vBFirewall v1.0

This is my first mod for vBulletin and I have tried to make it as better as I could.

Click Install If You Use it!!

What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.

I have tested each and every function of this mod before releasing it and have used it myself for 1 month

It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him

This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.


How to install?

1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt (This file will only be created when a attack occour)
3) Your website is now secure from hackers



Thanks

[StarFire]

On my board it blocks some users from managing their subscriptions. Will have a look to the source of the mod to fix this. But maybe someone has already an idea?

sf

[rul3z]

Hi,

is it better than using cback for such attacks ?

Thanks in advance for your efforts.

[inciarco]

Would be Nice to Have an Option to Use a Silent Report But Not Blocking Action and another to have Silent Report and Action to Block the Intrussion.

I Hope the Bugs on this Mod can be Fixed, I think is Important to Identify Agressions and Block Intrusions with this Mod and also to Block IPs with a Mod like "Miserable Users" to Block those Users from even Accessing the Forum.

My Best Regards.

[Biker_GA]

Until this can differentiate a legitimate request from my users and an actual hostile attack, I'm going to have to refrain from installing again. Sorry, not quite ready for prime time.

[inciarco]

Can there be Added an Option to Somehow Specify the Structures of Valid Requests so that the Firewall can Check that List and Not to Block any Valid Request Specified there?

This Way the Problem with the Subscriptions and other Requests can be Solved by Adding that Correct Structure to the List and the Firewall Not to Block it Again.

This Way Also Admins that Identify a Valid Structure that was Blocked by the Firewall by Mistake, can Post the Valid Structure here for other Admins to Use the Valid Code on their Boards.

Is Just an Idea, I Hope is Possible to Apply it.

My Best Regards.

[inciarco]

Idea: I'd be Nice to Add the Date and Time of the Attack on the "logfile_worms.txt" File.

For it Not to Block the Pages but Work on Silent Mode, the Following 2 Lines Should be Commented (Adding the //):

Code:

// echo $ctr_logfile;

Code:

//    die("Access Denied, you have been logged.");

Edit: I Think is Better to Keep at least the First Code Line Disabled, because It Displays Important Data of the Board to the Hacker. (Careful with That).

Code:

// echo $ctr_logfile;

Edit: Also Careful with the Second Line, because it'll Block Google Bots so your Board wont be Properly Indexed. (Many Log Results are from Google Bots "||||Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
").

Code:

//    die("Access Denied, you have been logged.");

My Best Regards.

[inciarco]

Idea: I'd be Nice to be Able to See via Admin Control Panel the content of the File "logfile_worms.txt" File.

Recommendation: Change the Name of the File "logfile_worms.txt" on the following Code of the FireWall Plugin, so that No Sensible Information can be Viewed by Anyone. Careful with this, some AdminCP Addresses are Saved on that File).

Code:

	$file = "./logfile_worms.txt";

Name it Anyway You'd Like, so that Only You Know About It.

Also, in the First Log there's an Error Code that Will Appear at the Top of the Page; make sure your Board is Disabled because on that Error Message appears the Name of the File; also on the second Log and later No Error Message will Appear, (only on the first one).

This Mod is Very Useful, Thank You For Sharing It, I Managed to Locate some IPs that I think were causing Problem and I Blocked Them with Miserable Users Hack with the IP and Setting the Options of that Mod to the Maximum (Completely Blocking those IPs). :up::up::up:

This Mod and the Miserable Users Hack, will make Miserable the Life of Board Hackers.

My Best Regards.

[Notorious Jay]

^ if you wanted to have it integrated into the admin cp I think that it would be more effecient to rewrite the mod to create a new table called worms or something and then just to write a code to display the contents of the file the way you see fit.

[inciarco]

I Noticed Today that the File that Contains the Log Self Delete it's Content, I guess every time it reaches ??? Kb, so there is No way in the Current Stage of the Mod to Save the History of it, and as it Detects some Actios of the Google Bots as Hack Attempts the E-mail Notification Fills the E-mail with Junk.

I guess there's more Work to do in the Plugin to be More Accurate in the Hacking Detection and Not Activities that are Not Harmful to the Board.

My Best Regards.

[Wicked One 612]

Hey, I'm having a problem with vBFirewall.

If it's enabled and I go to Usergroups > Administrator Permissions > View Control Panel Log it gives me this error "1||1235699733||||||||Error Opening Logfile." (Semi-random numbers each time). If I disable vBFirewall this doesn't happen. It happens in other random places too, same error. It also emails me saying that vBFirewall has prevented an attack whenever I view the page.

Any ideas?