What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.
I have tested each and every function of this mod before releasing it and have used it myself for 1 month
It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him
This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.
How to install?
1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt (This file will only be created when a attack occour)
3) Your website is now secure from hackers
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.
There are better solutions, but this would need the entire mod to be reworked. For example the ability to set an exclusion at a page level. So you could exclude viewsubscription for misc.php but not payments.php, and http for redirector.php (vbAnonymizer mod)
Quote:
Originally Posted by dtv100
another error i get is when send activation codes:
ried to send a member the activation codes got this
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.
There are better solutions, but this would need the entire mod to be reworked.
any way to make it that user group 6 is ignore by firewall ?
any way to make it that user group 6 is ignore by firewall ?
Yes, but I think I have gone to far already with the mod hacks and I don't want to be accused of show stealing, so I will leave that as a suggestion for the mod author.
However if the author doesn't want to or isn't able to make these changes I am more than happy to take this mod on, it is a great idea and it would be a real shame to see it die.
However this mean that you have switched off one of the actual checks and people will be able to pass urls as querystrings. This being said there are alot of mods out there that use this sort of thing and not many hacks that can abuse it. Your call.
There are better solutions, but this would need the entire mod to be reworked. For example the ability to set an exclusion at a page level. So you could exclude viewsubscription for misc.php but not payments.php, and http for redirector.php (vbAnonymizer mod)
I have found one issue where I try to create a new page in vba cmps the "[PHP File Page]" process gets blocked and I am unable to create a php page. Just had to turn it off to get through
Question I have thisinstalled on my test server at home and I wasnt able to change the cookie settinsg to my forum it shows access denied you`ve been logged! and whne I check the txt file it shows a log of me trying to access the cookies part of vbotions.