Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 27 Nov 2010, 19:09
adwade adwade is offline
 
Join Date: Aug 2006
Real name: A.D.
Arrow Zb Block - Stop Spam & 'bots @ Server

I tripped across ZB BLOCK (a GPL V2 PHP Protection Script) this week by accident and have been pretty impressed at what all it does, completely for FREE. Anyway, for those unaware I just wanted to share the information so they could beef-up their own website's security against all the various nasty's out there.

ZB BLOCK
Don't let the robots in the door!
A GPL V2 PHP Protection Script for your site.

This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently reccurring 503 OVERLOAD message with a 24 hour timeout.

What ZB Block is Excellent at:
  • Saves money by reducing hacker bandwith usage! (by 2,500% on this site's index page alone!)
  • Strengthing your site against defacement.
  • Preventing PHP script exploitation.
  • Ending Remote File Include (RFI) exploits.
  • Protecting against directory traversal attacks.
  • Stopping MySQL database injection and tampering.
  • Removing access from known bad addresses and domain names.
  • Blocking access from top level domains, like .cn (China) and .kp (North Korea).
What ZB Block is Good at:
  • Avoiding website scraping/content theft.
  • Deterring bad user agents.
  • Halting referrer spam.
  • Impeding some Cross Site Scripting (XSS) attacks.
What ZB Block will not do:
  • Protect non-PHP pages.
  • Stop access to non-exploitable resource files like .gif, .jpg, or .swf .
ZB Block is also fast, not only does ZB Block check for over 100,000,000 bad IPs/Hostnames and many thousands of bots, but standard execution times are around 1/10th of a second on an aged PIII 930, which is unnoticeable to the web surfer. This anti-exploit / anti-'sploit / anti-hacking / anti-injection script should find many uses around the web as it's good at detecting, and stopping exploitation probes from many of the worst known skript kiddie tools.
Moderator(s), MOVE this thread to wherever you think it will do the most good for fellow vB Adminstrators.

Last edited by adwade; 15 Dec 2010 at 23:08.
Reply With Quote
  #2  
Old 27 Nov 2010, 19:12
adwade adwade is offline
 
Join Date: Aug 2006
Real name: A.D.
LOGS denying bad-bot behaviors...

In just a couple of days, ZB BLOCK has denied over 1,000 bad-bot behaviors on my website. Below is a sampling of my logs as a result of having it installed...


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Reply With Quote
  #3  
Old 15 Dec 2010, 16:34
biggazillakilla biggazillakilla is offline
 
Join Date: Mar 2004
I just stumbled across this while looking at the stopforumspam.com website. Yes, it looks interesting.
__________________
My vBulletin
Reply With Quote
  #4  
Old 15 Dec 2010, 18:12
adwade adwade is offline
 
Join Date: Aug 2006
Real name: A.D.
ZB BLOCK accolades...

It's a TREMENDOUS add-on for any PHP based application, vBulletin included. Since adding it to our forums in NOV, our Bandwidth usage has dropped due to fewer spambots being able to crawl the website any longer.(see log entries in above post)

On some days, unsavory spiders had pushed our BW usage up over 1gB/day, whereas normal (for us) was around 200-300mB/day. We were faced with having to double our costs (i.e. by going to a larger hosting plan) when ZB BLOCK helped us to curtail a lot of wasted bandwidth 'some' robots were chewing up for no good reason at all.

Visit http://www.spambotsecurity.com/ for more info. Highly Recommended!

Last edited by adwade; 17 Dec 2010 at 02:56.
Reply With Quote
  #5  
Old 16 Dec 2010, 05:45
OldSchoolDSL OldSchoolDSL is offline
 
Join Date: Oct 2010
Real name: Adam H.
This was worth reading and applying. Installed.

Lets hope this does not block out valid bots though, such as Google or valid members.


This basically will prevent anyone not welcome onto your community.

Last edited by OldSchoolDSL; 16 Dec 2010 at 06:38.
Reply With Quote
  #6  
Old 16 Dec 2010, 10:19
adwade adwade is offline
 
Join Date: Aug 2006
Real name: A.D.
Originally Posted by OldSchoolDSL View Post
Lets hope this does not block out valid bots though, such as Google or valid members.
There are plenty of 'well-behaved' bots, crawling my site all the time. Meanwhile, as you mentioned it's preventing many unsavory 'bots access from our community.
Attached Images
File Type: jpg Picture 109.jpg (29.4 KB, 91 views)
Reply With Quote
  #7  
Old 16 Dec 2010, 21:21
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
So are you guys adding the 1 line of php code to your vBulletin files or to your major templates? (forumhome, forumdisplay, showthread)? Or is there a better place?
__________________
-Joe
Former vb.org Moderator. Retired.

@BirdOPrey5 | All Things BOP5 | Joe's Ultimate Off Topic
Note - I no longer making new VB mods, sorry.
Reply With Quote
  #8  
Old 17 Dec 2010, 02:10
adwade adwade is offline
 
Join Date: Aug 2006
Real name: A.D.
Well, per this thread ZB Hook (needed) only global.php? it's only needed in the global.php file from what I gathered.

However since I understand oh-so-little of all this -and- I'm a bit paranoid, I also added the single line of code to my index.php; login.php and register.php files as well.(overkill? probably)

My train of thought behind doing so was, what if someone access the register.php file directly from off-site? I wasn't sure global.php was called in that instance so I figured, better safe than sorry.

I'm sure someone more intelligent than me in how vBulletin's internals actually run could say for sure...but until then.
Reply With Quote
  #9  
Old 17 Dec 2010, 02:23
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Well global.php is definitely called by register.php and login.php, and every .php file basically besides functions (which themselves are called by global to begin with) so I'd imagine just adding to global is enough...

