vBFirewall v1.0

This is my first mod for vBulletin and I have tried to make it as better as I could.

Click Install If You Use it!!

What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.

I have tested each and every function of this mod before releasing it and have used it myself for 1 month

It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him

This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.


How to install?

1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt (This file will only be created when a attack occour)
3) Your website is now secure from hackers



Thanks

[Leo Brazil]

I'll take a look on this mod for sure. Sounds pretty interesting.

[dtv100]

another error i get is when send activation codes:

ried to send a member the activation codes got this

Quote:

1||1227298680||72.xxxxx.xxx||do=requestemail&email =bigcoltguns%40yahoo.com&url=http%3A%2F%2Fwww.doma in.com%2Fforums%2Fadmincp%2Fuser.php%3Fdo%3Dedit%2 6u%3D8531||http://www.domain.com/forums/admincp...1||Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4Error Opening Logfile.

[Fungsten]

Im getting the subscription error too.

[TheLastSuperman]

Quote:

Originally Posted by Fungsten

Im getting the subscription error too.

did you look above before posting????

Quote:

Originally Posted by MrEyes

Good mod, fantastic idea, however the subscription issue is something of a show stopper. So I decided to look into it.

The reason the "firewall" quick in on the subscription page is that one of the security rules is 'script', and quiet rightly so. However due to the checking method used the firewall kicks in when it sees:

do=viewsubscription

Notice the bold/underlined part

The good news is that this can be resolved, but it is a hack to the mod. The following instructions explain what needs to be done, if you want to implement it then I strongly recommend first testing it on an test server. Hopefully this will help the mod dev makes this mod one of the best available here:

Right, you need to goto:

ACP -> Plugins & Products -> Plugin Manager

Once there look for the entries for "Product : vBFirewall", this should only have one plugin called 'vBFirewall' which uses the 'init_startup' plugin. Click edit

Copy all the text in 'Plugin PHP Code' into notepad.

Now follow these steps:

• Find the line that reads:
  
  
  Code:

  'st=-', 'cat%20', 'include', '_path=');

• On a new line immediately after this paste in:
  
  
  Code:

  $securityexclusions = array(
  	'do=viewsubscription'
  );

• Find the line that reads:
  
  
  Code:

  $cracker = strtolower($cracker);

• On a new line immediately after this paste in:
  
  
  Code:

  $cracker= str_replace($securityexclusions, '', $cracker);

Once done, copy all the edited text in notepad back into the 'Plugin PHP Code' in ACP, then click save

What this is actually doing is creating an extendible security rule exclusion list, so if any other VB queries string invoke the vbFirewall you can add another exclusion.

IMPORTANT : I have only run this on a basic test server I have, do not try this unless you are absolutely comfortable with plugins/php etc.

A here are some suggestions for the next version:

• Rather than add the logs to a flat file on the server store this in the DB and then create an ACP page to view/search/manage logs
• Add option to send a PM or Email or both
• If a specific IP invokes the firewall more than X times in Y seconds/minutes auto place this IP on the vBulletin ban list.
• If a specific IP can be associated to an actual forum user account auto ban that user.

One other teeny weeny little thing, you need to mention that this is based on the GPL licensed code found here : http://www.cback.de/cback_software/standalonect.php

Sorry to be so blunt but up top lol ^

THANKS to Invisiblea and MrEyes

[Fungsten]

Quote:

Originally Posted by TheLastSuperman

did you look above before posting????



Sorry to be so blunt but up top lol ^

THANKS to Invisiblea and MrEyes

I have to check my glasses.

[Hornstar]

This might have great potential. I will tag this for now.

[TheLastSuperman]

Quote:

Originally Posted by Fungsten

I have to check my glasses.

lol... well we all do sometimes that's why I included the a-hole disclaimer notation in there rofl

S-MAN

[7lanet]

i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link

Quote:

1||1227332433||82.114.188.37||url=http%3A%2F%2Fmov ies.yahoo.com%2Fmovie%2F1809824029%2Fdetails||http://www.7lanet.com/vb/t36059.html||Mozilla/5.0 (Windows; U; Windows NT 5.0; ar; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18Error Opening Logfile.

[WarLion]

Quote:

Originally Posted by 7lanet

i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link

wow that why lol that happen to me to

[Fungsten]

Quote:

Originally Posted by 7lanet

i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link

Same here.

1||1227377861||XXX.XXX.XXX.XXX||url=http%3A%2F%2Fn ews.bbc.co.uk%2Fgo%2Frss%2F-%2F2%2Fhi%2Famericas%2F7743842.stm||http://www.blahblah.com/forum/showth...5||Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; WWTClient2)Error Opening Logfile.