vBulletin [vBulletin MOD] Setup an unique firewall for your forum

This is the firewall that I code and use on my forum. Many visitors have asked me if I could release it so I decide to take a step up and share it with everyone. This firewall is the Lite version which I takes out all unnecessary parts of the main version so it's pretty light and only costs you a few kb of bandwidth. But, think about it guys, it's much less than when someone attack your forum using DoS or even worse -DDoS that may take the whole system down for days.



How does it look like ?


Step 0ne - Prepare Data

Take few mins to download the 300Kb of style and images of the Firewall that I've attached along with this post. Or else, you can use the link below:
RapidShare: 1-Click Webhosting
Password to extract is delynie.silveryhat.com.

+ After the have all the files ready, go ahead and upload to your host. Remember, place all files under the main path of the forum (where your forum is installed), for instance:

- http://yoursite.com/
or
- http://yoursite.com/forumname

So, depend on where your board folder is, upload every files there. Mine is DnP Forum - Auto Flood Detecting Engine v0.3 Beta, which the forum is located in delynie folder. (oh my gf )

So we're ready for the last step

Step Two - Set it up
Well, bad news here cuz things turn out a little bit ugly. Some of us hate to do this since they move to vBulletin or you've never done this before. I tell you, we need to modify one of the source of vBulletin, that is php file. Why I don't make it like other releases that have the product manager take cares of the whole process instead of doing manually. Sorry mate, in the security purpose i don't want any plugin or product that can be changed if the malicious one can get into your ACP.

Now open global.php, look for:

PHP:

<?php

AFTER THAT, paste this code.

PHP:


/*Firewall Protection Gateway Lite v0.4 by Silvery Hat Hacker
-= An Addon for vBulletin 3.x =-
-= Copyright by Shacker  2007. Any changes or re-distribution without permission is prohibited =-
-= A Product of DnP Forum =-
*/
session_start();
$UR_DOMAIN = 'http://www.silveryhat.com'; 
$TEN_COOKIE = 'dnp_firewall';

if ( strstr($HTTP_SERVER_VARS['HTTP_USER_AGENT'] ,'Googlebot')||strstr($HTTP_SERVER_VARS['HTTP_USER_AGENT'] ,'msnbot')||strstr($HTTP_SERVER_VARS['HTTP_USER_AGENT'] ,'slurp')) 
{}
else{
if( file_exists($firewall) ){ require_once($firewall);} 
if((strpos($_SERVER['HTTP_REFERER'], $UR_DOMAIN) !== 0)) {    
if (empty($HTTP_SESSION_VARS['{$TEN_COOKIE}']))
{
    if (!empty($HTTP_POST_VARS['{$TEN_COOKIE}']))
    {
        session_register('{$TEN_COOKIE}');
        $HTTP_SESSION_VARS['{$TEN_COOKIE}']='myforum_protection';
        header("location: ".$_SERVER['REQUEST_URI']);
        exit();
    }

    $sform='<!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd>
<html xmlns=http://www.w3.org/1999/xhtml>
<head>
<meta http-equiv=Content-Type content=text/html; charset=utf-8 />
<title>Protection Gate Lite v0.4 by Silvery Hat Hacker</title>
<link href=dnp_style.php rel=stylesheet type=text/css />
<script language=JavaScript><!--
//Anti-right click for all broswers by Shacker  2006
//Redistributed for Vn communities by delynie.silveryhat.com
var message="";function clickIE() {if (document.all) {(message);return false;}}function clickNS(e) {if (document.layers||(document.getElementById&&!document.all)) {if (e.which==2||e.which==3) {(message);return false;}}}if (document.layers) {document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;document.onselectstart=clickIE}document.oncontextmenu=new Function("return false")
// -->
</script>
</head>
<body background="img/clean_orange_crystalxp_1600.jpg">
<table border=0 height=600 width=100%>
<tr><td align=center valign=middle>
<table width=468  class="table" align="center" border="0" cellpadding="0" cellspacing="0">
<tr><td height=25 width=35  class="tcat" colspan="0" align=center valign="middle"><img src="img/internet.gif"></td>
<td  class="tcat" colspan="0" align=left width=318><STRONG>Forum Protection Gate Lite v0.4</STRONG></td>
<td class="tcat" colspan="0" align=center width=115>
</td></tr>
<tr><td colspan=3 height="25" id=Des align=center><strong style="color:#000066">&nbsp;Press the button below to access to the forum</strong>
</td>
<tr><td colspan=3 align=center bgcolor=#F7F7F7 class="vienall" style=filter:Alpha(Opacity:90);cursor:default><img src="img/home.jpg" border=0 title="Firewall Layout Designed by Silvery Hat Hacker"/>
</td></tr>
<form name=sercform method=POST action='.$_SERVER['REQUEST_URI'].'>
<tr><td height=25 colspan=3 align=center class="tbottom">
<input type=submit value="Enter" size=6 style=cursor:pointer name=shfirewall class=button></td></tr></form>
</table></div></td></tr>
<tr><td align=right><a href="http://delynie.silveryhat.com" target=_blank>Silvery Hat Hacker</a> &copy; 2007<BR>DnP Community</td></tr>
<tr><td align=right><a href="img/direction.jpg" target="_blank"><b>Can\'t access the forum because of Zone Alarm?</b></s></td></tr>
</table>
</body></html>
';
    echo $sform;

    exit();
}
}
}

Have you noticed at the very top of the code there are two variables that needed to be changed accordingly.

PHP:

$UR_DOMAIN = 'http://www.silveryhat.com'; //Change to your exact domain name, or else you'll have trouble access into your forum. If there is no www. then put no www., for example http://vbmodder.com/. I'll improve this on the next version so we'll have no more problems around this.
$TEN_COOKIE = 'dnp_firewall'; //Name of the cookie. Specify it on your own as any ways you'd like it to be.


When you done with everything, save and upload global.php back on the host.

Finish, your board now is protected against most DDoS by Firewall Protection Gateway Lite v0.4
For even a better protection, I use double firewalls on my forum that soon I'll release it around so stay tune if you're interested!
Any questions please ask here, and comment or feedback are pretty much welcomed. Gudluk! and sorry for my bad english if you found a mighty mistake somewhere.

What comes in next version
+ A Customization front page.
+ Better domain recognize.

global.php is the basic core file that it is generally different from index.php, showthread.php or forumdisplay.php,etc..,because it contains just functions and engine as the backend of the forum...

So far that I've seen most of the attack is to send large amount of data that sucks out the resource of server, and the target is some sort of pages that can receive information or respond to a request, they're those file that I mention above. By placing the firewall in the global.php we then can limit any direct attack that goes straight to the system (because all the files needs global.php as the base to work and no one can access/request anything from it) and it also prevents spam/ad that automatically overfloods the forum with new accounts.

Hope this will answer your question and sorry if for my english if it's somewhat confusing.