vb.org Archive
Page 4 of 27 « First 23 4 5614 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   vBFirewall v1.0 (https://vborg.vbsupport.ru/showthread.php?t=196791)

codershark 11-21-2008 08:48 AM
I have also the mistake with the subscriptions... please correct it ! :(

Mark as installed :)

codershark 11-21-2008 09:09 AM
I also get an Error when I will open a Thread which I had looking for...

Sorry but I deinstall it ! unuseable !

invisiblea 11-21-2008 01:36 PM
In the next release these problems will be solved. :)

Davidsm 11-21-2008 01:43 PM
Thanks I will install on my test forum

esperone 11-21-2008 02:03 PM
looks good. nominated

ultimatearco 11-21-2008 02:03 PM
Ownage! Thanks mate
This deserves a Exelent rating and a MOTM Nomination :)

I'm so scared of being hacked

DragonMasterNYC 11-21-2008 03:29 PM
Wow this is a great mod for vBulletin my defense manager will be very please with this addition. Will begin testing immediately with my defense manager.

Thanks and nominated for MOTM

GlamRockTalk 11-21-2008 03:49 PM
Quote:
Originally Posted by invisiblea (Post 1670042)
In the next release these problems will be solved. :)
Any ETA on the next release invisiblea?

MrEyes 11-21-2008 04:13 PM
Good mod, fantastic idea, however the subscription issue is something of a show stopper. So I decided to look into it.

The reason the "firewall" kicks in on the subscription page is that one of the security rules is 'script', and quiet rightly so. However due to the checking method used, the firewall kicks in when it sees:

do=viewsubscription

Notice the bold/underlined part

The good news is that this can be resolved, but it is a hack to the mod. The following instructions explain what needs to be done, if you want to implement it then I strongly recommend first testing it on an test server. Hopefully this will help the mod dev makes this mod one of the best available here:

Right, you need to goto:

ACP -> Plugins & Products -> Plugin Manager

Once there look for the entries for "Product : vBFirewall", this should only have one plugin called 'vBFirewall' which uses the 'init_startup' plugin. Click edit

Copy all the text in 'Plugin PHP Code' into notepad.

Now follow these steps:
  • Find the line that reads:

    Code:
    'st=-', 'cat%20', 'include', '_path=');
  • On a new line immediately after this paste in:

    Code:
    $securityexclusions = array(
            'do=viewsubscription'
    );
  • Find the line that reads:

    Code:
    $cracker = strtolower($cracker);
  • On a new line immediately after this paste in:

    Code:
    $cracker= str_replace($securityexclusions, '', $cracker);

Once done, copy all the edited text in notepad back into the 'Plugin PHP Code' in ACP, then click save

What this is actually doing is creating an extendible security rule exclusion list, so if any other VB queries string invoke the vbFirewall you can add another exclusion.

IMPORTANT : I have only run this on a basic test server I have, do not try this unless you are absolutely comfortable with plugins/php etc.

A here are some suggestions for the next version:
  • Rather than add the logs to a flat file on the server store this in the DB and then create an ACP page to view/search/manage logs
  • Add option to send a PM or Email or both
  • If a specific IP invokes the firewall more than X times in Y seconds/minutes auto place this IP on the vBulletin ban list.
  • If a specific IP can be associated to an actual forum user account auto ban that user.

One other teeny weeny little thing, you need to mention that this is based on the GPL licensed code found here : http://www.cback.de/cback_software/standalonect.php ;)

EDIT: Later in this thread I have posted an additional fix for vbAnonymizer users

DragonMasterNYC 11-21-2008 05:15 PM
Those suggestions are great especially the auto ban and the view in the admin panel. Hope he adds them and checks those exceptions out.


All times are GMT. The time now is 12:49 PM.
Page 4 of 27 « First 23 4 5614 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01273 seconds
  • Memory Usage 1,741KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete