" "SG" "SH" "SI" "SJ" "SK" "SL" "SM" "SN" "SO" "SR" "ST" "SV" "SY" "SZ" "TC" "TD" "TF" "TG" "TH" "TJ" "TK" "TL" "TM" "TN" "TO" "TR" "TT" "TV" "TW" "TZ" "UA" "UG" "UY" "UZ" "VC" "VE" "VG" "VI" "VN" "VU" "WF" "WS" "YE" "YT" "ZA" "ZM" "ZW"} and not cf.client.bot)
Be carefull with the las tone as I live in the US and it may block you if you live elsewhere.  Please check you website before leaving for the night.

If you have better tested rules please post them here...
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.