|
Zb Block - Stop Spam & 'bots @ Server
I tripped across ZB BLOCK (a GPL V2 PHP Protection Script) this week by accident and have been pretty impressed at what all it does, completely for FREE. Anyway, for those unaware I just wanted to share the information so they could beef-up their own website's security against all the various nasty's out there.
ZB BLOCK Don't let the robots in the door! A GPL V2 PHP Protection Script for your site. This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently reccurring 503 OVERLOAD message with a 24 hour timeout. What ZB Block is Excellent at:
Moderator(s), MOVE this thread to wherever you think it will do the most good for fellow vB Adminstrators. |
In just a couple of days, ZB BLOCK has denied over 1,000 bad-bot behaviors on my website. Below is a sampling of my logs as a result of having it installed...
Code:
#: 14 @: Wed, 24 Nov 2010 00:39:55 -0500 |
I just stumbled across this while looking at the stopforumspam.com website. Yes, it looks interesting.
|
It's a TREMENDOUS add-on for any PHP based application, vBulletin included. :D Since adding it to our forums in NOV, our Bandwidth usage has dropped due to fewer spambots being able to crawl the website any longer.(see log entries in above post)
On some days, unsavory spiders had pushed our BW usage up over 1gB/day, whereas normal (for us) was around 200-300mB/day. We were faced with having to double our costs :eek: (i.e. by going to a larger hosting plan) when ZB BLOCK helped us to curtail a lot of wasted bandwidth 'some' robots were chewing up for no good reason at all. :mad: Visit http://www.spambotsecurity.com/ for more info. :up: Highly Recommended! |
This was worth reading and applying. Installed.
Lets hope this does not block out valid bots though, such as Google or valid members. This basically will prevent anyone not welcome onto your community. |
1 Attachment(s)
Quote:
|
So are you guys adding the 1 line of php code to your vBulletin files or to your major templates? (forumhome, forumdisplay, showthread)? Or is there a better place?
|
Well, per this thread ZB Hook (needed) only global.php? it's only needed in the global.php file from what I gathered.
However since I understand oh-so-little of all this -and- I'm a bit paranoid, I also added the single line of code to my index.php; login.php and register.php files as well.(overkill? probably:o) My train of thought behind doing so was, what if someone access the register.php file directly from off-site? I wasn't sure global.php was called in that instance so I figured, better safe than sorry. I'm sure someone more intelligent than me in how vBulletin's internals actually run could say for sure...but until then. ;) |
Well global.php is definitely called by register.php and login.php, and every .php file basically besides functions (which themselves are called by global to begin with) so I'd imagine just adding to global is enough...
However it might be easy to forget to re-edit global.php on an upgrade so I'm wondering if it isn't better to put this line in a plugin on a hook in global.php instead so you don't need to worry about upgrades... |
sounds pretty awesome.
I knew those china spiders were up to no good.... to be honest, I do not know a lot about spiders, but I do most do not appear useful, and i normally see 5+ trying to register at any given time on my forum...rather then some spiders trying to help your forum/content grow, they would rather hurt you. |
Uninstalled
I ended up getting a 503 error after using this. Odd thing is it only affected me. |
Quote:
Seriously though if/when you do that, post some details so a non-coder could work their way through the same process. :up: |
Quote:
I added the line at the very top of global.php not sure how long it supposed to take for it to work... I still have 20+ spiders online, and google.com and googlebot.com have prevention signs preventing them from doing something, so I am not sure if they were like that before I added the line or not... the hook method sounds like it would be a good idea to implement... --------------- Added [DATE]1292559903[/DATE] at [TIME]1292559903[/TIME] --------------- I guess it is working..nice... #: 1 @: Thu, 16 Dec 2010 21:55:46 -0600 Host: 211.43.152.16 IP: 211.43.152.16 Score: 1 Why blocked: Korean Suspicious. Query: f=0 Referer: User Agent: Mozilla/5.0 Firefox/3.0.5 Reconstructed URL: http:// bizwebforum.com /forumdisplay.php?f=0 #: 2 @: Thu, 16 Dec 2010 21:56:17 -0600 Host: ec2-75-101-167-57.compute-1.amazonaws.com IP: 75.101.167.57 Score: 1 Why blocked: Amazon Web Services. Not an ISP. Used by hackers, Keyword spamming SEO bots, and other unsavories. Checked for bypass. Query: Referer: User Agent: Mozilla/5.0 (compatible; Firefox Addon; Windows XP 5.1) Reconstructed URL: http:// www.bizwebforum.com /forum.php Damn Korean hackers.... Another fine tool to help fight auto hackers and spammers. |
Quote:
If your page starts with HTML like...--------------- Added [DATE]1292560586[/DATE] at [TIME]1292560586[/TIME] --------------- Quote:
So understand if you try the ?test=xtestx syntax with your browser more than 3 times, to see how it's working -and- you have not set a master password (see p3-2 of the manual), then yes you will get blocked. Setting the master password allows you to automatically record your own IP Address into the whitelisting so you can experiment all you want w/o getting locked out. |
oh yea about that password...I did enter that password url, along with password,
and all i got was a blank page...is anything supposed to happen? and am I supposed to block off the zd directory with the htaccess file? |
Yes, it takes awhile (like 20 secs or so), but then you should see a message reading:
"IP added to whitelist DB" And yes, the INSTALL & VAULT directories should have their own .htaccess files. Mine were added upon installation, automatically. |
Quote:
concerning the password - all i got was a blank page... still not so sure what the password is used for. --------------- Added [DATE]1292569550[/DATE] at [TIME]1292569550[/TIME] --------------- how do I add IP'S to Whitelist? |
Quote:
Quote:
|
@ adwade
1) Entered the code correctly 2) Site was working fine for me for 1 1/2 days, then gave me the 503 error (after 1 1/2 days) 3) did not provide a password, as I thought if it can block me .... It can block innocent members of my community. 4) Ran the test 1x and only 1x.... 1 1/2 days before. I like the idea behind it. But this is not for me. Maybe in the future. |
I played with this today, first off I think it's better to put the 1 line of code into your config.php file, not global.php.
But I had some issues... first all AOL proxy users are blocked by default- this is not something I can live with... I found out how to unblock them in the ZBBlock forums though. It ran well for an hour blocking about 20 requests but when I looked at the log I wasn't happy... For some reason a number of Amazon.com product URL's were being blocked and since I have an affiliate program this didn't look good... Also bad it was blocking some pages that referred to me because of "spam" words in the referral link... in my case the word was "boob" because the referring page title was something along the lines of "Sarah Palin Boob Job?" - so I lost that visitor, he (or she) was blocked by this. Finally, and what caused me to remove it for now, using this totally kills Tapatalk access to your forum... I read a lot about what this author did and it is commendable he worked hard on this but personally I think his default settings are MUCH too strict for prime time use. I'm sure with enough customizing these issues can be overcome but it will be a while before I dedicate time to researching this. If you're not losing the spam war I suggest you be very wary of installing this, it looks like you will lose legit visitors under the default settings. --------------- Added [DATE]1292615449[/DATE] at [TIME]1292615449[/TIME] --------------- I decided to try again but instead of putting it on config.php or global.php which would block Tapatalk I'm using it on register.php, login.php, and a few other select pages. This should still stop bots from registering or logging in but allow the rest of the forum to function. I know this doesn't give me all the security as running it on every script but it seems like a decent compromise for now. |
I guess I will uninstall just because of doubt...I see a sites denied because
of hackers/content scrapers, etc, but I do not know who else this script could be killing access too...legit surfers.... Feel free to keep updating the script...has very good potential. I have also notice while my site is "suppose" to be under the scripts protection, I also noticed 5 spiders attempting to register for accounts... so it is indeed not 100% I am not worried about accidently locking out legit surfers.... |
So I just installed this to my vb site and was wondering if I did it correctly.
After the setup ran and finished it spit out a line of code that I added to the very top of my global.php file. Is that all that I needed to do? What files can be deleted from the zdblock folder to make it secure on my server? |
Sounds like you've got it figured out. Did you run the TEST script, just to check?(i.e. ?test=xtestx) Make sure you set a password, as described on p3-2 of the manual so you can instantly unlock your IP Address if/when needed. If so, you should be good to go. Nothing to delete, as .htaccess files protect the critical files automatically.
Also note, there are several versions of signatures available at http://www.spambotsecurity.com/zbblock_download.php If you think you're blocking too much just use the UNBLOCKED signature set instead, for the minimum protection until you get things figured out like you want them. Personally I'm running signature set #68 with a few custom signature allowances (i.e. allow all AOL, etc) and it's working perfectly for me. |
Quote:
|
I'm using this. Since installing it has literally cut my server load by 95%!
But I'm occasionally getting people saying they can't access my site. |
Watch your LOGS and you can sort of see who is being blocked and why. I've had 3 or 4 issues, each easily solved. Whenever you have someone blocked: Delete the IPDDB.CSV & IPPBDB.CSV files, as they will automatically rebuild themselves. Also, READ your logs to see what's unusual/different.
One issue was AOL users since they are so heavily proxied, and I had to add an exclusion statement for them to my customsig.inc file.(see my post entitled "Blocked Registration Attempt?" in the ZB Bug Reports Forum on SpambotSecurity.com) Another was, I use vBAdvanced's Link Directory Product and I had to add an custom statement for it since it's a product that is external to vBulletin.(see the thread entitled Beta Updates 67 in the Signature Updates Forum on SpambotSecurity.com) If you'll search for my posts on the SpambotSecurity forum, you can follow my progress and learning curve through figuring out the little tweaks I've done to ZB BLOCK to perfect using it it with vBulletin so far. Overall though, I am SUPER pleased with ZB BLOCK and would NOT consider running a forum w/o it, now that I've seen what it's capable of fending off.(i.e. Harvesters, Infected Browsers, Robot Probes, etc) Our monthly BandWidth usage has decreased roughly 75%, meanwhile legitimate users are still free to peruse the site at will.:D |
Interesting. Noting to check into later.
|
interesting..
|
After months of using this I had to uninstall it because it blocked my own IP and the IP of some of my important members.
|
Hi BOP5,
Zb block looks pretty interesting Just wondering if you have any updates (opinion wise) on running this Thanks Quote:
|
I just installed this yesterday on my site and love it so far.
I have it installed in my global.php file as well as the separate archives/global.php file. I installed this specifically because my vbulletin install was apparently being exploited by a Joomla attack? I don't understand how it was working since I don't have Joomla installed on the server, but it appeared to work through archive/index.php. Anyway -- very powerful script and works great. A little common sense goes a long ways -- seeing the people say how their own IP got blocked shows that reading the manual is too hard for some folks. *facepalm* |
We used to use that and it worked well, but it was occasionally banning the ip of people who used search because something in the url was triggering it. It probably could have been fixed easily but I never had the time to look at it so we eventually removed it. That was a few years ago so that problem may have been fixed.
Edit: oops, I missed that we're on page 3 of this thread. Maybe it's been discussed already. |
Quote:
|
No, I never ended up using it, wasn't useful to my sites.
|
This works well https://vborg.vbsupport.ru/showthread.php?t=268208 without the issues of this script
|
| All times are GMT. The time now is 03:28 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|