How is the Firewall Script working out?

[Ic3m4n]

I see BHW has the Firewall Script installed. How is that working out? Has it been able to stop any attacks that you know of? I was thinking of buying it myself and would love some thoughts on it.

[trophaeum]

you mean the fact that if someone puts the keyword s*y*s*t*e*m in a post or 1 of a hundred other things it likes to block the post? or that it doesnt play properly with suhosin and keeps blocking people randomly for nulls in their raw cookie data? i could go on but im stopping for now, its still in early versions but personally this is not the place i would put a defense line up, get a better codebase and lockdown the server properly

i do think it can work for some people when setup right but i think for vb on here its a pita... time and new versions will tell i guess though

[jaeden]

i glanced over the firewall script site and i have to say that as someone who knows how to exploit php scripts I am skeptical. a good test would be to install an old version of a script that has a lot of security holes and see if intrusion attempts get blocked.

[foxler]

Quote:

Originally Posted by Ic3m4n

I see BHW has the Firewall Script installed. How is that working out? Has it been able to stop any attacks that you know of? I was thinking of buying it myself and would love some thoughts on it.

I would recommend something thats better built. I would suggest looking into modsecurity which has to be installed on the server itself but does a way better job

[Essential Clix]

Yeah, trust me firewallscript is just one line of defense. Trophaeum has taken the proper steps to setup the "proper" security Nothing's perfect, of course, but I think Troph's done a damn fine job.

[trophaeum]

ug, theres still more random things to go dude lol

security, the never ending uphill battle... *sigh* vbulletin certainly doesnt help that matter either!

[trophaeum]

Quote:

Originally Posted by foxler

I would recommend something thats better built. I would suggest looking into modsecurity which has to be installed on the server itself but does a way better job

btw, mod_security is VERY flawed, it does NOT process the post data etc in the same way as each scripting language, it really is a BAD solution, i refuse to install it on any server, its just a bad joke and EATS resources, stay away, far far away

[YoungGuns]

I can't post new threads because of this firewall script that I very much need to make, and sometimes I can't pm people. It's making me mad.

[trophaeum]

Quote:

Originally Posted by YoungGuns

I can't post new threads because of this firewall script that I very much need to make, and sometimes I can't pm people. It's making me mad.

please pm me any errors that you get with it under normal use, we are trying to set it 'right' (at this point personally i want to take to it with a whacking stick and disable it though but thats just me)

[YoungGuns]

Hate to bug ya'll, but I still can't post new threads.

[YoungGuns]

I just figured out it won't let me post my thread because the thread had a code in it. So I just posted the thread without the code.

[jaeden]

okay heres the deal with the firewall script the way i see it. I have done some research and I think you guys should uninstall it. It's going to cause more headaches than good (which its already doing). The likelihood that the firewall script will prevent an attack is minimal. the best defense you have is keeping the forum and server software up to date.

Some days ago when i first questioned the firewall script i did a little digging around on this site and discovered that the forum code was out of date and there were people trying to develope an exploit for a bug (which turned out to be nothing big but still).

You guys don't need the firewall script. What you need to do is check for updates to vbulletin and vbul addons you have installed on a daily basis. Also, you need to edit your forum code to not display the vbulletin version info. This is a horrible thing. In fact, a good security measure would have been for you to remove any and all bannering info from the beginning.

As it stands right now... Lets say a major security hole comes out... You can use google to search for phrases in sourcecode. Go ahead right now and right click this page, view the source, and you will see in the html head: vBulletin 3.7.1 .

If an exploit were to come out right now for vbulletin and was left unpatched for more than an hour there is a good chance you would have a very serious problem on your hands.

Heres a good fix for that.. Connect to the forum FTP and download the entire site to a folder. Use the program "advanced find and replace" to find any instance of the phrase "vBulletin 3.7.1" and replace with the phrase "BHW Forum."

You should also find and replace the same term in the mysql database (can be done from with phpmyadmin). Do this each time you upgrade the forum and you will be much better off.

Also, you have a forum thread for php and other server side programming.. Use it to your advantage. Even if a vulnerability gets released that there isnt an official patch for yet, we could come up with quick patches for you. Its really not hard.

[trophaeum]

Quote:

Originally Posted by jaeden

okay heres the deal with the firewall script the way i see it. I have done some research and I think you guys should uninstall it. It's going to cause more headaches than good (which its already doing). The likelihood that the firewall script will prevent an attack is minimal. the best defense you have is keeping the forum and server software up to date.

Some days ago when i first questioned the firewall script i did a little digging around on this site and discovered that the forum code was out of date and there were people trying to develope an exploit for a bug (which turned out to be nothing big but still).

You guys don't need the firewall script. What you need to do is check for updates to vbulletin and vbul addons you have installed on a daily basis. Also, you need to edit your forum code to not display the vbulletin version info. This is a horrible thing. In fact, a good security measure would have been for you to remove any and all bannering info from the beginning.

As it stands right now... Lets say a major security hole comes out... You can use google to search for phrases in sourcecode. Go ahead right now and right click this page, view the source, and you will see in the html head: vBulletin 3.7.1 .

If an exploit were to come out right now for vbulletin and was left unpatched for more than an hour there is a good chance you would have a very serious problem on your hands.

Heres a good fix for that.. Connect to the forum FTP and download the entire site to a folder. Use the program "advanced find and replace" to find any instance of the phrase "vBulletin 3.7.1" and replace with the phrase "BHW Forum."

You should also find and replace the same term in the mysql database (can be done from with phpmyadmin). Do this each time you upgrade the forum and you will be much better off.

Also, you have a forum thread for php and other server side programming.. Use it to your advantage. Even if a vulnerability gets released that there isnt an official patch for yet, we could come up with quick patches for you. Its really not hard.

another day im treated like a n00b yet again *sigh* the forum is dave's, dave bought firewall script, its his choice what we do with it, he wanted to see if we could work with it, it was doing ok however now its going downhill more and more by the day so it is likely to get nuked over the next few days

im gonna walk away from this thread now before i say something that i may regret