Add possibility for intelligent spam checkers
Автор: Hanspeter H.Since a few weeks, my website is targeted by spammers trying to add spam to the guestbook, crawling the site, tries to log-in etc. In short heavy traffic is bothering my server. I have a bigg deny.conf already in my server which blocks most of china ip's before even reaching my website. For the rest which gets thru I nedd an intelligent solution to prevent my x5 site from evil attackers. I therefore implemented the ZB Block solution from http://www.spambotsecurity.com/ The implementation of this and other similar solutions requires that pages to protect have
- A line of code at the very top of the page
- The page must be .php and not .html
Therefore I suggest a website X5 checkbox, which results in all pages which X5 generates being of type .php including all links to the pages of course.
And also the possibility to modify the first line of the pages to protect by adding a php string in front of the original code without any spaces or cr/nl so that the first line of e.g. the index.html becomes index.php with the first line being
<?php require('/share/HDA_DATA/aaaa/xxx/zbblock/zbblock.php'); ?><!DOCTYPE html><!-- HTML5 -->
This would allow intelligent fraud checkers to be implemented into X5 sites without the need for manual postprocessing of the code with some smart editor or grep or so... An example of how the ZB Block reacts is shown below, after 3 attempts this ip would be permenently blocked when accessing the homepage of my server: #: 610 @: Mon, 18 Feb 2013 14:47:58 +0100 Running: 0.4.10a1 Host: 46-227-70-178.static.obenetwork.net IP: 46.227.70.178 Score: 3 Violation count: 1 Why blocked: http url injection (UAB-006). Anchor hack (UAB-026). Anchor hack (UAB-027). Query: Referer: http://getbacktogetherrightnow.com User Agent: Opera/9.80 ways to win your boyfriend back after a fight (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60 Reconstructed URL: http:// www.funlab.ch /
Автор
Absolutely no reaction from X5...
I have read the doc about new features in Version 10. Not a single word about security. If they do not enhance security for their guestbook wit a solution, which does not force an admin to work on the entries and delte and/or Confirm each individual entry, they will force users to abandon the X5 Guestbook and replace it, as many X5 users have alreaydy done or better switch over to another website tool. I think X5 people have set wrong priorities.
Hello Hanspeter,
Thank you very much for your suggestion.
We always work to improve the security and also if it's not present in the documents it doesn't mean that nothing has be done. There are listed the principal changes made on the interface but the whole backend has been updated.
About your suggestion it is already possible to add a string before the HTML tag in the pages in Step 2 in the page properties in the Expert tab. note that the code added will not appear in the preview but only once exported.
Many thanks!
Автор
Hello X5
I apologize for not knowing the possibility to generate .php pages instead of .html pages in the sitemap/pageproperties/expert settings.
This also allows to insert the required string for ZBBlock security checking at the very top of the page. I tried it and it works, except for the blog, which does not appear in the sitemap and in its extended settinhs/blog does not have page properties to specify. However using this X5 capability allows to enhance X5 security (at least for me) significantly. In only 5 days since i have installed ZBBlock it has stopped over thousend illegal requests to my X5 website. Below are two example log entries from the ZBBLock killed_log:
#: 1007 @: Wed, 20 Feb 2013 10:03:21 +0100 Running: 0.4.10a1
Host: unassigned.psychz.net IP: 108.171.246.17
Score: 1
Violation count: 1
Why blocked: Your computer is infected with Trojan Downloader tencenttraveler . Go to http://www.safer-networking.org and get Spybot Search & Destroy, clean your machine, then come back (UA-0005).
Query: id=0nik72k0
Referer: User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler) Reconstructed URL: http:// www.funlab.ch /blog/?id=0nik72k0
#: 1002 @: Wed, 20 Feb 2013 09:39:30 +0100 Running: 0.4.10a1
Host: 5.135.209.6 IP: 5.135.209.6
Score: 1
Violation count: 3 BANNED
Why blocked: Suspected spamtool mail.ru agent (UA-0135). Query: id=0nik72k0&abuse=2768 Referer: http://xxxxxxxxx.dyndns.org/blog/index.php?id=0nik72k0&abuse=2768
User Agent: Opera/9.80 (Windows NT 6.1; WOW64; U; MRA 8.0 (build 5880); ru) Presto/2.10.289 Version/12.02
Reconstructed URL: http:// xxxxxxxx.dyndns.org /blog/index.php?id=0nik72k0&abuse=2768
Together with the B8 spam protector for the guestbook I am now quite happy with X5 again.