search

e107inc / e107

e107 Bootstrap CMS (Content Management System) v2 with PHP, MySQL, HTML5, jQuery and Twitter Bootstrap. Issue Discussion Room: https://gitter.im/e107inc/e107
https://e107.org
GNU General Public License v3.0
321 stars 213 forks source link

feature request : autoblock known vunarabilities for various cms systems. #1278

Closed willem010 closed 8 years ago

willem010 commented 8 years ago

It would be great if there is a way to enter known vulnerabilities for various cms systems, like people searching for wordpress hacks / patched e107 hacks etc. on my sites.

currently my server log shows a lot of attempts to a known xmlrpc.php wordpress hack, or attempts to find login pages etc for wordpres and joomla.

it would be great if those #$@@#! beep #@$@# are added to the blocklist automatically. this would save me a lot of time.

btw, there are downloadable blacklists out on the net. maybe adding an option to e107 to download and import directly to the ban list isnt a bad idea? im not quiet sure of the quality of those lists tho maybe someone into security knows more about this or has better ideas??

on an average day my site draws about 25 attacks.. i would like to see this number go down.

LaocheXe commented 8 years ago

http://www.spambotsecurity.com/zbblock.php

This method will protect your site, but it might also block a few functions like social login from facebook and that - ZB Block has to be configure correctly, in the forums I believe they can help with any ZB Block config questions you may have.

Moc commented 8 years ago

This is outside of the scope of the core. There are tools such as zbblock as posted above to help you out. There are plenty of proper blacklists already (google for 5G blacklist for example - it's quite effective I can say from experience, you'll found more tools on their website).

I don't think this will be included as it will also need continuous maintenance to check the quality of the blacklists. Also, the many different server configurations requires dealing with. This all requires resources that we simply don't have. On top of that, this is only provides a false sense of security. It will block the requests , but it will not actually add anymore security. Usage of server resources will actually be increased.

I'll leave this issue open for a while for discussion purposes.

willem010 commented 8 years ago

cool. thanks for the tips. i will look into it later on.

tgtje commented 8 years ago

Just as comment for the readers that are unaware of the import function for blacklists in v2 : it is available (members/ban)...

willem010 commented 8 years ago

so the second part of my request actually already exists haha .. thnx @tgtje totally missed that one.