SocialEngine 4: ZBBlock to Stop Spammers

ZBBLOCK
Don’t let the robots in the door!
A GPL V2 PHP Protection Script for your website.

This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently recurring 503 OVERLOAD message with a 24 hour timeout.
If you are looking for a script to help with protection of a Counter-Strike Gaming server, this is not the zBlock program you are looking for. You can find them at http://zblock.mgamez.eu/ , however, many of the same sites could also benefit from what this site has to offer. The name is purely coincidental (I have been using the moniker Zaphod Breeblebrox for 25 years), and their version number is V. 4.4 a post-release. While ZB Block (double Bs and a space) is still in beta development.
What ZB Block is Excellent at:
Lower maintenance cost than our competition, ZB Block is free now, free for life! No expiring of software, no updates to buy, no catastrophes because you forgot to pay your bill! (Though an occasional donation IS nice!)
Saves money by reducing hacker bandwidth usage! (by 2,500% on this site’s index page alone!)
Strengthing your site against defacement.
Preventing PHP script exploitation.
Ending Remote File Include (RFI) exploits.
*NEW* Scans all uploaded files for live php/sql/Javascript XSS/.htaccess code.
Protecting against directory traversal attacks.
Stopping MySQL database injection and tampering.
Removing access from known bad addresses and domain names.
Blocking access from top level domains, like .cn (China) and .kp (North Korea).
What ZB Block is Good at:
Avoiding website scraping/content theft.
Deterring bad user agents.
Halting referrer spam.
Impeding some Cross Site Scripting (XSS) attacks.
What ZB Block will not do:
Protect non-PHP pages.
Stop access to non-exploitable resource files like .gif, .jpg, or .swf.
ZB Block is also fast, not only does ZB Block check for over 100,000,000 bad IPs/Hostnames and many thousands of bots, but standard execution times are around 1/10th of a second on an aged PIII 930, which is unnoticeable to the web surfer. This anti-exploit / anti-’sploit / anti-hacking / anti-injection script should find many uses around the web as it’s good at detecting, and stopping exploitation probes from many of the worst known skript kiddie tools.
Why ZB Block is BETTER than .htaccess methods…
Under certain tasks, it is FASTER than htaccess due to only polling the server for data once per execution. An example of this is domain blocking.
It will run on webservers that do not support the full gamut of .htaccess commands (And there are quite a few).
It allows for intelligent detection of problem clients without previous knowledge of their address.
It can sniff query strings to find attack sequences from all IPs, while allowing legitimate requests to go through.
Through proper signature use, it can automatically remove some blocks that have met a condition. (such as registration of domain)
It can ban whole ranges of IPs written in classic decimal quadot notation. You can put your own custom ones in the signatures like 193.189.126.5 through 193.189.127.252 . (.htaccess gets a big FAIL! on dealing with IPs as it uses tricky to maintain CIDR ranges that only work in a most significant bit (MSB) method, sometimes requiring multiple entries for oddball ranges. ‘Did I really include all the IPs? Did I accidentally go too far?’)
Some hosts don’t like custom 403s, so they don’t allow you to use your own .htaccess driven 403. ZB Block doesn’t care if the .htaccess is emplaced.
It logs banned accesses for later review in plain, easy to read english, with a description as to why said session was blocked.
It’s simple and easy to use, and requires no authorization beyond the ability to upload files to your php equipped web-server.
Most importantly, it slows down evil robot machines to a crawl (sometimes) and helps alleviate (we hope) your fellow hosts/webmasters from some of the unwanted traffic!
Theory of operation…
This is generally how ZB Block works…
Capture the execution of the page, as close as possible to the beginning of it, definitely before MySQL operations.
Poll all connection details: QUERY, POST, IP, Hostname, Referrer, and User Agent. Treat all polled data as hostile and do not attempt to load as distinct variables.
Check for problems in the polled data through the standard signature file.
Check again through the custom signature file.
If no problems are found return execution to the main part of the page and add 0 bytes to connection. Elsewise…
Log connection details to killed_log.txt (Can be very important if you suspect accidental “catches”, or wish to inspect the “catch” for more ways to detect the problem).
Handle attack by dumping the connection to a “You Are Banned / 403 Forbidden” page.
Do not return execution to the original file and send DIE command to the php interpreter.
At no time does ZB Block actually perform processing with the data in the connection, nor does it try to correct it. It simply scans the information for known problems. It also does not use MySQL or any other Server Query Language, as that in itself could open up your site to an attack (We don’t want some of this data even getting NEAR your database).
At no time should ZB Block effect any hostile actions towards the connecting client, so it is safe for the most serious business website.
At no time should ZB Block affect the output of data to a non-hostile connection, thus, it is safe for the most complex websites.
I have integrated and tested this script with SocialEngine and should work with ANY version.

Installation Instructions:
Download the Zip file.

http://www.spambotsecurity.com/zbblock_download.php 

or

Download attached Zip file.

1. create a folder in your root directory called “zbblock”
2. CHMOD 777 that folder. <== THIS MUST BE COMPLETED BEFORE SETUP!
3. Unzip and upload the contents of the zip that you downloaded from the above website.
4. Then go to Http://your-site.com/zbblock/setup.php
5. Select option #2.
6. It will give you some code at the top to add to your pages. ***

Go to ROOT folder>>>Application>>>Modules>>>Core>>>Layouts>>>Scripts and edit default.tpl.

At the very top, you will add your code, it should look like this:

 <?php require('/micaddicts/zbblock/zbblock.php'); ?><?php /** * SocialEngine * * @category Application_Core * @package Core * @copyright Copyright 2006-2010 Webligo Developments * @license http://www.socialengine.com/license/ * @version $Id: default.tpl 10017 2013-03-27 01:27:56Z jung $ * @author John */

Pay close attention to where I pasted the code.

Replace my link with the one you were given after setup.

Example: <?php require(‘/root/zbblock/zbblock.php’); ?>

7. Edit admin.tpl the same way.

http://your-site.com/zbblock/vault/zbblock.ini

Scroll down to the password section and you will see this:

 ; *** ZB Block Password *** ; ; Password to control functions of ZB Block ; ?wlpw=<password> to add yourself to the whitelist ; and allow yourself back in. ; ; values: ; "" to neutralize password and turn of control ; functions globally. ; ; "<password>" Password to control functions. ; ; default: zbb_pw = "" zbb_pw = ""

Update the red font with your preferred password:

“zbb_pw = “yourpassword

and save.

9. Then go to: http://your-site.com/zbblock/zbblock.php?wlpw=yourpassword
Once it loads(up to 60 second) it will say you have been added to white list.
10. To test, go to: http://your-site.com/zbblock/zbblock.php?test=xtestx

If a 403 Forbidden Page comes up, you have installed correctly.

11. Update Signatures:

** You should update to the latest signatures.inc as soon as your install is working. The current signatures are not slipstreamed into the main script installation, unless the release date is the same. Any new signatures, up until the next main script release, are a manual install only. Descriptions of the signature files can be found in our forum.

I have attached the most recent signatures.inc as well.

If you would like a direct download link for newer signatures.inc: 

http://www.spambotsecurity.com/files/signatures.zip

MAKE SURE YOU CREATE AND CHMOD777 THE zbblock FOLDER BEFORE SETUP!

***This was the best place I knew where to add the code so that it was on all pages. If you upgrade your SE script, you will have to add that code every time. If someone knows of a better way, please let me know.

signatures zbblock_0_4_10a3

Looking for quality Social Engine Web Hosting? Look no further than Arvixe Web Hosting!

Tags: , , , , , , , , , , , , , | Posted under SocialEngine | RSS 2.0

Author Spotlight

Andrew Cross

Andrew Cross

Hi, I'm Andrew. A am a 25, ICT Administrator which offers support to company's around the South Wales Area. I have created a few social sites for myself and other company's. So far 2 out of 3 have been successful using the powerful SocialEngine Script. I continue to try and help the community of SocialEngine by giving Support and Technical Help where possible.

Leave a Reply

Your email address will not be published. Required fields are marked *


+ 6 = 12

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>