Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
vBFirewall v1.0 Details »
vBFirewall v1.0
Mod Version: 1.00, by invisiblea (Member) invisiblea is offline
Developer Last Online: Dec 2008 I like it Show Printable Version Email this Page

vB Version: 3.8.0 Beta 2 Rating: (45 votes - 4.71 average) Installs: 680
Released: 20 Nov 2008 Last Update: Never Downloads: 3260
Not Supported Uses Plugins Auto-Template Is in Beta Stage  

This is my first mod for vBulletin and I have tried to make it as better as I could.



What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.

I have tested each and every function of this mod before releasing it and have used it myself for 1 month

It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him

This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.


How to install?

1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt (This file will only be created when a attack occour)
3) Your website is now secure from hackers



Thanks

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
  #46  
Old 21 Nov 2008, 22:43
Hornstar's Avatar
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Real name: Matt
This might have great potential. I will tag this for now.
Reply With Quote
  #47  
Old 21 Nov 2008, 22:54
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Originally Posted by Fungsten View Post
I have to check my glasses.
lol... well we all do sometimes that's why I included the a-hole disclaimer notation in there rofl

S-MAN
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #48  
Old 22 Nov 2008, 04:41
7lanet's Avatar
7lanet 7lanet is offline
 
Join Date: Aug 2007
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
1||1227332433||82.114.188.37||url=http%3A%2F%2Fmovies.yahoo.com%2Fmovie%2F180982 4029%2Fdetails||http://www.7lanet.com/vb/t36059.html||Mozilla/5.0 (Windows; U; Windows NT 5.0; ar; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18Error Opening Logfile.
Reply With Quote
  #49  
Old 22 Nov 2008, 05:02
WarLion's Avatar
WarLion WarLion is offline
 
Join Date: Jun 2006
Originally Posted by 7lanet View Post
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
wow that why lol that happen to me to
Reply With Quote
  #50  
Old 22 Nov 2008, 17:17
Fungsten's Avatar
Fungsten Fungsten is offline
 
Join Date: Jul 2006
Originally Posted by 7lanet View Post
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
Same here.

1||1227377861||XXX.XXX.XXX.XXX||url=http%3A%2F%2Fnews.bbc.co.uk%2Fgo%2Frss%2F-%2F2%2Fhi%2Famericas%2F7743842.stm||http://www.blahblah.com/forum/showth...5||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; WWTClient2)Error Opening Logfile.
__________________
My Mods:
Missing Images
Styles:
Hell Eye Shock
Reply With Quote
  #51  
Old 22 Nov 2008, 21:32
MrEyes MrEyes is offline
 
Join Date: Nov 2004
Originally Posted by 7lanet View Post
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
Originally Posted by Fungsten View Post
Same here.
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked. For example the ability to set an exclusion at a page level. So you could exclude viewsubscription for misc.php but not payments.php, and http for redirector.php (vbAnonymizer mod)

Originally Posted by dtv100 View Post
another error i get is when send activation codes:

ried to send a member the activation codes got this
This could probably also be fixed by exclusions

Last edited by MrEyes; 23 Nov 2008 at 13:02.
Reply With Quote
  #52  
Old 23 Nov 2008, 01:03
dtv100's Avatar
dtv100 dtv100 is offline
 
Join Date: Apr 2007
Originally Posted by MrEyes View Post
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked.
any way to make it that user group 6 is ignore by firewall ?
__________________
I say Ha HA!
find free to air information FTA Site wanna fight? fight me
Reply With Quote
  #53  
Old 23 Nov 2008, 11:21
MrEyes MrEyes is offline
 
Join Date: Nov 2004
Originally Posted by dtv100 View Post
any way to make it that user group 6 is ignore by firewall ?
Yes, but I think I have gone to far already with the mod hacks and I don't want to be accused of show stealing, so I will leave that as a suggestion for the mod author.

However if the author doesn't want to or isn't able to make these changes I am more than happy to take this mod on, it is a great idea and it would be a real shame to see it die.

Last edited by MrEyes; 23 Nov 2008 at 13:03.
Reply With Quote
  #54  
Old 23 Nov 2008, 15:48
invisiblea invisiblea is offline
 
Join Date: Feb 2008
I am working on the new version, Just give me a day or 2 more
I will update you guys once I am done with the new version

Last edited by invisiblea; 24 Nov 2008 at 10:33.
Reply With Quote
  #55  
Old 24 Nov 2008, 11:24
invisiblea invisiblea is offline
 
Join Date: Feb 2008
Excluding =http will make this mod useless :P

Originally Posted by MrEyes View Post
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked. For example the ability to set an exclusion at a page level. So you could exclude viewsubscription for misc.php but not payments.php, and http for redirector.php (vbAnonymizer mod)



This could probably also be fixed by exclusions
Reply With Quote
  #56  
Old 24 Nov 2008, 15:16
7lanet's Avatar
7lanet 7lanet is offline
 
Join Date: Aug 2007
how uesd this
$securityexclusions = array(
'do=viewsubscription',
'=http'
);
Reply With Quote
  #57  
Old 24 Nov 2008, 17:39
DangerousDale DangerousDale is offline
 
Join Date: Apr 2008
Hi thanks for this hack, love it.

I have found one issue where I try to create a new page in vba cmps the "[PHP File Page]" process gets blocked and I am unable to create a php page. Just had to turn it off to get through
Reply With Quote
  #58  
Old 24 Nov 2008, 20:05
pein87's Avatar
pein87 pein87 is offline
 
Join Date: Sep 2008
Question I have thisinstalled on my test server at home and I wasnt able to change the cookie settinsg to my forum it shows access denied you`ve been logged! and whne I check the txt file it shows a log of me trying to access the cookies part of vbotions.
Reply With Quote
  #59  
Old 24 Nov 2008, 20:08
FiMeTi FiMeTi is offline
 
Join Date: May 2008
nominated! Waiting for next (stabil) version and a paypal link 4 donation.
thx!
Reply With Quote
  #60  
Old 25 Nov 2008, 00:57
rob01 rob01 is offline
 
Join Date: Sep 2008
Real name: robert
is a nice mod, but i will wait for new updates.. since i get erros when i use vbanonymiser and "Search in Templates"

Last edited by rob01; 25 Nov 2008 at 01:11.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 01:13.

Layout Options | Width: Wide Color: