vb.org Archive
Page 9 of 27 « First 78 9 101119 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   vBFirewall v1.0 (https://vborg.vbsupport.ru/showthread.php?t=196791)

djbaxter 11-29-2008 10:44 PM
Thanks. :)

MrEyes 11-30-2008 09:57 AM
Quote:
1||1227923147||74.6.8.105||id=2&forumid=44&script= showthread||||Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Quote:
Originally Posted by invisiblea (Post 1675251)
I tested this plugin on a very active forum for 1 month didnt made any problem, I would like to check this out for you..On it
If the mod is the same as it was before the reason this trigger occurs is this part of the query string:

Quote:
script=showthread
"script" is one of the trigger words as this can be used to pass javascript on a querystring. So this causes the "firewall" to block and create the email.

Celtkin 11-30-2008 07:30 PM
I am getting false positives as well

Quote:
Report:
============================

1||1228080110||70.117.163.62||do=viewsubscription& folderid=all||http://forums.thephins.com/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

DangerousDale 12-03-2008 08:52 PM
I have had very little issue with this firewall so far, I may have to turn it off while in admin CP to access one or 2 things but nothing that has caused any issue.

Today I was looking at my logs and the firewall has blocked some very real attacks on my site from bots:

Quote:
Report:
============================

1||1227884548||85.25.148.136||mod=http://www.mykr.net/bbs/id.txt?||||libwww-perl/5.805

============================
Info on this bot can be found here.

Thanks again for the firewall keep up the good work ;)

Orakk 12-06-2008 01:26 AM
Quote:
Originally Posted by DangerousDale (Post 1678037)
I have had very little issue with this firewall so far, I may have to turn it off while in admin CP to access one or 2 things but nothing that has caused any issue.
I have it running without issues on 374pl1. What are those things you refere to need the firewall disabled?

Cheers. :)

Edit: I was mistaken, thread subscription fails, interpetted as a hack attempt.

Quote:
Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
SeriousCrunchers.Net

Report:
============================

||do=addsubscription&t=261||

Computer_Angel 12-08-2008 05:24 AM
This addon just base on the keywords list which define in the plugin, so it may lead to wrong detection too. Just look in the code you will the all the list, such as:
Quote:
"c99shell.php', 'shell.php', 'cmd.php','r57.php?phpinfo', 'r57.php?phpini', 'r57.php?cpu', 'r57.php?'
So if you have your php code file name as these above list then you could not run :D . Any if a hacker read this, they 'll modified their backdoor to another filename such as "a.php" then this script is .. useless.

4x4 Mecca 12-08-2008 05:47 PM
I'm on 3.7 but got two of these emails:
Code:
Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
4x4 Mecca

Report:
============================

1||1228765395||83.233.30.77||flipped=http%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnys-ogs--restoration-nys-ogs+nys+ogs%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnys-senate---senate-majority-leader---senate-reports-nys-senate+nys+senate%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnysdoc-correctional-facilities-nysdoc+nysdoc%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnyship----health-insurance-nyship+nyship%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnyy-yankee-stadium-steiner-sports-nyy+nyy%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnz-lotto-results--auckland--nz-lotto-results-nz-nz-lotto-results+nz+lotto+results%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fo-riley-auto-parts-after-market-auto-parts-o-riley-auto-parts+o+riley+auto+parts%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fo2-arena-london-ny-daily-news-o2-arena-london+o2+arena+london%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foahu-attractions--oahu-attractions-map--tours-oahu-attractions+oahu+attractions%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foahu-car-rentals-car-rental-discounts-oahu-car-rentals-hertz-oahu-car-rentals+oahu+car+rentals%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foahu-tours-arizona-memorial-waikiki-oahu-tours+oahu+tours%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-bonsai-price-comparison-blue-oak-bonsai-oak-bonsai+oak+bonsai%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-dining-table-square-oak-dining-table-dining-furniture-oak-dining-table+oak+dining+table%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-ice-box--early-american--oak-ice-box-coffee-table-oak-ice-box+oak+ice+box%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-island-treasure-dug-oak-island-treasure+oak+island+treasure%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-ridger-oak-ridger-news-world-press-oak-ridger+oak+ridger%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-tables-traditional-styles-oak-tables+oak+tables%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-veneer---oak-veneered-mdf---white-oak-oak-veneer+oak+veneer%0D%0A||http://www.4x4mecca.com/forum/misc.php?do=bbcode||Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

mac-warez 12-08-2008 11:42 PM
my logfile reads this

1||1228766931||||||||
1||1228767166||||||||

what does that mean?

Madlike 12-09-2008 12:26 PM
Quote:
Originally Posted by mac-warez (Post 1681312)
my logfile reads this

1||1228766931||||||||
1||1228767166||||||||

what does that mean?
Maybe IP Adresses :rolleyes:

djbaxter 12-09-2008 12:32 PM
Quote:
Originally Posted by Madlike (Post 1681617)
Maybe IP Adresses :rolleyes:
Not likely... it's 10 digits, not 9.


All times are GMT. The time now is 10:51 PM.
Page 9 of 27 « First 78 9 101119 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01194 seconds
  • Memory Usage 1,751KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (10)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete