Advertisement:

Navigation

SMF Mod Site

Mod Name:
Forum Firewall
Created By:
butchs
Type:
Security and Moderation
First Created:
October 24, 2010, 12:24:48 PM
Last Modified:
January 19, 2013, 04:28:31 PM
Latest Version:
1.1.6
Compatible With:
1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 2.0 RC3, 2.0 RC4, 2.0 RC5, 2.0, 2.0.1, 2.0.2, 2.0.3
Total Downloads:
7980

Download this mod

FF_Language.zip (25kB) [373]
ForumFirewall 1.1.6.zip (143kB) [605]
Manual Install Instructions for SMF


Below are some preview images of what the mod looks like when being used

Description:

Forum Firewall
* protection against bad people doing bad things *

Authors Official Support thread is at SMF Helper.

Written by:                   butchs
Testing by:                    Lou69, snoopy_virtual and Wizzlefits
Current mod version:  1.1.6
Supported languages: english, spanish_es, spanish_latin, portuguese_brazilian, portuguese_pt
Hack Attempts:             Please share in the support thread so we can all be safe
Translations:                Translations are accepted (see FF_Language.zip)

After over six months of heavy programming along with tons of research and development, I am proud to offer my version of a SMF Forum Firewall.  I believe this is one of the most comprehensive and flexible schemes of its kind out there.  If you choose to try this mod please read the help topics and run it for a few days before blocking visitors.  I hope my work keeps your forum safe?



Sincerely,
butchs

Forum Firewall offers 13 tests for the forum operator that protect against unwanted visitors.  Forum Firewall is written as a supplement to existing site protection methods and should not be the only line of protection.  An ideal protection scheme is as follows:
  • Proxy Firewall.
  • Htaccess protection such as blocking nasty ip addresses, CrawlProtect and GeoIP.
  • Forum Firewall (this mod).
  • Bad Behavior mod.
  • Project Honeypot (included in Bad Behavior mod).
  • Stop Spammer.

The above protection will not stop a determined attacker but it just may send them looking for easier targets.


Some features in this modification:
  • Compatible with CloudFlare and other Proxys.
  • Log and/ or block violations.
  • DOS Protection to lower bandwidth with cool off & email notification.
  • Admin Spoofing Protection.
  • IP Address Spoofing Protection.
  • Port Spoofing Protection.
  • Anti-spoofing cache.
  • Cross Site Scripting (XSS) Protection.
  • SQL Injection Protection.
  • Proxy Bypass Prevention.
  • Limited Country Code blocking.
  • Automatic scan of image files.
  • Provides spanish warning if it is detected in header (thanks snoopy_virtual).


SMF 1.x version does not have:  Auto trimming of the visitor log and automatic scan of image files.

It is recommended that you do not enable "Block Violations" until after you operated the mod for several days and you are fully confident that there are no infractions in the visitor logs that can deny you or your top members access.

Version History
1.0.0 --  October 24, 2010
1.0.1 --  January 16, 2011 - Fixed admin section not being viewed for some users.  Member group whitelist has been moved to Admin/Members/Manage Permissions: Forum Firewall Whitelist Group.
1.0.2 - January 22, 2011 - Added some suggestions by Arantor & PhobosK.  Fixed Undefined variable: result & forumfirewall_data found by busterone.
1.0.3 - January 23, 2011 - Fixed typo.
1.0.4 - January 25, 2011 - Improved obfuscation. Fixed Undefined index: referer found by Blade_Runner.
1.0.5 - February 13, 2011 - SMF 2.0 RC5 and 1.1.13 upgrade.  Bug fixes reported by BigGuy and DarkBlizz.
1.0.6 - February 19, 2011 - Minor bug fixes and added "Review Proxy List" check box and visitor ip address in email notification.
1.0.7 - February 20, 2011 - Bug fix found by Lou69.
1.0.8 - February 27, 2011 - Minor improvements.  1.1.x bug fix by Jesna & added 7 day Auto DB purge.
1.0.9 - April 8, 2011 - Added more error descriptions.  Improved SMF 1.1.x language handling.  Fixed referrer bug.  Improved cache.  Spanish Translation(s) - thanks xaquin.
1.0.10 - April 10, 2011 - Changes for mod_security compatibility - thanks Darkness*, additional ffcache directory checks.
1.1.0 --  June 12, 2010 - SMF 2 & honey pot update
1.1.1 --  June 26, 2010 - Cannot redeclare (MattH41), Can't have a default valueFile (evanoliver), Banned will not function unless blocking is enabled.
1.1.2 - July 16, 2011 - Corrected Permanent bans thanks digit.  Improved whitelist, added ddos test, portuguese + brazilian translations - thanks Darkness_Black, spanish translation additions - thanks xaquin.
1.1.3 - July 17, 2011 - Random DB not exist error workaround (SMF 2.0 Bug 0002196), SMF 1.1.x no code changes, Corrected portuguese + brazilian translations - thanks Darkness_Black.
1.1.4 - August 21, 2011 - Bugs fixed, good bot added, possible cloudflare error, modification.english-utf8 fixed.
1.1.5 - September 19, 2011 - Upgrade to 2.0.1, install_db.php works with allow_url_fopen off.
1.1.6 - December 31, 2012 - Spanish by xaquin. Robot UAs updated. Added easter egg to ban bots scans. Updated SQL injection list. Un-idefined proxy error fixed - thanks societyofrobots. Added allow_url_fopen & allow_url_include test, fixed Strict Standards - thanks baldur2630.  Added "Challenge Failed IP's " to Admin options.
Terms of use

By downloading and/or using this MOD you agree to adhere to the following conditions for all versions of the Forum Firewall mod:
  • Copyright info & link must remain intact!  They only can be removed via Author/Creators approval.
  • The Author/Creator is not responsible for any incompatibilities of this mod with your forum.
  • You are FREE to use and customize this MOD on your Forum(s) as per the conditions of these terms however, in no way can the Author/Creator of this MOD be held responsible under any circumstances.
  • Commercial resale of this mod is prohibited without express written permission from the Author/Creator.
  • You are FREE to redistribute this MOD in its original, released state ONLY!
  • Conversion, transfer or porting any portion of the Authors Creative Work, Ideas, procedures and process to any SMF fork without the Authors explicit written permission is strictly prohibited.
  • These terms can be changed or appended at any time by the Author/Creator without any prior notice.

Forum Firewall is licensed under a CC BY-NC-ND


Bienvenido a Forum Firewall.  El m√≥dulo Firewall escrito para SMF 2.0.

Forum Firewall ofrece 13 an√°lisis para la gesti√≥n avanzada del foro, que lo protegen contra los intentos de hacking (pirateo). Forum Firewall es un complemento a los m√©todos anti-hacking existentes  y no debe ser la √∫nica l√≠nea de protecci√≥n. Un esquema de protecci√≥n ideal es el siguiente:
  • Proxy Firewall.
  • Protecci√≥n .htaccess para el bloqueo de direcciones ip maliciosas, CrawlProtect y GeoIP.
  • Mod Forum Firewall.
  • Mod Bad Behavior.
  • Proyecto Honeypot.
  • Stop Spammer.
Bienvenido a Forum Firewall.  El modulo Firewall escrito para SMF 2.0.

Forum Firewall ofrece 13 análisis para la gestión avanzada del foro, que lo protegen contra los intentos de hacking (pirateo). Forum Firewall es un complemento a las herramientas anti-hacking existentes  y no debe ser la única medida de protección.

Un esquema de protección ideal es el siguiente:
  • Proxy Firewall.
  • Protección .htaccess para el bloqueo de direcciones ip maliciosas, CrawlProtect y GeoIP.
  • Mod Forum Firewall.
  • Mod Bad Behavior.
  • Stop Spammer.
Esta protección podría no detener a un atacante determinado, pero por lo general les llevara a buscar objetivos mas fáciles.

Una vez visto lo anterior, permitamos hablar ahora sobre el mod Forum Firewall. Las características de esta versión son las siguientes:
  • Compatible con CloudFlare y otros Proxys.
  • Comprueba el estado de register globals y magic quotes.
  • Acepta registros o bloquea infracciones.
  • Detecta y automáticamente descodifica utf8 para su examen.
  • Protege contra pirateo cookie administrador.
  • Protege contra suplantación ip administrador.
  • Enviar un correo electrónico al administrador nunca, en intentos DOS o por cada infracción.
  • Cifrado de cacha incorporado. Se recomienda utilizar esta función ya que Forum Firewall utiliza la cacha para determinar si se trata de una infracción DOS. El mínimo definido es de 20 segundos.
  • Protección DOS. Observa User-Agent y si esta  bloqueado no se le permitir el acceso.  Ademas, hay una función donde se observa a que velocidad (hits por segundo) el visitante rastrea el sitio y lo compara con una lista para después prohibir o marcar al visitante en función de esta configuración. Incluye la posibilidad de prohibir (ban) usando el sistema de prohibiciones de SMF.
  • Validación de direcciones IP - Comprueba todas las direcciones ip en la lista IP Proxy de visitantes.
  • Protección Cross Site Scripting. El Mod observa las cookies de usuarios entrantes y confirma que no están infectadas. Ademas hay un análisis automático en Tareas Programadas que inspecciona los archivos de imágenes adjuntas, iconos gestuales (smilies) y carpetas de imagen de la plantilla una vez por semana para comprobar que no haya infecciones. Esta ultima característica proporciona un mensaje de advertencia.
    Si tiene infecciones las posibilidades de haberse extendido son mayores de lo que piensa y los archivos php podrían estar infectados.
  • Inyección SQL - Todos los URI son inspeccionados para detectar signos de caracteres uri no permitidos e intentos de inyección SQL. Si encuentra uno, habrá una notificación.
  • Protección contra ataques HTTP Header.
  • Protección contra Suplantación de Puerto.
  • Códigos de País - Esta función es limitada. Funcionar√° con servidores basados en GeoIP y CloudFlare.
  • Interfaz Proxy - Comprobar√° la dirección ip de los visitantes con la configuración del proxy para evitar intentos bypass. Por favor tenga en cuenta que actualmente esto solo funciona con una dirección ip estática.

Saludos (translated by papones)