However it might be easy to forget to re-edit global.php on an upgrade so I'm wondering if it isn't better to put this line in a plugin on a hook in global.php instead so you don't need to worry about upgrades...
__________________
-Joe
Former vb.org Moderator. Retired.

@BirdOPrey5 | All Things BOP5 | Joe's Ultimate Off Topic
Note - I no longer making new VB mods, sorry.
Reply With Quote
  #10  
Old 17 Dec 2010, 02:37
onehost onehost is offline
 
Join Date: Jul 2006
sounds pretty awesome.

I knew those china spiders were up to no good....

to be honest, I do not know a lot about spiders, but I do most
do not appear useful, and i normally see 5+ trying to register
at any given time on my forum...rather then some spiders
trying to help your forum/content grow, they would rather hurt you.

Last edited by onehost; 17 Dec 2010 at 02:46.
Reply With Quote
  #11  
Old 17 Dec 2010, 02:57
OldSchoolDSL OldSchoolDSL is offline
 
Join Date: Oct 2010
Real name: Adam H.
Uninstalled

I ended up getting a 503 error after using this. Odd thing is it only affected me.
Reply With Quote
  #12  
Old 17 Dec 2010, 03:00
adwade adwade is offline
 
Join Date: Aug 2006
Real name: A.D.
Originally Posted by BirdOPrey5 View Post
...However it might be easy to forget to re-edit global.php on an upgrade so I'm wondering if it isn't better to put this line in a plugin on a hook in global.php instead so you don't need to worry about upgrades...
Ah, yeah, that sounds like a great idea to me...whatever it was you said?!

Seriously though if/when you do that, post some details so a non-coder could work their way through the same process.
Reply With Quote
  #13  
Old 17 Dec 2010, 03:00
onehost onehost is offline
 
Join Date: Jul 2006
Originally Posted by OldSchoolDSL View Post
Uninstalled

I ended up getting a 503 error after using this. Odd thing is it only affected me.
That sucks...

I added the line at the very top of global.php

not sure how long it supposed to take for it to work...

I still have 20+ spiders online, and google.com and googlebot.com
have prevention signs preventing them from doing something, so I
am not sure if they were like that before I added the line or not...

the hook method sounds like it would be a good idea to implement...

--------------- Added 17 Dec 2010 at 03:25 ---------------

I guess it is working..nice...

#: 1 @: Thu, 16 Dec 2010 21:55:46 -0600

Host: 211.43.152.16

IP: 211.43.152.16

Score: 1

Why blocked: Korean Suspicious.

Query: f=0

Referer:

User Agent: Mozilla/5.0 Firefox/3.0.5

Reconstructed URL: http:// bizwebforum.com /forumdisplay.php?f=0



#: 2 @: Thu, 16 Dec 2010 21:56:17 -0600

Host: ec2-75-101-167-57.compute-1.amazonaws.com

IP: 75.101.167.57

Score: 1

Why blocked: Amazon Web Services. Not an ISP. Used by hackers, Keyword spamming SEO bots, and other unsavories. Checked for bypass.

Query:

Referer:

User Agent: Mozilla/5.0 (compatible; Firefox Addon; Windows XP 5.1)

Reconstructed URL: http:// www.bizwebforum.com /forum.php

Damn Korean hackers....

Another fine tool to help fight auto hackers and spammers.

Last edited by onehost; 17 Dec 2010 at 03:27. Reason: Auto-Merged DoublePost
Reply With Quote
  #14  
Old 17 Dec 2010, 03:34
adwade adwade is offline
 
Join Date: Aug 2006
Real name: A.D.
Originally Posted by OldSchoolDSL View Post
Uninstalled

I ended up getting a 503 error after using this. Odd thing is it only affected me.
First, per the (PDF) manual...
If your page starts with HTML like...

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Or perhaps even a <doctype> statement, then the proper place for ZB Block, is on the
first line like...

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Restating here again, that there should be NO spaces, and NO newlines where ZB Block is added.

These will not work...

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This is just bad syntax and may even error the browser.

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This will cause an error if ZB Block tries to throw it's own 403 or 503 error, as bytes have already been sent to the output buffer.

Once again, if ZB Block exits without detection, no bytes will be added before “<!
DOCTYPE” and your page will be perfect when viewed remotely.

Oh, just in the case you didn't understand, ZB Block has to be on the first line of the source. No blank lines above it. (Some people have missed this).

Also, if the page is something.htm or something.html, you will have to rename it (and re-aim your links) to something.php for ZB Block to work. As of now, there is no safe way to use a rewrite rule to attach ZB Block to other file types.
--------------- Added 17 Dec 2010 at 03:36 ---------------

Originally Posted by OldSchoolDSL View Post
Uninstalled

I ended up getting a 503 error after using this. Odd thing is it only affected me.
Also, from the manual...

As installed, ZB Block will work fine for most people, but a lock-out condition could
happen if you trigger the warning more than 3 times in 1 day.


So understand if you try the ?test=xtestx syntax with your browser more than 3 times, to see how it's working -and- you have not set a master password (see p3-2 of the manual), then yes you will get blocked.

Setting the master password allows you to automatically record your own IP Address into the whitelisting so you can experiment all you want w/o getting locked out.

Last edited by adwade; 17 Dec 2010 at 03:51. Reason: Auto-Merged DoublePost
Reply With Quote
  #15  
Old 17 Dec 2010, 03:38
onehost onehost is offline
 
Join Date: Jul 2006
oh yea about that password...I did enter that password url, along with password,
and all i got was a blank page...is anything supposed to happen?

and am I supposed to block off the zd directory with the htaccess file?
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 12:44.

Layout Options | Width: Wide Color: