|
Thanks. :)
|
Quote:
Quote:
Quote:
|
I am getting false positives as well
Quote:
|
I have had very little issue with this firewall so far, I may have to turn it off while in admin CP to access one or 2 things but nothing that has caused any issue.
Today I was looking at my logs and the firewall has blocked some very real attacks on my site from bots: Quote:
Thanks again for the firewall keep up the good work ;) |
Quote:
Cheers. :) Edit: I was mistaken, thread subscription fails, interpetted as a hack attempt. Quote:
|
This addon just base on the keywords list which define in the plugin, so it may lead to wrong detection too. Just look in the code you will the all the list, such as:
Quote:
|
I'm on 3.7 but got two of these emails:
Code:
Hello! |
my logfile reads this
1||1228766931|||||||| 1||1228767166|||||||| what does that mean? |
Quote:
|
Quote:
|
hmm. It should tell you what the attacker tried to do
|
1||1228866074||MY.IP.ADD.RESS||url=http%3A%2F%2FXXXXX.XXX%2Ffiles%2F150219639%2FSOMETHING.rar||http://www.mysite.com/XXXXXXXXX/756-XXXXXXXXX.html||Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4Error Opening Logfile.
problem with vbAnonymizer |
Hmm might have to install this.
|
While this is a great plugin, it prevents me checking logs through the admin panel, giving me errors. Possible you can fix this issue?
|
Let me bookmark this!
|
Quote:
Why Do U Not Use VB Security ;) Contact me at pm or @ yahoo .... my yahoo id : system.k1ll3r :D |
I just got 2 emails saying "Hack Attempt prevented by vBFirewall"
but when i goto http://www.yourvbforumurl.com/logfile_worms.txt (with my forum name) it just says page not found the 2 emails say Code:
Hello!and Code:
Hello!what does all this mean and is it working correct ? |
Quote:
Great idea and good luck with progress. :up: |
1 Attachment(s)
verygood product I tried it on my forum and 100% working
I'm using Vbulletin Version 3.8.0 Release Candidate 1 thank you very much :) |
Quote:
I got same problem :confused: waiting for |
I installed this last night and had 14 emails this morning with basically no information. My log reads:
Code:
1||1229487186|||||||| |
invisiblea, would be great if you'd reply to this thread as you haven't done so in a while.
|
Quote:
Also, even though I have the option turned on I can't view logfile_worms.txt. It's not being created or is not in my forums directory. Suggestions? |
it seems to be working
this is what i got in my mailbox Hello! Hack Attempt has been successfully prevented for your vBulletin forums at: http://bullterrierforum.nl Report: ============================ 1||1229937338||116.122.158.46||systempath=http://www.elitewheels.ru/images/stories/.cnn?||||libwww-perl/5.79 ============================ if i paste the url and i visit this page i got a warning from nod32 that there is some sort of trojan really weird imho . but it seems to be working |
Quote:
invisiblea - Any updates on progress? If stumped, other coders may lend a hand if you ask .. |
Sorry for late reply.. within 2-3 days new version will be out..
|
relax its holiday time
them few more hours wont be biggy |
hi!
i try this mod, and i get this worm: Code:
1||1230274881||210.105.132.249||t=http://204.2.183.2/babycaleb/picture.htm?||||Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) |
How do you know its a worm? The IP address is from Korea. What do you see on your site?
|
The ip address that is hosting the badguy script is in the US/Colorado
They list abuse@ntt.net to report abuses. To get them to kill off the hacker script. If you tried to access that html, you likely have had The trojan is loaded on your PC, looks like the name of the trojan is Trojan Horse Downloader.Generic8.COX. You might want to do a few searches to see how to remove it from your local system. HTH |
my site is good, because i copy on my server root .htaccess file. if this file is missing, my site isnt good, my antivirus is lock my site
|
I use a third party product called ASL which does the same thing as this mod on a global scale (server wide) and much more (linux servers only). Cost of that is less then the vb license too.
|
Quote:
|
Also users have having problems subscribing to threads (I applied the unsubscribe patch)
The command getting caught is do=addsubscription |
Tried and installed this on vbulletin 3.8.0 rc 2 and 3.7.4 locks admin out of certain parts of the acp could you add to the script that if the user has a valid admin login they can gain access to the acp if not then reject them.
|
i have this...
i got 5 emails saying it blocked 5 attempts from hacking... then it bypassed and now im hacked.... fixed it once, then they hacked again.... www.ripthemic.org heres wut it showed when prevented... 1||1230677435||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230677439||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230677448||66.156.165.120||do=viewsubscription ||http://www.ripthemic.org/forums/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17 1||1230734502||124.187.20.43||do=removesubscriptio n&t=3||http://ripthemic.org/forums/showthre...1||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 1||1230765308||67.167.16.183||do=viewsubscription| |http://www.ripthemic.org/forums/usercp.php||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.2) is it possible that people are having problems with subscriptions because theres a security issue??? all the actions have to do with subscriptions and everyone is talking about having issues with subscriptions.... last email i got was at 6:16 PM today, right before the site went down... Had Me Site Fixed AGAIN... They Hacked AGAIN!!! This Time It Shows Me... 1||1230777472||98.100.180.113||do=viewsubscription ||||Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 1||1230777561||98.100.180.113||do=viewsubscription ||||Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 1||1230816616||86.96.229.88||s=&do=add&dostyleid=1 0&title=headinclude&group=all&searchstring=&expand set=10||http://ripthemic.org/forums/admincp/||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) 1||1230816628||86.96.229.88||s=&do=add&dostyleid=1 0&title=headinclude&group=all&searchstring=&expand set=10||http://ripthemic.org/forums/admincp/||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) This Doesnt Work Very Well... |
<font face="Georgia">I installed this mod on my vB 3.6.7 forum yesterday. It significantly slowed my site down to a crawl. On top of that the so called attacks it said occurred since I installed it have been done by Googlebots and Yahoo Slurp bots.
Whatever! If anyone's vB forum has something to fear from Googlebots and Slurp bots then this mod is overly protective in my opinion. Time of Uninstall - 7:49pm</font> |
This is attempt for hacking or only one error on script?
Report: ============================ 1||123108xxxx||90.145.22.71||cx=0085147425190053xx xx%3Astktp-0amaq&cof=FORID%3A9&q=java+script&do=process&showp osts=0&s=&x=0&y=0||http://www.mysite.com/forumdisplay.p...1||Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 ============================ |
Thanks
|
Check with your host to see if you have mod security installed. If yes, this script really shouldn't be needed. You also cannot edit templates without first disabling this.
|
| All times are GMT. The time now is 09:00 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|