What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.
I have tested each and every function of this mod before releasing it and have used it myself for 1 month
It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him
This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.
How to install?
1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt (This file will only be created when a attack occour)
3) Your website is now secure from hackers
The problem I see with this plugin is it does NOT differentiate between valid requests from the membership and real attempts to hijack the board. It reminds me a little bit of the early versions of Zone Alarm that popped an "Oh My Lord" message every time a packet hit the PC. The uninformed would then panic and scream bloody blue murder that someone was trying to attack their PC, when in fact, all it that happened was a query packet was received from the DNS.
Until this plugin can tell what's valid and what isn't, people should not put much faith in what it reports as an attack.
The problem I see with this plugin is it does NOT differentiate between valid requests from the membership and real attempts to hijack the board. It reminds me a little bit of the early versions of Zone Alarm that popped an "Oh My Lord" message every time a packet hit the PC. The uninformed would then panic and scream bloody blue murder that someone was trying to attack their PC, when in fact, all it that happened was a query packet was received from the DNS.
Until this plugin can tell what's valid and what isn't, people should not put much faith in what it reports as an attack.
Hey m8, yes i am sure, so i am happy for this hack.
Good mod, fantastic idea, however the subscription issue is something of a show stopper. So I decided to look into it.
The reason the "firewall" kicks in on the subscription page is that one of the security rules is 'script', and quiet rightly so. However due to the checking method used, the firewall kicks in when it sees:
do=viewsubscription
Notice the bold/underlined part
The good news is that this can be resolved, but it is a hack to the mod. The following instructions explain what needs to be done, if you want to implement it then I strongly recommend first testing it on an test server. Hopefully this will help the mod dev makes this mod one of the best available here:
Right, you need to goto:
ACP -> Plugins & Products -> Plugin Manager
Once there look for the entries for "Product : vBFirewall", this should only have one plugin called 'vBFirewall' which uses the 'init_startup' plugin. Click edit
Copy all the text in 'Plugin PHP Code' into notepad.
Once done, copy all the edited text in notepad back into the 'Plugin PHP Code' in ACP, then click save
What this is actually doing is creating an extendible security rule exclusion list, so if any other VB queries string invoke the vbFirewall you can add another exclusion.
IMPORTANT : I have only run this on a basic test server I have, do not try this unless you are absolutely comfortable with plugins/php etc.
A here are some suggestions for the next version:
Rather than add the logs to a flat file on the server store this in the DB and then create an ACP page to view/search/manage logs
Add option to send a PM or Email or both
If a specific IP invokes the firewall more than X times in Y seconds/minutes auto place this IP on the vBulletin ban list.
If a specific IP can be associated to an actual forum user account auto ban that user.
EDIT: Later in this thread I have posted an additional fix for vbAnonymizer users
Thank you for that work around. Here's the list of everything in my array that got the subscription/unsubscribe features to work properly. It took all of them for it work properly: