Closed willem010 closed 8 years ago
http://www.spambotsecurity.com/zbblock.php
This method will protect your site, but it might also block a few functions like social login from facebook and that - ZB Block has to be configure correctly, in the forums I believe they can help with any ZB Block config questions you may have.
This is outside of the scope of the core. There are tools such as zbblock as posted above to help you out. There are plenty of proper blacklists already (google for 5G blacklist for example - it's quite effective I can say from experience, you'll found more tools on their website).
I don't think this will be included as it will also need continuous maintenance to check the quality of the blacklists. Also, the many different server configurations requires dealing with. This all requires resources that we simply don't have. On top of that, this is only provides a false sense of security. It will block the requests , but it will not actually add anymore security. Usage of server resources will actually be increased.
I'll leave this issue open for a while for discussion purposes.
cool. thanks for the tips. i will look into it later on.
Just as comment for the readers that are unaware of the import function for blacklists in v2 : it is available (members/ban)...
so the second part of my request actually already exists haha .. thnx @tgtje totally missed that one.
It would be great if there is a way to enter known vulnerabilities for various cms systems, like people searching for wordpress hacks / patched e107 hacks etc. on my sites.
currently my server log shows a lot of attempts to a known xmlrpc.php wordpress hack, or attempts to find login pages etc for wordpres and joomla.
it would be great if those #$@@#! beep #@$@# are added to the blocklist automatically. this would save me a lot of time.
btw, there are downloadable blacklists out on the net. maybe adding an option to e107 to download and import directly to the ban list isnt a bad idea? im not quiet sure of the quality of those lists tho maybe someone into security knows more about this or has better ideas??
on an average day my site draws about 25 attacks.. i would like to see this number go down.