1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How is the Firewall Script working out?

Discussion in 'Forum Suggestions & Feedback' started by Ic3m4n, Jun 9, 2008.

  1. Ic3m4n

    Ic3m4n Newbie

    Joined:
    May 25, 2008
    Messages:
    4
    Likes Received:
    1
    I see BHW has the Firewall Script installed. How is that working out? Has it been able to stop any attacks that you know of? I was thinking of buying it myself and would love some thoughts on it.
     
  2. trophaeum

    trophaeum Senior Member

    Joined:
    Dec 21, 2007
    Messages:
    1,189
    Likes Received:
    706
    you mean the fact that if someone puts the keyword s*y*s*t*e*m in a post or 1 of a hundred other things it likes to block the post? or that it doesnt play properly with suhosin and keeps blocking people randomly for nulls in their raw cookie data? i could go on but im stopping for now, its still in early versions but personally this is not the place i would put a defense line up, get a better codebase and lockdown the server properly

    i do think it can work for some people when setup right but i think for vb on here its a pita... time and new versions will tell i guess though
     
  3. jaeden

    jaeden BANNED BANNED

    Joined:
    Jun 3, 2008
    Messages:
    232
    Likes Received:
    28
    i glanced over the firewall script site and i have to say that as someone who knows how to exploit php scripts I am skeptical. a good test would be to install an old version of a script that has a lot of security holes and see if intrusion attempts get blocked.
     
  4. foxler

    foxler Regular Member

    Joined:
    Mar 7, 2008
    Messages:
    279
    Likes Received:
    159
    I would recommend something thats better built. I would suggest looking into modsecurity which has to be installed on the server itself but does a way better job
     
  5. Essential Clix

    Essential Clix Executive VIP Premium Member

    Joined:
    Jul 30, 2007
    Messages:
    1,755
    Likes Received:
    2,791
    Location:
    USA
    Yeah, trust me firewallscript is just one line of defense. Trophaeum has taken the proper steps to setup the "proper" security ;) Nothing's perfect, of course, but I think Troph's done a damn fine job.
     
  6. trophaeum

    trophaeum Senior Member

    Joined:
    Dec 21, 2007
    Messages:
    1,189
    Likes Received:
    706
    ug, theres still more random things to go dude lol

    security, the never ending uphill battle... *sigh* vbulletin certainly doesnt help that matter either!
     
  7. trophaeum

    trophaeum Senior Member

    Joined:
    Dec 21, 2007
    Messages:
    1,189
    Likes Received:
    706
    btw, mod_security is VERY flawed, it does NOT process the post data etc in the same way as each scripting language, it really is a BAD solution, i refuse to install it on any server, its just a bad joke and EATS resources, stay away, far far away
     
  8. YoungGuns

    YoungGuns Regular Member Premium Member

    Joined:
    May 26, 2008
    Messages:
    340
    Likes Received:
    267
    Location:
    Tennessee, US
    I can't post new threads because of this firewall script that I very much need to make, and sometimes I can't pm people. It's making me mad.
     
  9. trophaeum

    trophaeum Senior Member

    Joined:
    Dec 21, 2007
    Messages:
    1,189
    Likes Received:
    706
    please pm me any errors that you get with it under normal use, we are trying to set it 'right' (at this point personally i want to take to it with a whacking stick and disable it though but thats just me)
     
  10. YoungGuns

    YoungGuns Regular Member Premium Member

    Joined:
    May 26, 2008
    Messages:
    340
    Likes Received:
    267
    Location:
    Tennessee, US
    Hate to bug ya'll, but I still can't post new threads.
     
  11. YoungGuns

    YoungGuns Regular Member Premium Member

    Joined:
    May 26, 2008
    Messages:
    340
    Likes Received:
    267
    Location:
    Tennessee, US
    I just figured out it won't let me post my thread because the thread had a code in it. So I just posted the thread without the code.
     
  12. jaeden

    jaeden BANNED BANNED

    Joined:
    Jun 3, 2008
    Messages:
    232
    Likes Received:
    28
    okay heres the deal with the firewall script the way i see it. I have done some research and I think you guys should uninstall it. It's going to cause more headaches than good (which its already doing). The likelihood that the firewall script will prevent an attack is minimal. the best defense you have is keeping the forum and server software up to date.

    Some days ago when i first questioned the firewall script i did a little digging around on this site and discovered that the forum code was out of date and there were people trying to develope an exploit for a bug (which turned out to be nothing big but still).

    You guys don't need the firewall script. What you need to do is check for updates to vbulletin and vbul addons you have installed on a daily basis. Also, you need to edit your forum code to not display the vbulletin version info. This is a horrible thing. In fact, a good security measure would have been for you to remove any and all bannering info from the beginning.

    As it stands right now... Lets say a major security hole comes out... You can use google to search for phrases in sourcecode. Go ahead right now and right click this page, view the source, and you will see in the html head: vBulletin 3.7.1 .

    If an exploit were to come out right now for vbulletin and was left unpatched for more than an hour there is a good chance you would have a very serious problem on your hands.

    Heres a good fix for that.. Connect to the forum FTP and download the entire site to a folder. Use the program "advanced find and replace" to find any instance of the phrase "vBulletin 3.7.1" and replace with the phrase "BHW Forum."

    You should also find and replace the same term in the mysql database (can be done from with phpmyadmin). Do this each time you upgrade the forum and you will be much better off.

    Also, you have a forum thread for php and other server side programming.. Use it to your advantage. Even if a vulnerability gets released that there isnt an official patch for yet, we could come up with quick patches for you. Its really not hard.
     
  13. trophaeum

    trophaeum Senior Member

    Joined:
    Dec 21, 2007
    Messages:
    1,189
    Likes Received:
    706
    another day im treated like a n00b yet again *sigh* the forum is dave's, dave bought firewall script, its his choice what we do with it, he wanted to see if we could work with it, it was doing ok however now its going downhill more and more by the day so it is likely to get nuked over the next few days

    im gonna walk away from this thread now before i say something that i may regret
     
  14. jaeden

    jaeden BANNED BANNED

    Joined:
    Jun 3, 2008
    Messages:
    232
    Likes Received:
    28
    sorry, i was just being helpful/constructive with my last post. i wasnt trying to be a jerk or anything.
     
  15. artswerdstone

    artswerdstone Power Member

    Joined:
    Nov 24, 2007
    Messages:
    673
    Likes Received:
    764
    Thanks for this bit of information. I had been struggling to find which of my words impeded my post of being published.

    It would be great to have a lest of forbidden words to let us avoid them and save us of a lot of headache.
     
  16. MaestroDelWeb

    MaestroDelWeb Executive VIP

    Joined:
    Nov 5, 2007
    Messages:
    815
    Likes Received:
    869
    Occupation:
    Jack of all trades.
    Location:
    USA
    I've been banned from this site a few times by the firewall script. I'll randomly read threads than all of a sudden I'll get a firewall error and have to leave for a few hours until I"m logged out. I'm being banned without even posting and using my regular internet connection, no proxies or anything shady.
     
  17. Essential Clix

    Essential Clix Executive VIP Premium Member

    Joined:
    Jul 30, 2007
    Messages:
    1,755
    Likes Received:
    2,791
    Location:
    USA
    Are you sure it's the FireWallScript that's banning you? What kind of error message are you getting?
     
  18. MaestroDelWeb

    MaestroDelWeb Executive VIP

    Joined:
    Nov 5, 2007
    Messages:
    815
    Likes Received:
    869
    Occupation:
    Jack of all trades.
    Location:
    USA
    I'm definitely sure. I got the message a few hours ago when I was online earlier. It said something like, "You've been blocked by the Firewall Script," or something like that. I guess next time it happens I'll copy it and paste it next time I get access. I've never had a problem posting at all due to the script (although I have read the complaints). The error message mentions it's because of the script though. I'll make sure I save the message and post it next time I see it.
     
  19. MaestroDelWeb

    MaestroDelWeb Executive VIP

    Joined:
    Nov 5, 2007
    Messages:
    815
    Likes Received:
    869
    Occupation:
    Jack of all trades.
    Location:
    USA
    I just got blocked 2 minutes ago. I figured out, all I have to do is, clear my cookies and I'm allowed back in. This happened while I was viewing, not posting.

    I guess it won't let me post the error code (I'm given a firewall error message). I've attached it here in a text file.
     

    Attached Files: