vb.org Archive
Page 2 of 7 1 2 34 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   vBFirewall v1.0 (https://vborg.vbsupport.ru/showthread.php?t=196791)

Leo Brazil 11-21-2008 06:23 PM
I'll take a look on this mod for sure. Sounds pretty interesting.

dtv100 11-21-2008 07:51 PM
another error i get is when send activation codes:

ried to send a member the activation codes got this
Quote:
1||1227298680||72.xxxxx.xxx||do=requestemail&email =bigcoltguns%40yahoo.com&url=http%3A%2F%2Fwww.doma in.com%2Fforums%2Fadmincp%2Fuser.php%3Fdo%3Dedit%2 6u%3D8531||http://www.domain.com/forums/admincp...1||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4Error Opening Logfile.

Fungsten 11-21-2008 07:53 PM
Im getting the subscription error too.

TheLastSuperman 11-21-2008 08:57 PM
Quote:
Originally Posted by Fungsten (Post 1670249)
Im getting the subscription error too.
did you look above before posting????

Quote:
Originally Posted by MrEyes (Post 1670137)
Good mod, fantastic idea, however the subscription issue is something of a show stopper. So I decided to look into it.

The reason the "firewall" quick in on the subscription page is that one of the security rules is 'script', and quiet rightly so. However due to the checking method used the firewall kicks in when it sees:

do=viewsubscription

Notice the bold/underlined part

The good news is that this can be resolved, but it is a hack to the mod. The following instructions explain what needs to be done, if you want to implement it then I strongly recommend first testing it on an test server. Hopefully this will help the mod dev makes this mod one of the best available here:

Right, you need to goto:

ACP -> Plugins & Products -> Plugin Manager

Once there look for the entries for "Product : vBFirewall", this should only have one plugin called 'vBFirewall' which uses the 'init_startup' plugin. Click edit

Copy all the text in 'Plugin PHP Code' into notepad.

Now follow these steps:
  • Find the line that reads:

    Code:
    'st=-', 'cat%20', 'include', '_path=');
  • On a new line immediately after this paste in:

    Code:
    $securityexclusions = array(
            'do=viewsubscription'
    );
  • Find the line that reads:

    Code:
    $cracker = strtolower($cracker);
  • On a new line immediately after this paste in:

    Code:
    $cracker= str_replace($securityexclusions, '', $cracker);

Once done, copy all the edited text in notepad back into the 'Plugin PHP Code' in ACP, then click save

What this is actually doing is creating an extendible security rule exclusion list, so if any other VB queries string invoke the vbFirewall you can add another exclusion.

IMPORTANT : I have only run this on a basic test server I have, do not try this unless you are absolutely comfortable with plugins/php etc.

A here are some suggestions for the next version:
  • Rather than add the logs to a flat file on the server store this in the DB and then create an ACP page to view/search/manage logs
  • Add option to send a PM or Email or both
  • If a specific IP invokes the firewall more than X times in Y seconds/minutes auto place this IP on the vBulletin ban list.
  • If a specific IP can be associated to an actual forum user account auto ban that user.

One other teeny weeny little thing, you need to mention that this is based on the GPL licensed code found here : http://www.cback.de/cback_software/standalonect.php ;)
Sorry to be so blunt but up top lol ^

THANKS to Invisiblea and MrEyes ;)

Fungsten 11-21-2008 09:11 PM
Quote:
Originally Posted by TheLastSuperman (Post 1670279)
did you look above before posting????



Sorry to be so blunt but up top lol ^

THANKS to Invisiblea and MrEyes ;)
I have to check my glasses.

Hornstar 11-21-2008 09:43 PM
This might have great potential. I will tag this for now.

TheLastSuperman 11-21-2008 09:54 PM
Quote:
Originally Posted by Fungsten (Post 1670282)
I have to check my glasses.
lol... well we all do sometimes that's why I included the a-hole disclaimer notation in there rofl ;)

:D S-MAN

7lanet 11-22-2008 03:41 AM
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
Quote:
1||1227332433||82.114.188.37||url=http%3A%2F%2Fmov ies.yahoo.com%2Fmovie%2F1809824029%2Fdetails||http://www.7lanet.com/vb/t36059.html||Mozilla/5.0 (Windows; U; Windows NT 5.0; ar; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18Error Opening Logfile.

WarLion 11-22-2008 04:02 AM
Quote:
Originally Posted by 7lanet (Post 1670436)
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
wow that why lol that happen to me to

Fungsten 11-22-2008 04:17 PM
Quote:
Originally Posted by 7lanet (Post 1670436)
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
Same here.

1||1227377861||XXX.XXX.XXX.XXX||url=http%3A%2F%2Fn ews.bbc.co.uk%2Fgo%2Frss%2F-%2F2%2Fhi%2Famericas%2F7743842.stm||http://www.blahblah.com/forum/showth...5||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; WWTClient2)Error Opening Logfile.

MrEyes 11-22-2008 08:32 PM
Quote:
Originally Posted by 7lanet (Post 1670436)
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
Quote:
Originally Posted by Fungsten (Post 1670694)
Same here.
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:

Code:
$securityexclusions = array(
        'do=viewsubscription',
        '=http'
);
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked. For example the ability to set an exclusion at a page level. So you could exclude viewsubscription for misc.php but not payments.php, and http for redirector.php (vbAnonymizer mod)

Quote:
Originally Posted by dtv100 (Post 1670246)
another error i get is when send activation codes:

ried to send a member the activation codes got this
This could probably also be fixed by exclusions

dtv100 11-23-2008 12:03 AM
Quote:
Originally Posted by MrEyes (Post 1670808)
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:

Code:
$securityexclusions = array(
        'do=viewsubscription',
        '=http'
);
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked.
any way to make it that user group 6 is ignore by firewall ?

MrEyes 11-23-2008 10:21 AM
Quote:
Originally Posted by dtv100 (Post 1670904)
any way to make it that user group 6 is ignore by firewall ?
Yes, but I think I have gone to far already with the mod hacks and I don't want to be accused of show stealing, so I will leave that as a suggestion for the mod author.

However if the author doesn't want to or isn't able to make these changes I am more than happy to take this mod on, it is a great idea and it would be a real shame to see it die.

invisiblea 11-23-2008 02:48 PM
I am working on the new version, Just give me a day or 2 more
I will update you guys once I am done with the new version :)

invisiblea 11-24-2008 10:24 AM
Excluding =http will make this mod useless :P

Quote:
Originally Posted by MrEyes (Post 1670808)
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:

Code:
$securityexclusions = array(
        'do=viewsubscription',
        '=http'
);
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked. For example the ability to set an exclusion at a page level. So you could exclude viewsubscription for misc.php but not payments.php, and http for redirector.php (vbAnonymizer mod)



This could probably also be fixed by exclusions

7lanet 11-24-2008 02:16 PM
how uesd this
Quote:
$securityexclusions = array(
'do=viewsubscription',
'=http'
);

DangerousDale 11-24-2008 04:39 PM
Hi thanks for this hack, love it.

I have found one issue where I try to create a new page in vba cmps the "[PHP File Page]" process gets blocked and I am unable to create a php page. Just had to turn it off to get through ;)

pein87 11-24-2008 07:05 PM
Question I have thisinstalled on my test server at home and I wasnt able to change the cookie settinsg to my forum it shows access denied you`ve been logged! and whne I check the txt file it shows a log of me trying to access the cookies part of vbotions.

FiMeTi 11-24-2008 07:08 PM
nominated! Waiting for next (stabil) version and a paypal link 4 donation. :)
thx!

rob01 11-24-2008 11:57 PM
is a nice mod, but i will wait for new updates.. since i get erros when i use vbanonymiser and "Search in Templates"

RvG2 11-25-2008 01:38 AM
hi, hoping for new updates... :)

invisiblea 11-25-2008 07:05 AM
Hopefully today a stable version will be out!

7lanet 11-25-2008 08:30 AM
we waiting ..

TheLastSuperman 11-25-2008 03:01 PM
Sorry, had to un-install until I can work around the issue but this errors out on our Award and Ranks Mod when using the One-Click URL Self Thread Approval :(

Just a heads up for YAAS & YARS Users.

S-MAN

msm_eg 11-25-2008 05:30 PM
there is conflict between this hack and vbAnonymizer hack so i can't redirect my URL to Redirector page. please fix this to be able to use vbAnonymizer hack its very good and enhanced my page view also its give me a good back links for my forum so i can't stop working with it.

mikey1991 11-25-2008 05:56 PM
<a href="http://www.mydomain.com/forums/logfile_worms.txt" target="_blank">www.mydomain.com/forums/logfile_worms.txt</a>

Would be accessible by everyone? maybe change that, yeah?

invisiblea 11-27-2008 08:01 AM
Due to few setbacks I wasnt able to release new version, I am currently working on those setbacks and will get to your guys ASAP

LuBi 11-27-2008 03:21 PM
Quote:
Originally Posted by hornstar1337 (Post 1670296)
This might have great potential. I will tag this for now.
Maybe you should have installed it..did you? Looks like you got hacked? :(

DragonMasterNYC 11-27-2008 03:49 PM
I's ok as long as it works in the end thats all that matters.

djbaxter 11-28-2008 12:48 AM
Uh-oh.

I just installed this. And I just receiveed the following email from the add-on:

Quote:
Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
Psychlinks Psychology Self-Help & Mental Health Support Forum

Report:
============================

1||1227840042||66.249.71.212||tag=prescription|||| Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

============================
Blocking Googlebot can't be good. I've disabled the add-on for now. Any suggestions?

Alex LD 11-28-2008 02:16 AM
do you think this would work for 3.7.4? too I know its for 3.8

invisiblea 11-28-2008 07:54 AM
Quote:
Originally Posted by djbaxter (Post 1674317)
Uh-oh.

I just installed this. And I just receiveed the following email from the add-on:



Blocking Googlebot can't be good. I've disabled the add-on for now. Any suggestions?
What Mod is it?

Quote:
Originally Posted by Alex LD (Post 1674343)
do you think this would work for 3.7.4? too I know its for 3.8
Yes, It works for all versions

Cobra-J82 11-28-2008 08:11 AM
mmmm
I always tought vbulletin was 100% secure :erm:

djbaxter 11-28-2008 10:56 AM
Quote:
Originally Posted by djbaxter (Post 1674317)
Uh-oh.

I just installed this. And I just receiveed the following email from the add-on:



Blocking Googlebot can't be good. I've disabled the add-on for now. Any suggestions?
Quote:
Originally Posted by invisiblea (Post 1674442)
What Mod is it?
This one. vBFirewall 1.0.

invisiblea 11-28-2008 04:06 PM
Quote:
Originally Posted by djbaxter (Post 1674494)
This one. vBFirewall 1.0.
can you tell me all steps you used to generate that error?

7lanet 11-28-2008 05:20 PM
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
Quote:
1||1227332433||82.114.188.37||url=http%3A%2F%2Fmov ies.yahoo.com%2Fmovie%2F180982 4029%2Fdetails||http://www.7lanet.com/vb/t36059.html||Mozilla/5.0 (Windows; U; Windows NT 5.0; ar; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18Error Opening Logfile.

RvG2 11-28-2008 05:27 PM
I think solution for this is just like the popular firewall for windows is to bypass the modification whom you think is safe and will not make harm to the site.

djbaxter 11-28-2008 06:41 PM
Quote:
Originally Posted by invisiblea (Post 1674618)
can you tell me all steps you used to generate that error?
There were no steps. I installed the add-on which completed successfully. A few minutes later, it generated the email I quoted above saying that it had blocked googlebot as a hack attempt.

djbaxter 11-29-2008 12:38 AM
OK. I re-enabled this add-on. This time I received the following two emails:

Quote:
Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
Psychlinks Psychology Self-Help & Mental Health Support Forum

Report:
============================

1||1227922526||74.6.8.105||id=13&forumid=40&script =showthread||||Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)

============================
Quote:
Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
Psychlinks Psychology Self-Help & Mental Health Support Forum

Report:
============================

1||1227923147||74.6.8.105||id=2&forumid=44&script= showthread||||Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)

============================
So it appears there's a problem with this add-on: It's blocking spiders, which isn't something most of us want to do.

Disabled again.

invisiblea 11-29-2008 03:57 PM
I tested this plugin on a very active forum for 1 month didnt made any problem, I would like to check this out for you..On it

Quote:
Originally Posted by djbaxter (Post 1674866)
OK. I re-enabled this add-on. This time I received the following two emails:





So it appears there's a problem with this add-on: It's blocking spiders, which isn't something most of us want to do.

Disabled again.


All times are GMT. The time now is 01:19 PM.
Page 2 of 7 1 2 34 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01512 seconds
  • Memory Usage 1,848KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_code_printable
  • (27)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete