[geeklog-devel] New addition to the demo site - zbblock

[Tom]

Hey Michael,

 

I just noticed on the demo site that the "Welcome to Geeklog"  story
contains links to the old forum plugins website. Could you update it to
http://code.google.com/p/geeklog/ when you get a chance?

 

The Captcha plugin also has been taken over by Ben of Geeklog.fr

 

In regards to your email, I haven't heard of ZB Block before, I will have to
read up on it.

 

Thanks

 

Tom

 

From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Michael
Brusletten
Sent: September-22-11 12:35 PM
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] New addition to the demo site - zbblock

 

To All:

 

I have added ZBBLOCK <http://www.spambotsecurity.com/zbblock.php>  to the
Geeklog Demo Site because I thought it was time to finally stop the
onslaught of really bad behavior that should not be let into the site in the
first place.  What this script does is the following:

 

This php security script is designed to detect certain behaviors detrimental
to websites, or known bad addresses attempting to access your site. It then
will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page
with a description of what the problem was. If the attacker persists, then
they will be served up a permanently reccurring 503 OVERLOAD message with a
24 hour timeout.

If you are looking for a script to help with protection of a Counter-Strike
Gaming server, this is not the zBlock program you are looking for. You can
find them at  <http://zblock.mgamez.eu/> http://zblock.mgamez.eu/ , however,
many of the same sites could also benefit from what this site has to offer.
The name is purely coincidental (I have been using the moniker Zaphod
Breeblebrox for 25 years), and their version number is V. 4.4 a
post-release. While ZB Block (double Bs and a space) is still in beta
development.


What ZB Block is Excellent at:


*	Saves money by reducing hacker bandwith usage! (by 2,500% on this
site's index page alone!)
*	Strengthing your site against defacement.
*	Preventing PHP script exploitation.
*	Ending Remote File Include (RFI) exploits.
*	Protecting against directory traversal attacks.
*	Stopping MySQL database injection and tampering.
*	Removing access from known bad addresses and domain names.
*	Blocking access from top level domains, like .cn (China) and .kp
(North Korea).


What ZB Block is Good at:


*	Avoiding website scraping/content theft.
*	Deterring bad user agents.
*	Halting referrer spam.
*	Impeding some Cross Site Scripting (XSS) attacks.


What ZB Block will not do:


*	Protect non-PHP pages.
*	Stop access to non-exploitable resource files like .gif, .jpg, or
.swf .

ZB Block is also fast, not only does ZB Block check for over 100,000,000 bad
IPs/Hostnames and many thousands of bots, but standard execution times are
around 1/10th of a second on an aged PIII 930, which is unnoticable to the
web surfer. This anti-exploit / anti-'sploit / anti-hacking / anti-injection
script should find many uses around the web as it's good at detecting, and
stopping exploitation probes from many of the worst known skript kiddie
tools.

 


Why ZB Block is BETTER than .htaccess methods...


1.	Under certiain tasks, it is FASTER than htaccess due to only polling
the server for data once per execution. An example of this is domain
blocking.
2.	It will run on webservers that do not support the full gamut of
.htaccess commands (And there are quite a few).
3.	It allows for intelligent detection of problem clients without
previous knowledge of their address.
4.	It can sniff query strings to find attack sequences from all IPs,
while allowing legitimate requests to go through.
5.	Through proper signature use, it can automatically remove some
blocks that have met a condition. (such as registration of domain)
6.	It can ban whole whole ranges of IPs written in classic decimal
quadot notation. You can put your own custom ones in the signatures like
193.189.126.5 through 193.189.127.252 . (.htaccess gets a big FAIL! on
dealing with IPs as it uses tricky to maintain CIDR ranges that only work in
a most signifigant bit (MSB) method, sometimes requiring multiple entries
for oddball ranges. 'Did I really include all the IPs? Did I accidentally go
to far?')
7.	Some hosts don't like custom 403s, so they don't allow you to use
your own .htaccess driven 403. ZB Block doesn't care if the .htaccess is
emplaced.
8.	It logs banned accesses for later review in plain, easy to read
english, with a description as to why said session was blocked.
9.	It's simple and easy to use, and requires no authorization beyond
the ability to upload files to your php equipped web-server.
10.	Most importantly, it slows down evil robot machines to a crawl
(sometimes) and helps alleviate (we hope) your fellow hosts/webmasters from
some of the unwanted traffic!
11.	For more information, see http://www.spambotsecurity.com/zbblock.php

To download the script, goto their site
http://www.spambotsecurity.com/zbblock.php and check it out.

 

I have added a message to the 404 Error page that will be shown to those
that have issues to copy and paste the message they get in a forum post on
the geeklog site for help.  However, it is my belief that there will be
little to no problems with normal operations other that a dramatic decrease
in spammer/hacker traffic.

 

Michael

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20110922/d5119296/attachment.html>