ZB Block 0.4.10a1 (Tomcat)
ZB BLOCK 0.4.10a1 (Tomcat)
Don't let the robots in the door!
A GPL V2 PHP Protection Script for your site.
ZB Block is tested and compatible with these php applications:
Kayako eSupport 2.X
Kayako eSupport 3.X
e107 CMS 0.7.x
ZB Block should help protect these other php web applications:
PHP-Nuke, Mambo, punBB, Simple Machines Forum (SMF), blog cms, MODx, and many more!
This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description
of what the problem was. If the attacker persists, then they will be served up a permanently reccurring 503 OVERLOAD message with a 24 hour timeout.
What ZB Block is Excellent at:
Saves money by reducing hacker bandwith usage! (by 2,500% on this site's index page alone!)
Strengthing your site against defacement.
Preventing PHP script exploitation.
Ending Remote File Include (RFI) exploits.
Protecting against directory traversal attacks.
Stopping MySQL database injection and tampering.
Removing access from known bad addresses and domain names.
Blocking access from top level domains, like .cn (China) and .kp (North Korea).
What ZB Block is Good at:
Avoiding website scraping/content theft.
Deterring bad user agents.
Halting referrer spam.
Impeding some Cross Site Scripting (XSS) attacks.
What ZB Block will not do:
Protect non-PHP pages.
Stop access to non-exploitable resource files like .gif, .jpg, or .swf .
ZB Block is also fast, not only does ZB Block check for over 100,000,000 bad IPs/Hostnames and many thousands of bots, but standard execution times are around 1/10th of a second on an aged PIII 930, which is unnoticable to the web surfer. This anti-exploit / anti-'sploit / anti-hacking / anti-injection script should find many uses around the web as it's good at detecting, and stopping exploitation probes from many of the worst known skript kiddie tools.
Why ZB Block is BETTER than .htaccess methods...
Under certiain tasks, it is FASTER than htaccess due to only polling the server for data once per execution. An example of this is domain blocking.
It will run on webservers that do not support the full gamut of .htaccess commands (And there are quite a few).
It allows for intelligent detection of problem clients without previous knowledge of their address.
It can sniff query strings to find attack sequences from all IPs, while allowing legitimate requests to go through.
Through proper signature use, it can automatically remove some blocks that have met a condition. (such as registration of domain)
It can ban whole whole ranges of IPs written in classic decimal quadot notation. You can put your own custom ones in the signatures like 184.108.40.206 through 220.127.116.11 . (.htaccess gets a big FAIL! on dealing with IPs as it uses tricky to maintain CIDR ranges that only work in a most signifigant bit (MSB) method, sometimes requiring multiple entries for oddball ranges. 'Did I really include all the IPs? Did I accidentally go to far?')
Some hosts don't like custom 403s, so they don't allow you to use your own .htaccess driven 403. ZB Block doesn't care if the .htaccess is emplaced.
It logs banned accesses for later review in plain, easy to read english, with a description as to why said session was blocked.
It's simple and easy to use, and requires no authorization beyond the ability to upload files to your php equipped web-server.
Most importantly, it slows down evil robot machines to a crawl (sometimes) and helps alleviate (we hope) your fellow hosts/webmasters from some of the unwanted traffic!
Please note: Several versions of Microsoft IIS are broken, and do not allow custom PHP errors to come through their trashed (in our opinion) architecture. ZB Block is still effective on these systems, but cannot display it's custom, informative error page. We have no plans to make a work-around to fix this aberrant behaviour that violates proper use of the PHP interpereter. Our best suggestion to you, keep the server OS, and re-rig your server with XAMPP for Windows, and follow standards. Microsoft IIS is jokingly referred to as MS It Isn't Secure for good reason in our book.