News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Forum Firewall

Started by butchs, January 15, 2011, 11:00:37 AM

Previous topic - Next topic

Alex' Manson

added it, will see how ti goes.

digit

Hi again Butchs,

Well, I have the firewall installed ...  but I see one entry in the log with the IP listed as "Keep-Alive"...  that was banned for a DOS attack.

However, that ban has no triggers...  so it seems pretty useless!

I would hate to have a lot of useless bans to delete!

What can be done about that.

Thanks again,
digit
Happily using a heavily modified 1.1.16 version of SMF!

2748011 Posts in 320998 Topics by 50986 Members


SOLD my website - thanks it was a good run - they converted to vbadvanced. (and screwed it up good!)

butchs

About all you can do is turn ban to never and let it block for the cache duration. 
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

digit

#503
Thanks...   in reference to DOS attacks...   what happens if a post has 20 images?

Will all those requests be considered as one?
Happily using a heavily modified 1.1.16 version of SMF!

2748011 Posts in 320998 Topics by 50986 Members


SOLD my website - thanks it was a good run - they converted to vbadvanced. (and screwed it up good!)

Ilkharnos

Hello,

My site was attacked and it became useless. Thank god I had made a backup so I managed to restore it. For a better protection, I started to use this mod. I'm not good at security and coding business, so I checked the tick boxes of some options (safe ones, which I don't completely understand what they do) and enabled the mod. Then I got this:

SECURITY RISK: MAGIC_QUOTES ARE ON!

Can you tell me how I can use this mod effectively and how to overcome this problem?

Thank you for your assistance.

Regards.

Tony Reid

Ask your host to disable it... alternatively stick this line in .htaccess

php_flag magic_quotes_gpc Off

Tony Reid

butchs

Quote from: digit on July 28, 2011, 05:53:33 AM
Thanks...   in reference to DOS attacks...   what happens if a post has 20 images?

Will all those requests be considered as one?

20 images?  Why so many in one post?  Not sure...  Maybe if your dos setting is too low.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

digit

Quote from: butchs on July 28, 2011, 06:12:16 PM
Quote from: digit on July 28, 2011, 05:53:33 AM
Thanks...   in reference to DOS attacks...   what happens if a post has 20 images?

Will all those requests be considered as one?

20 images?  Why so many in one post?  Not sure...  Maybe if your dos setting is too low.

Well, every site is different - I was just wondering if images embedded within posts are counted as hits... could be an issue....   possibly for me...    I think I have a limit of 10 images per post - of which - maybe 1% of my posts contain that many - just hate to be banning people for browsing.



Happily using a heavily modified 1.1.16 version of SMF!

2748011 Posts in 320998 Topics by 50986 Members


SOLD my website - thanks it was a good run - they converted to vbadvanced. (and screwed it up good!)

butchs

Not sure but you can test by logging in as a regular member and posting 10 images.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.


Alex' Manson

Quote from: bruce86 on July 30, 2011, 08:40:21 PM
Help me!!
http://www.passiongames.it/forum/index.php
:'(

the bypass settings were messed up, i was blocked too for bypass attempt ! 403.

butchs

#511
BYPASS PROTECTION HELP

If you made an error read this post to correct access.

There are three settings to adjust.

  • Admin IP Low
  • Admin IP High
  • Admin Domain Name
The modification will install some default setting but they will need to be adjusted before enabling.  We will set up an example address.  The ip address will be ""67.195.112.83".

First you will want to do a whois on the address.

QuoteNetwork
NetRange   67.195.0.0 - 67.195.255.255
CIDR   67.195.0.0/16
Name   A-YAHOO-US8
Handle   NET-67-195-0-0-1
Parent   NET67 (NET-67-0-0-0-0)
Net Type   Direct Allocation
Origin AS   
Nameservers   NS2.YAHOO.COM
NS1.YAHOO.COM
NS5.YAHOO.COM
NS4.YAHOO.COM
NS3.YAHOO.COM

The IP low and High is the beginning and end of the netrange where your ip can be located.

Here I choose:
Admin IP Low can be  "67.195.0.4"
Admin IP High can be "67.195.255.254"

Why did the "Admin IP Low" start at x.x.x.4?

  • x.x.x.0   Is the automatically assigned network address.
  • x.x.x.1   Used as the gateway address.
  • x.x.x.2   Used for addresses within the gateway.
  • x.x.x.3   Addresses beyond 3 are used for users.
Admin IP High end at x.x.x.254?

  • x.x.x.255   The broadcast address.
You should narrow it down further the only be the range of ip addresses you will access the forum.  If you have a fixed ip address then both low and high are the same.

If you check your DNS record for the same ip you will get:
QuoteRetrieving DNS records for b3091163.crawl.yahoo.net...
DNS servers
ns3.yahoo.com
ns4.yahoo.com
ns1.yahoo.com
ns5.yahoo.com
ns2.yahoo.com

Answer records
b3091163.crawl.yahoo.net      A   67.195.112.83   7200s

Authority records
crawl.yahoo.net      NS   ns3.yahoo.com   172800s
crawl.yahoo.net      NS   ns5.yahoo.com   172800s
crawl.yahoo.net      NS   ns2.yahoo.com   172800s
crawl.yahoo.net      NS   ns4.yahoo.com   172800s
crawl.yahoo.net      NS   ns1.yahoo.com   172800s

The "Admin Domain Name" is a shortened version of the "A or Answer record".

You want to take part of the right end of this record.  The part that does not change.  Usually after a dash or before a weird number.  Too much and/or too little can be an problem.  In this example I would use "crawl.yahoo.net" as the "Admin Domain Name".
:)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

bruce86

I can not find phpmyadmin. :-\

butchs

You need to log in your hosts cpanel.  If you do to know what I am talking about contact your host.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

bruce86


butchs

I am trying to help you.  Yet you have taken a full circle.   :o

You blocked yourself because you did not follow instructions.  I have said many times do not enable the mod until after a few days and you are sure you are not going to block yourself.  You need to disable the mod and fix the settings before enabling it again.  If you have admin access simply uninstall and reinstall the mod.  But if you do not then you have to do it via phpmyadmin.

Read the post for how to do that.  Local host support is beyond my abilities.  Contact your host for how to access phpmyadmin.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

bruce86


butchs

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

MiY4Gi

#518
What does the setting "Robots.txt action's" do?

What I want is to block any bots/crawlers that disobey my robots.txt file. Does this setting do that?

Also, is it possible to add an option in the firewall to block any users that browse too quickly or use excessive traffic in a short time?
Check out my new website, MyAnimeClub.net. I plan to create the largest anime community, and most fun and user-friendly anime forum in the world. It's still in the development stage though.

butchs

Quote from: MiY4Gi on August 05, 2011, 05:12:09 PM
What does the setting "Robots.txt action's" do?

What I want is to block any bots/crawlers that disobey my robots.txt file. Does this setting do that?

It is easy to spoof an ip.  If your properly set the robots file and test it at the google webmasters site, the good bots will follow it.  The bad ip spoofed bots will not and get blocked.  This options stopped a nasty ddos attack on my site.

Read this link on how.

Quote from: MiY4Gi on August 05, 2011, 05:12:09 PM
Also, is it possible to add an option in the firewall to block any users that browse too quickly or use excessive traffic in a short time?

It is there already it is called the dos attack.  Set the trigger and cache to above 20 and it will take cars of them.  Whatever you do, do not go too low.
;)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Advertisement: