Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
vBFirewall v1.0 Details »»
vBFirewall v1.0
Version: 1.00, by invisiblea invisiblea is offline
Developer Last Online: Dec 2008 Show Printable Version Email this Page

Version: 3.8.0 Beta 2 Rating:
Released: 11-19-2008 Last Update: Never Installs: 682
Uses Plugins Auto-Templates
Is in Beta Stage  
No support by the author.

This is my first mod for vBulletin and I have tried to make it as better as I could.



What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.

I have tested each and every function of this mod before releasing it and have used it myself for 1 month

It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him

This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.


How to install?

1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt (This file will only be created when a attack occour)
3) Your website is now secure from hackers



Thanks

Download Now

File Type: zip vBFirewall.zip (3.6 KB, 3545 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Благодарность от:
Naijasite

Comments
  #82  
Old 11-29-2008, 10:44 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks.
Reply With Quote
  #83  
Old 11-30-2008, 09:57 AM
MrEyes MrEyes is offline
 
Join Date: Nov 2004
Posts: 380
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
1||1227923147||74.6.8.105||id=2&forumid=44&script= showthread||||Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Quote:
Originally Posted by invisiblea View Post
I tested this plugin on a very active forum for 1 month didnt made any problem, I would like to check this out for you..On it
If the mod is the same as it was before the reason this trigger occurs is this part of the query string:

Quote:
script=showthread
"script" is one of the trigger words as this can be used to pass javascript on a querystring. So this causes the "firewall" to block and create the email.
Reply With Quote
  #84  
Old 11-30-2008, 07:30 PM
Celtkin Celtkin is offline
 
Join Date: Dec 2005
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am getting false positives as well

Quote:
Report:
============================

1||1228080110||70.117.163.62||do=viewsubscription& folderid=all||http://forums.thephins.com/usercp.php||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Reply With Quote
  #85  
Old 12-03-2008, 08:52 PM
DangerousDale DangerousDale is offline
 
Join Date: Apr 2008
Posts: 30
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have had very little issue with this firewall so far, I may have to turn it off while in admin CP to access one or 2 things but nothing that has caused any issue.

Today I was looking at my logs and the firewall has blocked some very real attacks on my site from bots:

Quote:
Report:
============================

1||1227884548||85.25.148.136||mod=http://www.mykr.net/bbs/id.txt?||||libwww-perl/5.805

============================
Info on this bot can be found here.

Thanks again for the firewall keep up the good work
Reply With Quote
  #86  
Old 12-06-2008, 01:26 AM
Orakk's Avatar
Orakk Orakk is offline
 
Join Date: Nov 2007
Location: SouthOZ
Posts: 51
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DangerousDale View Post
I have had very little issue with this firewall so far, I may have to turn it off while in admin CP to access one or 2 things but nothing that has caused any issue.
I have it running without issues on 374pl1. What are those things you refere to need the firewall disabled?

Cheers.

Edit: I was mistaken, thread subscription fails, interpetted as a hack attempt.

Quote:
Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
SeriousCrunchers.Net

Report:
============================

||do=addsubscription&t=261||
Reply With Quote
  #87  
Old 12-08-2008, 05:24 AM
Computer_Angel Computer_Angel is offline
 
Join Date: Aug 2004
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This addon just base on the keywords list which define in the plugin, so it may lead to wrong detection too. Just look in the code you will the all the list, such as:
Quote:
"c99shell.php', 'shell.php', 'cmd.php','r57.php?phpinfo', 'r57.php?phpini', 'r57.php?cpu', 'r57.php?'
So if you have your php code file name as these above list then you could not run . Any if a hacker read this, they 'll modified their backdoor to another filename such as "a.php" then this script is .. useless.
Reply With Quote
  #88  
Old 12-08-2008, 05:47 PM
4x4 Mecca 4x4 Mecca is offline
 
Join Date: Feb 2007
Posts: 396
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm on 3.7 but got two of these emails:
Code:
Hello!

Hack Attempt has been successfully prevented for your vBulletin forums at:
4x4 Mecca

Report:
============================

1||1228765395||83.233.30.77||flipped=http%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnys-ogs--restoration-nys-ogs+nys+ogs%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnys-senate---senate-majority-leader---senate-reports-nys-senate+nys+senate%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnysdoc-correctional-facilities-nysdoc+nysdoc%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnyship----health-insurance-nyship+nyship%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnyy-yankee-stadium-steiner-sports-nyy+nyy%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fnz-lotto-results--auckland--nz-lotto-results-nz-nz-lotto-results+nz+lotto+results%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fo-riley-auto-parts-after-market-auto-parts-o-riley-auto-parts+o+riley+auto+parts%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Fo2-arena-london-ny-daily-news-o2-arena-london+o2+arena+london%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foahu-attractions--oahu-attractions-map--tours-oahu-attractions+oahu+attractions%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foahu-car-rentals-car-rental-discounts-oahu-car-rentals-hertz-oahu-car-rentals+oahu+car+rentals%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foahu-tours-arizona-memorial-waikiki-oahu-tours+oahu+tours%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-bonsai-price-comparison-blue-oak-bonsai-oak-bonsai+oak+bonsai%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-dining-table-square-oak-dining-table-dining-furniture-oak-dining-table+oak+dining+table%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-ice-box--early-american--oak-ice-box-coffee-table-oak-ice-box+oak+ice+box%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-island-treasure-dug-oak-island-treasure+oak+island+treasure%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-ridger-oak-ridger-news-world-press-oak-ridger+oak+ridger%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-tables-traditional-styles-oak-tables+oak+tables%0D%0Ahttp%3A%2F%2Fsites.google.com%2Fsite%2Forileyautopartsrludohn%2Foak-veneer---oak-veneered-mdf---white-oak-oak-veneer+oak+veneer%0D%0A||http://www.4x4mecca.com/forum/misc.php?do=bbcode||Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Reply With Quote
  #89  
Old 12-08-2008, 11:42 PM
mac-warez mac-warez is offline
 
Join Date: Oct 2008
Posts: 133
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

my logfile reads this

1||1228766931||||||||
1||1228767166||||||||

what does that mean?
Reply With Quote
  #90  
Old 12-09-2008, 12:26 PM
Madlike's Avatar
Madlike Madlike is offline
 
Join Date: Jan 2008
Posts: 183
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by mac-warez View Post
my logfile reads this

1||1228766931||||||||
1||1228767166||||||||

what does that mean?
Maybe IP Adresses
Reply With Quote
  #91  
Old 12-09-2008, 12:32 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Madlike View Post
Maybe IP Adresses
Not likely... it's 10 digits, not 9.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06906 seconds
  • Memory Usage 2,346KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (1)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete