Installing ZB BLOCK with Osclass

[Aficionado]

Some statistics of this month after installing ZB Block

503   Server busy   30.1 %   
403   Forbidden      29.8 %

Both 503 & 403 (60%) is blocks of ZB Block. So 60% of my traffic and usage was from illegal/nasty bots. And "users" that try to hack.

Go figure.

[design]

the bastards!

[Aficionado]

Here is a first result of my CPU usage on the server before and after i installed ZB BLOCK.

For the last 30 days.

[dev101]

I've also done a quick test, just a small contrib:

I have put the code in oc-load.php directly inside <?php, so instead of:

Code: [Select]

<?php require('/path-to-zbblock/zbblock.php'); ?><?php
define( ... )


Code: [Select]

<?php
require('/path-to-zbblock/zbblock.php');
define( ... );

= no chance of space introduction and code structure follows good practice.
Also, no need to call it in config.php (it works because oc-load is first called from index.php -- maybe you can put it in index.php?).

Some very FUNNY findings:

Some nasty bots try to hack Wordpress. They think my Osclass(es) websites are actually Wordpress and:

They try to hack

Reconstructed URL: http:// www.mywebsite.com /user/login/wp-login.php !!!!!!!!!!!!!!!!!!!!!!!!!!

I get about 100 attempts per hour/per website and all are BLOCKED. Before any db call is exectuted (i guess).

Yes, those are rejected on a server level, unfortunatelly every site gets those on a daily basis (even those dev sites not publicly listed anywhere, bots are randomy scaning IPs).

Regards

[Aficionado]

@dev101

Does it work right for you ? Worth it ?

[dev101]

Well, it works only for like 15 minutes, but it is just a dev site with no real traffic [minus those bots that scan stuff every 24-48h or so].

My initial tests revealed it is working, blocking strange requests, and stuff. And it is pretty fast.

Regards

[Aficionado]

Well, it works only for like 15 minutes, but it is just a dev site with no real traffic [minus those bots that scan stuff every 24-48h or so].

My initial tests revealed it is working, blocking strange requests, and stuff. And it is pretty fast.

Regards

I see.

There is a small detail i would like to "reveal". When a not found (403) or a busy (blocked) page is shown to the bots, there is a delay timer. By default it is 5 seconds.

Setting that to 25 seconds, has a great effect. It discourages the bots after a while.

[Aficionado]

Update:

Today i totally blocked all access from Cameroon (posting ad scams/fraud), Ukraine and Russia IPs. Within ZB Block. Works extremely well, all custom signatures are here (or/and you can create your own).

http://macmathan.info/zbblock-range-blocks/

[Aficionado]

WARNING:

If you use ZB BLOCK you MUST DISABLE Automatic Updates in Osclass.

And when updating manually you MUST REMOVE ZB BLOCK LINE from oc-load.php and config.php. Actually oc-load.php will be replaced, so it is only config.php.

ZB BLOCK is BLOCKING some of the update (does that with Wordpress also).

[dev101]

Nice advice, thanks. I have rebuilt my server for other purpose, and forgot to reinstall ZBB, so thats why I had no trouble with auto-updates (except the infamous maintenance issue).

Regards

[karthik4osclass]

If all the requests are routed through index.php, why dont you include zbblock code at the very top of index.php which includes oc-load.php and other relevant scripts.

[Aficionado]

If all the requests are routed through index.php, why dont you include zbblock code at the very top of index.php which includes oc-load.php and other relevant scripts.

Because i asked the Osclass developers with PM, and NEVER got ANY REPLY about it.

So we have to either guess or use the trial/error method. And what worked best was "oc-load.php". Like in Wordpress and ZB Block.

[cyrano]

Does anyone see the reasoning why this script sets the directory "vault" to 0777?

[Aficionado]

Does anyone see the reasoning why this script sets the directory "vault" to 0777?

http://www.spambotsecurity.com/forum/viewtopic.php?f=27&t=846

You can change to back to 755 for folders and 644 for files (those are the standard needed for Osclass)

[Aficionado]

You can change to back to 755 for folders and 644 for files (those are the standard needed for Osclass)

I'm not sure about what i wrote above. Test it.