The script needs to be included at the top of other PHP pages.
It should work with any PHP website, CMS, Blog, or Forum, and is designed to be completely invisible to other PHP scripts.
If no problem is found with a connection, it lets the script continue as before. If a problem is found:
It pauses a bit to slow down agressive bots.
It then generates a 403 Forbidden page, with the reason for the block and connection details.
It goes on to write the same data as above to a log file. Great for seeing if the protection needs to be modified due to accidental catching.
It then halts all execution, and kills the connection.
Features:
- It is able to checks for:
- Known bad client hosts;
- Known bad client IPs ( Both singular, and ranges noted in standard decimal quadot (www.xxx.yyy.zzz) );
- Bad query input ( $_GET ) (Somewhat heuristic enhancement as it looks at behaviors);
- Bad POST input ( $_POST );
- Bad "Pathing" such as http://yoursite.tld/somepage.php/http://theirsite.tld/somebadpage.php
- Remote file include hacks;
- MySQL injections;
- http injections;
- Known bad keywords in the query;
- Known bad user clients.
What is new in this release:
- Multiple new time formats. Choose inside of zbblock.ini.
- Permanent ban immunity for known good crawlers.
- Regular Expression Match. Use with care to make sure nothing will be executed.
- IP Permanent Bans Database split into 2 files.
- File writes now done in burst mode to reduce overlapping log writes caused by DoS hammering.
- User agent now stored in a variable for more consistent updating.
What is new in version 0.4.8:
- Bugfix: Now compresses spaces and other garbage characters to avoid obfuscation of command detections.
What is new in version 0.4.4b:
- Bugfix: Turned off that annoying super debug mode that snuck in, in the last version.
- Bugfix: Bad signature in last installer changed.
- Feature: Added PHP-Nuke registration checker capability.
What is new in version 0.3.1:
- Bugfix: Installer would generate errors trying to delete old installer files, on new install. Checks for old files before attempting delete.
What is new in version 0.3.0:
- Added: Installer - Just load zbblock/setup.php in your browser, follow instructions.
- Security Fix: Post data removed from log. Possible password exposure.
- Security Fix: Filename removed from log. Possible path structure exposure.
- Change: "Forwarding Hell" deprecated and removed. ZB Block is about security, not revenge.
- Change: Anti-Flooding pause extended to 25 seconds.
- Change: Code cleaned for efficiency.
What is new in version 0.2.0:
- BugFix: Now can be run several times on the same page, due to accidental includes and such, without throwing an error. Will quickly skip over itself if it has run before.
- Feature: Deeper Detections. Now strips the query string down to the base elements. No more cloaking with %## !
- Feature/Change: Now throws an authentic 403 with a descriptive error message by default, rather than forwarding hell. Still has a wait to slow some robots down.
What is new in version 0.1.8:
- Feature: Added ability to check user agent (though I doubt the utility of this due to cloaking).
- Feature: Added ability to check POST data (though I doubt the utility of this due to most skiddy scripts don't use POST).
- Feature: Added serial # counter, stored in vault.
- Change : Changed several checks of $_SERVER['HOME'] to a single check that can be replaced by a static value, in the case of some odd server packages that alter $_SERVER['HOME']. Now stored in $path_to_httproot. Will eventually be loaded from a semi permanent config file.
What is new in version 0.1.7:
- Feature: Added score ouptut in case of multiple matches.
- Feature: Now lists all reasons for blocking each attack.
- Feature: Placed signatures in locked /vault/ (with .htaccess and .htpasswd)
- Feature: Added custom signature file in /vault/ so you need not put back in your custom blocks each time you update main signatures.
What is new in version 0.1.6:
- Feature: Added detection of $_SERVER['PATH_INFO'] .
- Allows for smarter detection of (evil) remote file includes.
- Also allows for rejection of client on sites that have no use for path_info.
Comments not found