vBFirewall v1.0

[PC51m0n]

hahahahahahahhahhaahahahahahahaahhahahahahahahahahahahahahahahahahahahahahaahahahahahahahahahahahahahahahahahahaha
hhahaahhahahahahahahahahahahahahahahahahaahhahahahahahahahahahahahahahahahahahaha

there is always that 'other' way....

but blocking all common stuff from forum ain't bad...

<?php
//

$securityrules = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
                   'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
                   'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
                   'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
                   'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
                   'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
                   'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
                   'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
                   'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
                   'insert%20into', 'select%20', 'nigga(', '%20nigga', 'nigga%20', 'fopen', 'fwrite', '%20like', 'like%20',
                   '$_request', '$_get', '$request', '$get', '.system', 'http_php', '%20getenv', 'getenv%20',
                   '/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
                   'http_user_agent', 'http_host', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
                   '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
                   'bin/tclsh', 'bin/nasm', 'traceroute%20', 'ping%20', '.pl', '/usr/x11r6/bin/xterm', 'lsof%20',
                   '/bin/mail', '.conf', 'motd%20', 'http/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
                   'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
                   'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
                   'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', '.history',
                   'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
                   'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
                   '<script', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
                   'select from', 'drop%20', '.system', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=',
                   '_global', 'global_', 'global[', '_server', 'server_', 'server[', '/modules', 'modules/', 'phpadmin',
                   'root_path', '_globals', 'globals_', 'globals[', 'ISO-8859-1', 'http://www.google.com/search', '?hl=',
              '.txt', '.exe', 'ISO-', '</', '>', '<', 'SELECT', 'FROM%20', 'alert', 'document.cookie', '*', 'c99shell.php', 'shell.php', 'cmd.php', 'cmd.txt',
                    'c99.gif', '/r57.txt', 'http*', '$*', '/backdoor.php', '/backdoor.gif', '/backdoor.txt', '/shell.txt',
                    'smf_members', 'sourcedir=', 'dirname=', 'CREATE%20', 'UNION%20', '_members%20', 'passwd',
                    'script', '<img', '<?', 'WHERE', 'FLOOD', 'flood', 'floodding', 'ls -', 'uname', 'phpinfo', 'cat%20',
                    'AVWS', 'avws', 'acunetyx', 'ACUNETYX', 'boot.ini', 'magic%20string', 'STRING', '/membri/',
                    '/membri2/', '/membri2', '/membri', 'r57.php?phpinfo', 'r57.php?phpini', 'r57.php?cpu', 'r57.php?',
                    '|dir', '&dir&', 'printf', 'acunetix_wvs_security_test', '=http', 'converge_pass_hash', 'st=-9999{SQl]',
                    'st=-', 'cat%20', 'include', '_path=');
//
?>

call me a noob too but i think you didnt tell us what to do with this or how to make this script work... please tell us... :/

 

[The Assassin]

well, from what i think, it should be added as a new plugin (the php code above)


And about the plugin, well, this isnt a plugin, its a product

 

[PC51m0n]

i need the correct instruction for this :/

:

 

[b33znutz]

ya seriously.. this is a great idea! im all for anything that helps lock shit up, but whats up? i do hope this makes it outta beta stages! a stable gold release would be cool. if i knew anything about it, i would contribute! thanks anyway.

 

[Kevo]

You guys are spammers xD xD


Thnx for posting this hack, I really needed it

 

[hack346]

more commands added

for testing this mod just tipe in your browser http://yoursite.com/index.php?cmd=

 

[possibly]

Fantastic addition, thanks!

 

[monoxera]

So uhm what's the best thing to downloda?

 

[ISA Cody]

Kind of a random but useful mod

 

[Kena]

',
'st=-', 'cat%20', 'include', '_path=');
//
?>

hello,

i'm also interested by your code but like others members i don't understand how to apply it...

can u explain to us please?

 

[KillaStaff]

just look your xml installation of vbfirewall, it's the same code

 

[Pixel3]

hmm yo, this doesnt block ddos attacks on vb 3.8.2

 

[ashrith]

u r d best if i dint have this i would have got hacked a million times as my site is The Source For Hacker's

 

[HER0]

Thank you, professor

 

[Raceb0y]

you can easily block this from your server on Mod_security rewrite rules as well

 

[mafiaen.dk]

Hi I have attacks .. and get this :

1||1244495834||130.225.26.132||do=user&uname=Obelisk155||http://www.mysite.com/forum/browser/26/howto-diy&page=16&per_page=12||Mozilla/5.0 (compatible; heritrix/1.12.1b +http://netarkivet.dk/website/info.html)

what should I do next ?

 

[Pixel3]

Hi I have attacks .. and get this :



what should I do next ?

thats not attack, this thing is bugged in 3.8.x
peopel go usercp to change sig or anything they reported as hackers :|