Herself's Webtools

Scripts, HowTos, Templates, Plugins, Widgets, Tips

Archive for the ‘tools’ Category

PHP log parsers to make it easier to find trouble in your access-log

without comments

While doing research for the WordPress Security Suite ( Prevent Bot Registrations, Prevent bots, scrapers and other badness on your WordPress blog ) I needed some tools to pull agents, user requests and ip numbers from my log files and just give me a list of the unique ones of each.

So I wrote 3 PHP scripts to do just that.

Download the scripts, put your access-log in the same directory and run them from a command line or just load those pages in a directory on your webserver and view them. ( Be sure to block them in robots.txt if you have them on a public webserver. )

Download log parsers

Written by Linda MacPhee-Cobb

July 14th, 2008 at 5:00 am

Posted in php,security,tools

WordPress plugin ‘Tripwire’ 3rd of three part security plugin set

with 12 comments

Last update: Aug 2011
– Added install/uninstall functions
– Cleaned up user interface and code

The final plugin of the three part TTC ( TimesToCome ) WordPress security set is ready. This one acts as a tripwire. If a file is changed by you or more importantly someone other than you you’ll know.

Simply install and activate the plugin. Once activated go to the plugin management page and tell it you want a list of all files changed in the last 0-99 days ( pick your day ) and it will bring up a list of altered files for you.

If your WordPress install is in the top directory of your website this will check all the directories on your website. If you are down one level ( http://yoursite.com/wordpress/ ) then you can change this line:

$directories_to_read[$dir_count] = “../”; // plugins run from wp-admin so bounce up a directory

to this:

$directories_to_read[$dir_count] = “../../”; // plugins run from wp-admin so bounce up a directory

And it will check all the directories not just your WordPress directories.

Download

Part 1: WP plugin to prevent bot registrations

Part 2: WP Security Plugin: block bots, scrapers, cross-script attacks and more

Part 3: Tripwire

Install them all for best results!

Written by Linda MacPhee-Cobb

June 16th, 2008 at 1:00 am

WordPress Security Plugin – block scrapers, hackers, and more

with 86 comments


** 11/2011 Security patch

** 9/2011 Fixed problem with logs not being generated and fixed re-direct loop. Problem visitors now sent a 404 not found

** 8/2011 Added install and uninstall functions, cleaned up user interface and code Current version now 3.0

** 2/19/2011 Streamlined and sped up the security plugin. Current version now 2.6

** 12/20/2009 Two updates, the first one is a fix, the second makes some speed improvements and makes the plugin a bit more SEO friendly. Bots now get re-directed to main page of your site instead of an error page. Current version 2.5 And many thanks to Elites0ft.com who took the time to point out a flaw to me so I could get it rapidly patched and out the door. Check them out if you are looking for web security, seo or web development help.

** 2/1/2009 1.10 is the current version –

** 12/24/2008 Some IE users were having problems seeing log files in WP 2.7 so changed formatting

** 7/15/2008 Turn off the security script while you do the WP 2.6 update

** 7/25/2008 I added a white list how to blog entry for those of you wanting to white list some ip numbers.

This is part 2 of a 3 part security suite for WordPress. This part blocks cross-site script attempts, ip numbers of ill behaved people and bots and bans bad user agents. Since trouble is always changing this plugin allows you to adjust who you want to block. I’ve started you out with every bad bot I caught on my site this past month. You can remove bots, add bots and add and remove ips and requests.

Many internet websites list bad bots, or you can just watch your access-logs to see who is causing problems on your site. Several tools for finding weaknesses in your WP to hack are blocked and you can add more to the list as new ones appear on the net.

Cross site scripting attacks often contain .txt? .txt?? .txt??? or ?_wp_http_referer in the request. If new cross site scripts show up, you can easily add them to the list.

Anyone who’s bot or request shows up on your black list has his ip automatically added to your blacklisted ip list.

This plugin creates a page under ‘Manage’. On it you can blacklist ip numbers, user agents, and requests that you don’t want on your site.

If you have the TTC User Registration Bot Detector installed, both plugins will use the same bad ip list to make things easier for you.

The management page will also give you a list of all attempts at registration and if they were bounced and why.

I changed the ip checking part of the plugin so you can now block multiple ip numbers, not just individual ips.  Just add the ip blocks to your list like this:

to block 225.255.255.0 to 225.255.255.255

add
225.255.255.

You can also block everything from 225.255.0.0 to 225.255.225.225
225.225.

and
225. blocks everything beginning with 225.

It is good to end each number ( except the last ) with a dot like so:
225.

If you just put 150.15  you block every thing from 150.15.x.x to 150.151.x.x, 150.152.x.x. &c

There are directions in the plugin in case you’d rather direct bots to an error page.

Download TTC WP Security plugin

You should also add an email address to the error page. Do not use your main email address. Just set up an extra email address and change the error page like so:


print “<html>\n”;
print “<head><title>Banned</title></head>\n”;
print “<body>\n”;
print “<h2>Banned: $blacklisted: $code</h2>\n”;
print “<p> Contact: <a href=\”mailto:timestocome@gmail.com\”>timestocome@gmail.com</a> if you have questions.”;
print “<p> Be sure to include your ip number “;
print “</body>\n”;
print “</html>\n”;


Or you can just totally customize the two error pages. One starts at line 145, the second at line 171. Look for “// print error page”

If you use quotes in your page for a link you must escape them. Use \” where you would normally use a ”

Part 1 – Block bots from registering on your blog

Part III Tripwire tells you which files have been recently altered

See also:
Requests I’m blocking for a current list of things to block
Bots I’m blocking for a current list of bots we block
Per request I added directions to send an HTTP Error code instead of an error page How to send an HTTP error code with PHP

More information:
Know your enemy: Web application threats
Secunia: WordPress security vulnerabilites
SQL Injection Cheat Sheet
Google Online Security Blog

Written by Linda MacPhee-Cobb

June 8th, 2008 at 5:00 am

WordPress plugin to prevent bot registrations

with 68 comments

** Nov 2011 security patch

** Aug 2011
Added install and uninstall functions, cleaned up user interface and code

** Jan 28th 2011
Eric Celeste contributed a new user management page to the plugin. You can now easily see the number of comments per user and easily delete those that have no comments or that you suspect of being bots.

While BadBehavior and WebProfessor do very good jobs at keeping bots from registering on your WordPress site I wanted the control WebProfessor gave me and the automation that BadBehavior gave me but neither did both.

So here is a plugin to help keep bots from registering on your website. It will log all registration attempts and tell you why it bounced any bots.

You can blacklist domains, emails, and ips.

It will automatically block anyone whose ip shows up more than once, who is listed in spamhaus, or who you’ve blacklisted. If you hosting company allows ‘file_get_contents’ calls you can uncomment the StopForumSpam and check their list as well.

Anyone pretending to be a browser but whose ‘accept’ line is wrong will also get bounced.

screenshot of bot blocker plugin

Download

See also:
Part 2 of 3: WordPress Security Plugin to block scrapers, hackers and more
Part 3 of 3: WordPress plugin tells you which files have been altered recently

Written by Linda MacPhee-Cobb

June 2nd, 2008 at 5:00 am