Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
vBFirewall v1.0 Details »»
vBFirewall v1.0
Version: 1.00, by invisiblea invisiblea is offline
Developer Last Online: Dec 2008 Show Printable Version Email this Page

Version: 3.8.0 Beta 2 Rating:
Released: 11-19-2008 Last Update: Never Installs: 682
Uses Plugins Auto-Templates
Is in Beta Stage  
No support by the author.

This is my first mod for vBulletin and I have tried to make it as better as I could.



What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.

I have tested each and every function of this mod before releasing it and have used it myself for 1 month

It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him

This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.


How to install?

1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt (This file will only be created when a attack occour)
3) Your website is now secure from hackers



Thanks

Download Now

File Type: zip vBFirewall.zip (3.6 KB, 3545 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Благодарность от:
Naijasite

Comments
  #52  
Old 11-22-2008, 08:32 PM
MrEyes MrEyes is offline
 
Join Date: Nov 2004
Posts: 380
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by 7lanet View Post
i try used this with Version 3.7
but hake vbAnonymizer

And also used vbAnonymizer
But at the entry of any link
Quote:
Originally Posted by Fungsten View Post
Same here.
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:

Code:
$securityexclusions = array(
	'do=viewsubscription',
	'=http'
);
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked. For example the ability to set an exclusion at a page level. So you could exclude viewsubscription for misc.php but not payments.php, and http for redirector.php (vbAnonymizer mod)

Quote:
Originally Posted by dtv100 View Post
another error i get is when send activation codes:

ried to send a member the activation codes got this
This could probably also be fixed by exclusions
Reply With Quote
  #53  
Old 11-23-2008, 12:03 AM
dtv100 dtv100 is offline
 
Join Date: Apr 2007
Location: in the south of the north
Posts: 307
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MrEyes View Post
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:

Code:
$securityexclusions = array(
	'do=viewsubscription',
	'=http'
);
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked.
any way to make it that user group 6 is ignore by firewall ?
Reply With Quote
  #54  
Old 11-23-2008, 10:21 AM
MrEyes MrEyes is offline
 
Join Date: Nov 2004
Posts: 380
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dtv100 View Post
any way to make it that user group 6 is ignore by firewall ?
Yes, but I think I have gone to far already with the mod hacks and I don't want to be accused of show stealing, so I will leave that as a suggestion for the mod author.

However if the author doesn't want to or isn't able to make these changes I am more than happy to take this mod on, it is a great idea and it would be a real shame to see it die.
Reply With Quote
  #55  
Old 11-23-2008, 02:48 PM
invisiblea invisiblea is offline
 
Join Date: Feb 2008
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am working on the new version, Just give me a day or 2 more
I will update you guys once I am done with the new version
Reply With Quote
  #56  
Old 11-24-2008, 10:24 AM
invisiblea invisiblea is offline
 
Join Date: Feb 2008
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Excluding =http will make this mod useless :P

Quote:
Originally Posted by MrEyes View Post
If you have applied the fix I mentioned earlier you can fix this by using the following exclusions:

Code:
$securityexclusions = array(
	'do=viewsubscription',
	'=http'
);
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.

There are better solutions, but this would need the entire mod to be reworked. For example the ability to set an exclusion at a page level. So you could exclude viewsubscription for misc.php but not payments.php, and http for redirector.php (vbAnonymizer mod)



This could probably also be fixed by exclusions
Reply With Quote
  #57  
Old 11-24-2008, 02:16 PM
7lanet's Avatar
7lanet 7lanet is offline
 
Join Date: Aug 2007
Location: YeMeN
Posts: 196
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

how uesd this
Quote:
$securityexclusions = array(
'do=viewsubscription',
'=http'
);
Reply With Quote
  #58  
Old 11-24-2008, 04:39 PM
DangerousDale DangerousDale is offline
 
Join Date: Apr 2008
Posts: 30
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi thanks for this hack, love it.

I have found one issue where I try to create a new page in vba cmps the "[PHP File Page]" process gets blocked and I am unable to create a php page. Just had to turn it off to get through
Reply With Quote
  #59  
Old 11-24-2008, 07:05 PM
pein87's Avatar
pein87 pein87 is offline
 
Join Date: Sep 2008
Posts: 352
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Question I have thisinstalled on my test server at home and I wasnt able to change the cookie settinsg to my forum it shows access denied you`ve been logged! and whne I check the txt file it shows a log of me trying to access the cookies part of vbotions.
Reply With Quote
  #60  
Old 11-24-2008, 07:08 PM
FiMeTi FiMeTi is offline
 
Join Date: May 2008
Location: Germany
Posts: 157
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

nominated! Waiting for next (stabil) version and a paypal link 4 donation.
thx!
Reply With Quote
  #61  
Old 11-24-2008, 11:57 PM
rob01 rob01 is offline
 
Join Date: Sep 2008
Location: Mexico
Posts: 410
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

is a nice mod, but i will wait for new updates.. since i get erros when i use vbanonymiser and "Search in Templates"
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:08 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04980 seconds
  • Memory Usage 2,334KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_code
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (1)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete