vBFirewall v1.0

MobileHacks · Nov 20, 2008

What is vBFirewall?
Its a PHP script which blocks all kinds of attacks on your vBulletin Forum! Like: URL Poisoning, Remote File Inclusion, SQL Injection, XSS and other kinds of attacks.

I have tested each and every function of this mod before releasing it and have used it myself for 1 month

It has a attacker logger, which logs the IP and many details of the attacker so that you can reach him

This is still in beta version and I will add more features in it to make your vBulletin more secure Suggestions are always welcome.

How to install?

1) Go to Admin and Import the xml file product-firewall_vb_rs.xml using the plugin manager.
2) Keep an eye on the log file which can be found here: www.yourvbforumurl.com/logfile_worms.txt
(This file will only be created when a attack occour)
3) Your website is now secure from hackers

LinkFire · Nov 20, 2008

Here is the vbulletin.org link:
vBFirewall v1.0 - vBulletin.org Forum

I'll test this out.. thank you.

MobileHacks · Nov 20, 2008

Why you linking post on vb.org???

MobileHacks · Nov 20, 2008

Why you linking post on vb.org???

LinkFire said:
Here is the vbulletin.org link:
vBFirewall v1.0 - vBulletin.org Forum

I'll test this out.. thank you.

bcaksk · Nov 21, 2008

I think coder will add new features in a few days, like mail warning, we can wait.

MobileHacks · Nov 21, 2008

This is working on vB 3.7 also

Asd.Alrafedain · Nov 21, 2008

Thank u very much my bro.
Regards

Unknown785 · Nov 22, 2008

Help! It banned my IP on accident and I had someone uninstall it but my IP is still blocked from viewing my site. How can I fix this?

sir jaiden · Nov 25, 2008

Uhhh.... I Added THis On, and the next day i was attacked? wtf?

.v0id · Nov 26, 2008

3) Your website is now secure from hackers

hahahahahahahhahhaahahahahahahaahhahahahahahahahahahahahahahahahahahahahahaahahahahahahahahahahahahahahahahahahaha
hhahaahhahahahahahahahahahahahahahahahahaahhahahahahahahahahahahahahahahahahahaha

there is always that 'other' way....

but blocking all common stuff from forum ain't bad...

PHP:

<?php
//

$securityrules = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
                   'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
                   'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
                   'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
                   'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
                   'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
                   'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
                   'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
                   'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
                   'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20',
                   '$_request', '$_get', '$request', '$get', '.system', 'http_php', '%20getenv', 'getenv%20',
                   '/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
                   'http_user_agent', 'http_host', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
                   '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
                   'bin/tclsh', 'bin/nasm', 'traceroute%20', 'ping%20', '.pl', '/usr/x11r6/bin/xterm', 'lsof%20',
                   '/bin/mail', '.conf', 'motd%20', 'http/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
                   'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
                   'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
                   'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', '.history',
                   'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
                   'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
                   '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
                   'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=',
                   '_global', 'global_', 'global[', '_server', 'server_', 'server[', '/modules', 'modules/', 'phpadmin',
                   'root_path', '_globals', 'globals_', 'globals[', 'ISO-8859-1', 'http://www.google.com/search', '?hl=',
              '.txt', '.exe', 'ISO-', '</', '>', '<', 'SELECT', 'FROM%20', 'alert', 'document.cookie', '*', 'c99shell.php', 'shell.php', 'cmd.php', 'cmd.txt',
                    'c99.gif', '/r57.txt', 'http*', '$*', '/backdoor.php', '/backdoor.gif', '/backdoor.txt', '/shell.txt',
                    'smf_members', 'sourcedir=', 'dirname=', 'CREATE%20', 'UNION%20', '_members%20', 'passwd',
                    'script', '<img', '<?', 'WHERE', 'FLOOD', 'flood', 'floodding', 'ls -', 'uname', 'phpinfo', 'cat%20',
                    'AVWS', 'avws', 'acunetyx', 'ACUNETYX', 'boot.ini', 'magic%20string', 'STRING', '/membri/',
                    '/membri2/', '/membri2', '/membri', 'r57.php?phpinfo', 'r57.php?phpini', 'r57.php?cpu', 'r57.php?',
                    '|dir', '&dir&', 'printf', 'acunetix_wvs_security_test', '=http', 'converge_pass_hash', 'st=-9999{SQl]',
                    'st=-', 'cat%20', 'include', '_path=');
//
?>

chakru · Nov 26, 2008

hehe this is funny! dont install this mod! it even firewalls the admin from accessing wtf?? lol..

Patato20 · Nov 27, 2008

So this is an fake Mod ????

netmatrix · Nov 29, 2008

No this is not a FAKE MOD. Mobile Hacks did state that it is still in the beta mode which means it will still have some bugs in it just like any beta has. I downloaded it and used it on my test site which I do with all mods that are still in the beta mode, and it works just fine for me. I messed around with the settings in the test board a little bit, but like I said it works fine for me.

Mobile Hacks thank you for putting this mod on here, and you always put excellent mods on here, and I look foward to all of them. Keep them coming.

b33znutz · Nov 29, 2008

.v0id said:

hahahahahahahhahhaahahahahahahaahhahahahahahahahahahahahahahahahahahahahahaahahahahahahahahahahahahahahahahahahaha
hhahaahhahahahahahahahahahahahahahahahahaahhahahahahahahahahahahahahahahahahahaha

there is always that 'other' way....

but blocking all common stuff from forum ain't bad...

PHP:

<?php
//

$securityrules = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
                   'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
                   'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
                   'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
                   'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
                   'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
                   'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
                   'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
                   'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
                   'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20',
                   '$_request', '$_get', '$request', '$get', '.system', 'http_php', '%20getenv', 'getenv%20',
                   '/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
                   'http_user_agent', 'http_host', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
                   '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
                   'bin/tclsh', 'bin/nasm', 'traceroute%20', 'ping%20', '.pl', '/usr/x11r6/bin/xterm', 'lsof%20',
                   '/bin/mail', '.conf', 'motd%20', 'http/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
                   'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
                   'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
                   'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', '.history',
                   'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
                   'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
                   '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
                   'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=',
                   '_global', 'global_', 'global[', '_server', 'server_', 'server[', '/modules', 'modules/', 'phpadmin',
                   'root_path', '_globals', 'globals_', 'globals[', 'ISO-8859-1', 'http://www.google.com/search', '?hl=',
              '.txt', '.exe', 'ISO-', '</', '>', '<', 'SELECT', 'FROM%20', 'alert', 'document.cookie', '*', 'c99shell.php', 'shell.php', 'cmd.php', 'cmd.txt',
                    'c99.gif', '/r57.txt', 'http*', '$*', '/backdoor.php', '/backdoor.gif', '/backdoor.txt', '/shell.txt',
                    'smf_members', 'sourcedir=', 'dirname=', 'CREATE%20', 'UNION%20', '_members%20', 'passwd',
                    'script', '<img', '<?', 'WHERE', 'FLOOD', 'flood', 'floodding', 'ls -', 'uname', 'phpinfo', 'cat%20',
                    'AVWS', 'avws', 'acunetyx', 'ACUNETYX', 'boot.ini', 'magic%20string', 'STRING', '/membri/',
                    '/membri2/', '/membri2', '/membri', 'r57.php?phpinfo', 'r57.php?phpini', 'r57.php?cpu', 'r57.php?',
                    '|dir', '&dir&', 'printf', 'acunetix_wvs_security_test', '=http', 'converge_pass_hash', 'st=-9999{SQl]',
                    'st=-', 'cat%20', 'include', '_path=');
//
?>

what is this? call me noob, but ....

Unknown785 · Dec 2, 2008

.v0id said:

hahahahahahahhahhaahahahahahahaahhahahahahahahahahahahahahahahahahahahahahaahahahahahahahahahahahahahahahahahahaha
hhahaahhahahahahahahahahahahahahahahahahaahhahahahahahahahahahahahahahahahahahaha

there is always that 'other' way....

but blocking all common stuff from forum ain't bad...

PHP:

<?php
//

$securityrules = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
                   'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
                   'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
                   'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
                   'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
                   'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
                   'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
                   'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
                   'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
                   'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20',
                   '$_request', '$_get', '$request', '$get', '.system', 'http_php', '%20getenv', 'getenv%20',
                   '/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
                   'http_user_agent', 'http_host', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
                   '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
                   'bin/tclsh', 'bin/nasm', 'traceroute%20', 'ping%20', '.pl', '/usr/x11r6/bin/xterm', 'lsof%20',
                   '/bin/mail', '.conf', 'motd%20', 'http/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
                   'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
                   'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
                   'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', '.history',
                   'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
                   'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
                   '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
                   'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=',
                   '_global', 'global_', 'global[', '_server', 'server_', 'server[', '/modules', 'modules/', 'phpadmin',
                   'root_path', '_globals', 'globals_', 'globals[', 'ISO-8859-1', 'http://www.google.com/search', '?hl=',
              '.txt', '.exe', 'ISO-', '</', '>', '<', 'SELECT', 'FROM%20', 'alert', 'document.cookie', '*', 'c99shell.php', 'shell.php', 'cmd.php', 'cmd.txt',
                    'c99.gif', '/r57.txt', 'http*', '$*', '/backdoor.php', '/backdoor.gif', '/backdoor.txt', '/shell.txt',
                    'smf_members', 'sourcedir=', 'dirname=', 'CREATE%20', 'UNION%20', '_members%20', 'passwd',
                    'script', '<img', '<?', 'WHERE', 'FLOOD', 'flood', 'floodding', 'ls -', 'uname', 'phpinfo', 'cat%20',
                    'AVWS', 'avws', 'acunetyx', 'ACUNETYX', 'boot.ini', 'magic%20string', 'STRING', '/membri/',
                    '/membri2/', '/membri2', '/membri', 'r57.php?phpinfo', 'r57.php?phpini', 'r57.php?cpu', 'r57.php?',
                    '|dir', '&dir&', 'printf', 'acunetix_wvs_security_test', '=http', 'converge_pass_hash', 'st=-9999{SQl]',
                    'st=-', 'cat%20', 'include', '_path=');
//
?>

Was wondering the same thing... I think it its a kind of script to block hacking attempts. If it is, how do I add this?

.v0id · Dec 2, 2008

All this script does is applying above rules to security checks - in this hack it only checks the urls, I suppose, and puts the reports in a file. Most common attacks might be blocked, e.g. union%20 is usually used in SQL attacks, <script> is used in XSS, and so on...

But, there is no all-in-one solution to keep 'hackers' away. It all depends on configuration, system, packages, type of site, etc.

Unknown785 · Dec 3, 2008

Well is there anyway to be more secure from hackers? Any scripts.... (Besides this addon)

prlk · Dec 6, 2008

then wht is the solution for the access to a admin if it blocks the access...

PUBLIC · Dec 9, 2008

Unknown785 said:
Help! It banned my IP on accident and I had someone uninstall it but my IP is still blocked from viewing my site. How can I fix this?

Use Proxy Change your IP

mattdademon · Dec 22, 2008

Or alternitive restart your modem.

vBFirewall v1.0

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member