Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
vBFirewall v1.0 Details »
vBFirewall v1.0
Mod Version: 1.00, by invisiblea (Member) invisiblea is offline
Developer Last Online: Dec 2008 I like it Show Printable Version Email this Page

vB Version: 3.8.0 Beta 2 Rating: (45 votes - 4.71 average) Installs: 680
Released: 20 Nov 2008 Last Update: Never Downloads: 3260
Not Supported Uses Plugins Auto-Template Is in Beta Stage  

This is my first mod for vBulletin and I have tried to make it as better as I could.



What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.

I have tested each and every function of this mod before releasing it and have used it myself for 1 month

It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him

This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.


How to install?

1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt (This file will only be created when a attack occour)
3) Your website is now secure from hackers



Thanks

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
  #76  
Old 28 Nov 2008, 18:20
7lanet's Avatar
7lanet 7lanet is offline
 
Join Date: Aug 2007
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
1||1227332433||82.114.188.37||url=http%3A%2F%2Fmovies.yahoo.com%2Fmovie%2F180982 4029%2Fdetails||http://www.7lanet.com/vb/t36059.html||Mozilla/5.0 (Windows; U; Windows NT 5.0; ar; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18Error Opening Logfile.
Reply With Quote
  #77  
Old 28 Nov 2008, 18:27
RvG2's Avatar
RvG2 RvG2 is offline
 
Join Date: Jan 2007
I think solution for this is just like the popular firewall for windows is to bypass the modification whom you think is safe and will not make harm to the site.
Reply With Quote
  #78  
Old 28 Nov 2008, 19:41
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Originally Posted by invisiblea View Post
can you tell me all steps you used to generate that error?
There were no steps. I installed the add-on which completed successfully. A few minutes later, it generated the email I quoted above saying that it had blocked googlebot as a hack attempt.
Reply With Quote
  #79  
Old 29 Nov 2008, 01:38
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
OK. I re-enabled this add-on. This time I received the following two emails:

Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
Psychlinks Psychology Self-Help & Mental Health Support Forum

Report:
============================

1||1227922526||74.6.8.105||id=13&forumid=40&script=showthread||||Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)

============================
Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
Psychlinks Psychology Self-Help & Mental Health Support Forum

Report:
============================

1||1227923147||74.6.8.105||id=2&forumid=44&script=showthread||||Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)

============================
So it appears there's a problem with this add-on: It's blocking spiders, which isn't something most of us want to do.

Disabled again.
Reply With Quote
  #80  
Old 29 Nov 2008, 16:57
invisiblea invisiblea is offline
 
Join Date: Feb 2008
I tested this plugin on a very active forum for 1 month didnt made any problem, I would like to check this out for you..On it

Originally Posted by djbaxter View Post
OK. I re-enabled this add-on. This time I received the following two emails:





So it appears there's a problem with this add-on: It's blocking spiders, which isn't something most of us want to do.

Disabled again.
Reply With Quote
  #81  
Old 29 Nov 2008, 23:44
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Thanks.
Reply With Quote
  #82  
Old 30 Nov 2008, 10:57
MrEyes MrEyes is offline
 
Join Date: Nov 2004
1||1227923147||74.6.8.105||id=2&forumid=44&script=showthread||||Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Originally Posted by invisiblea View Post
I tested this plugin on a very active forum for 1 month didnt made any problem, I would like to check this out for you..On it
If the mod is the same as it was before the reason this trigger occurs is this part of the query string:

script=showthread
"script" is one of the trigger words as this can be used to pass javascript on a querystring. So this causes the "firewall" to block and create the email.
Reply With Quote
  #83  
Old 30 Nov 2008, 20:30
Celtkin Celtkin is offline
 
Join Date: Dec 2005
I am getting false positives as well

Report:
============================

1||1228080110||70.117.163.62||do=viewsubscription&folderid=all||http://forums.thephins.com/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
__________________
ThePHINS.com
Reply With Quote
  #84  
Old 03 Dec 2008, 21:52
DangerousDale DangerousDale is offline
 
Join Date: Apr 2008
I have had very little issue with this firewall so far, I may have to turn it off while in admin CP to access one or 2 things but nothing that has caused any issue.

Today I was looking at my logs and the firewall has blocked some very real attacks on my site from bots:

Report:
============================

1||1227884548||85.25.148.136||mod=http://www.mykr.net/bbs/id.txt?||||libwww-perl/5.805

============================
Info on this bot can be found here.

Thanks again for the firewall keep up the good work
Reply With Quote
  #85  
Old 06 Dec 2008, 02:26
Orakk's Avatar
Orakk Orakk is offline
 
Join Date: Nov 2007
Real name: Rob
Originally Posted by DangerousDale View Post
I have had very little issue with this firewall so far, I may have to turn it off while in admin CP to access one or 2 things but nothing that has caused any issue.
I have it running without issues on 374pl1. What are those things you refere to need the firewall disabled?

Cheers.

Edit: I was mistaken, thread subscription fails, interpetted as a hack attempt.

Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
SeriousCrunchers.Net

Report:
============================

||do=addsubscription&t=261||

Last edited by Orakk; 07 Dec 2008 at 08:46.
Reply With Quote
  #86  
Old 08 Dec 2008, 06:24
Computer_Angel Computer_Angel is offline
 
Join Date: Aug 2004
This addon just base on the keywords list which define in the plugin, so it may lead to wrong detection too. Just look in the code you will the all the list, such as:
"c99shell.php', 'shell.php', 'cmd.php','r57.php?phpinfo', 'r57.php?phpini', 'r57.php?cpu', 'r57.php?'
So if you have your php code file name as these above list then you could not run . Any if a hacker read this, they 'll modified their backdoor to another filename such as "a.php" then this script is .. useless.
Reply With Quote
  #87  
Old 08 Dec 2008, 18:47
4x4 Mecca 4x4 Mecca is offline
 
Join Date: Feb 2007
I'm on 3.7 but got two of these emails:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Reply With Quote
  #88  
Old 09 Dec 2008, 00:42
mac-warez mac-warez is offline
 
Join Date: Oct 2008
Real name: Tyler
my logfile reads this

1||1228766931||||||||
1||1228767166||||||||

what does that mean?
Reply With Quote
  #89  
Old 09 Dec 2008, 13:26
Madlike's Avatar
Madlike Madlike is offline
 
Join Date: Jan 2008
Originally Posted by mac-warez View Post
my logfile reads this

1||1228766931||||||||
1||1228767166||||||||

what does that mean?
Maybe IP Adresses
__________________
MadLike
Reply With Quote
  #90  
Old 09 Dec 2008, 13:32
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Originally Posted by Madlike View Post
Maybe IP Adresses
Not likely... it's 10 digits, not 9.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 02:53.

Layout Options | Width: Wide Color: