onlineriches

FireWall Script

FireWall Script is the world's first fully configurable PHP-based website firewall. It can work with any PHP application, and we even offer "packs" of pre-written rules to protect some of the most popular software such was Wordpress, Invision Power Board, Mambo, Joomla, Drupal, and more! It is so easy beginners can install and use it.

Protect against:

- DDOS Attacks
- Webapp exploits
- Security scans of your assets
- Hackers & common embedding viruses

Features of FireWall Script:
* Can work with any PHP script
* Included admin control panel allows full configuration of the software
* Support for multiple administrators. You can add, edit, and delete accounts from the admin panel.
* Admin panel update notification and news feeds keep you up to date on FWS
* Fully configurable DOS protection allows you to block access to your site for a user when they have multiple requests in a short period of time
* Fully configurable rules
* CAPTCHA support in rules allows you to show a CAPTCHA verification on any matched request
* Akismet integration allows you to do everything you can with rules when submitted text is identified as spam
* Admin login logs allow you to keep track of which administrators are using the admin panel
* Traffic logs for all traffic on your site (archived daily)
* Blocked request logs show you what was blocked and show you everything PHP had available during the request so you can review blocked requests
* Spam logs show you requests identified as spam through Akismet
* DOS logs show you requests identified as DOS attacks and subsequently blocked
* Help section gives you quick access to support for the software
* Specify rule title, notes and category for your own referencing and categorization
* Ability to log requests blocked by rule
* Ability to get email notifications for requests blocked by rules
* For requests matching a rule you can allow the request, exit script execution, show an error, show specified HTML, redirect to another page, execute a custom php plugin, or even show a CAPTCHA verification
* Ability to look in all PHP superglobals
* Full regex power gives you the ability to look for what you want, where you want

Check out FireWall Script for more information and product pricing.

digifan

$85... it will sell. Good luck!

__________________
[email protected]
Webair Rocks

bareskin

NIce good luck

__________________
Globat.com hosting company has shitty customer service skills :: please be advised::

Icq# 394599740

ScriptWorkz

What kind of overhead does all this nifty stuff before each request cause?

Nookster

A firewall coded in PHP? That's definitely a first.

__________________
The Best Affiliate Software, Ever.

macker

I like the sound of this script

__________________

ForcedMen | AsianViolation | WorkMyCock | TickleAsian | MasturbationInstructors | AssCleaners | TickleTorment | Fetish4Download (VOD) | PantyhosePlaza | FemaleDomination
mick[at]fetishassets.com | ICQ: 395-117

Klen

LOL it's not first there is already tons of script as this.And they are free.

StuartD

100% protection guaranteed

Bold statement. And if you're proven wrong, how much will that cost you?

__________________
This is me on facebook
This is me on twitter

Nookster

Uhm, not quite. There's generators, but not full-blown firewalls. Point some out if you think I'm wrong. And by the way, a firewall coded in PHP is vulnerable to everything PHP is. I would have coded one in C if you wanted to get the job done right.

__________________
The Best Affiliate Software, Ever.

payd2purv

Sounds interesting!

__________________

onlineriches

Thank you for the kind words.

ScriptWorkz

I think firewall is more of a marketing term, it's supposed to be blanket protection for php scripts, etc.. but either way your right, it's still vulnerable to everything php is (as far as actual php exploits, not saying it's coded poorly and allows mysql injection, etc..). And also, if it's written in php, unless they've found some crazy voodoo shit, this code is being executed ontop of the script already being executed for anything it's protected, which could be an issue on high traffic sites (wish we could get an answer on overhead).

Either way, i agree, if you wanted to do this right, you should of wrote an apache module / php extension or something w/ a compiled language, this isn't something i feel should be scripted.

fris

i doubt that php script can block a major ddos attack.

dont provide promises you cant keep

__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff

StuartD

Heh, I was just going to ask how a php script manages to prevent packet bombardment, billions of ping requests or even img sourcing.

A ddos attack happens at the server level, long before any php script ever gets run.

__________________
This is me on facebook
This is me on twitter

onlineriches

This isn't something to be run on a standard site such as a TGP or paysite. This is to protect common webapps such as wordpress, invision power board, vbulletin, joomla, which have widespread use and are often mass defaced or compromised. Custom rulesets are available for free in the members area for each application.

There is obviously a small amount of overhead, but unless you are pushing 25mb/s traffic all day you will not notice any impact.

Regarding PHP vulnerabilities, it has nothing to do with the script and is entirely PHP. If you are running the latest stable version of PHP and apply updates as they are released you will not have any problems. PHP is the issue, not the script, and saying that this script will not improve security is very misleading.

quantum-x

Three words:
Atomic Secured Linux

Filter this shit out in the kernel.

__________________
PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

onlineriches

Thinking this is comprable to a $50,000 hardware appliance is ignorant. It will block small ddos attacks directed at your website, not a bandwidth consumption ddos attack.

As mentioned this is a script to provide additional security for blogs, forums, and template type websites that use joomla, mambo, etc.

woj

firewall written in php makes as much sense as a solar powered flashlight...
but I guess there are ton of clueless idiots out there, it should sell well

__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

onlineriches

you are obviously one of them, you do not even understand the practical uses for this. go crying to the forums next time your blog gets hacked.

Klen

Whatever,since i installed script which i use for security,i have no problems with hackers anymore.

Sansa

Hate to rain on your parade... http://php-ids.org/

Thumbnailer

if you want to protect mambo, joomla or wordpress blog... install some antispam protection OR hire a pro to modify your server/script

__________________
FREE DOMAINS (3rd level) - USA.CC and more -- it should be free in The Communist Era

Babaganoosh

You clearly have no clue who he is.

He has forgotten more about coding than you will ever know. He's widely known to be one of the best programmers in the business. Now, who are you?

__________________
I like pie.

Klen

Nice,i wonder does it have anything more of script which i use.

tomud

nice, good job

Tomud

__________________

ICQ: 160168237

onlineriches

Hate to rain on your parade, but IDS = intrusion DETECTION system will let you know you are getting hacked, but will do nothing stop the attacks.

Quoted directly from their website:

"The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt."

onlineriches

antispam will do nothing to stop your site or blog from being compromised, it will just filter out annoying spam messages.

Why hire a pro to manage your blog when this software does everything you need?

fris

dont waste your money

__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff

GrouchyAdmin

I'm still waiting for the punchline.

__________________

JDog

I fully agree, that if you're going to try to add "protection" that you shouldn't make a PHP script, it should be a actual extension to PHP or better yet what you mentioned apache module, which I, myself, feel would be better than a extension to PHP. It could do better. I honestly wouldn't pay $85 for a php script called a "firewall".

__________________
NSCash now powering ReelProfits.com
ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
NOW OFFERING OVER 60 SITES
CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

JDog

One great apache module that will prevent most of the sql injection is MOD_SECURITY for apache. Much better than going with this will do, and it is FREE!

__________________
NSCash now powering ReelProfits.com
ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
NOW OFFERING OVER 60 SITES
CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

GrouchyAdmin

Mine's free.

<?php
$badFunctions = array( "a...", "dom_import_simplexml", "domattr", "domattribute_name", "domattribute_set_value", "domattribute_specified", "domattribute_value", "domcharacterdata", "domcomment", "domdocument", "domdocument_add_root", "domdocument_create_attribute", "domdocument_create_cdata_section", "domdocument_create_comment", "domdocument_create_element", "domdocument_create_element_ns", "domdocument_create_entity_reference", "domdocument_create_processing_instruction", "domdocument_create_text_node", "domdocument_doctype", "domdocument_document_element", "domdocument_dump_file", "domdocument_dump_mem", "domdocument_get_element_by_id", "domdocument_get_elements_by_tagname", "domdocument_html_dump_mem", "mysql_get_client_info", "mysql_get_host_info", "mysql_get_proto_info", "mysql_get_server_info", "mysql_info", "mysql_insert_id", "mysql_list_dbs", "mysql_list_fields", "mysql_list_processes", "mysql_list_tables", "mysql_num_fields", "mysql_num_rows", "mysql_pconnect", "mysql_ping", "mysql_query", "mysql_real_escape_string", "mysql_result", "mysql_select_db", "mysql_set_charset", "mysql_stat", "mysql_tablename", "mysql_thread_id", "mysql_unbuffered_query", "mysqli", "mysqli_bind_param", "mysqli_bind_result", "mysqli_client_encoding", "mysqli_disable_reads_from_master", "mysqli_disable_rpl_parse", "mysqli_driver", "mysqli_enable_reads_from_master", "mysqli_enable_rpl_parse", "mysqli_escape_string", "mysqli_execute", "mysqli_fetch", "mysqli_get_metadata", "mysqli_master_query", "mysqli_param_count", "mysqli_report", "mysqli_result", "mysqli_rpl_parse_enabled", "mysqli_rpl_probe", "mysqli_rpl_query_type", "mysqli_send_long_data", "mysqli_send_query", "mysqli_set_opt", "z...");
foreach ($badFunctions as $disable) {
if (function_exists("$disable"))
die("Unsafe function '$disable' found. Aborting!\n");
}
?>

__________________

GrouchyAdmin

Yes, the first version of my post had every known PHP function. Obviously, the board puked on a message that long.

__________________

onlineriches

I didn't write this script and collected good revenue from this post.

Anyone bashing this script either didn't read the full thread or doesn't understand it's purpose.
This is NOT a full security solution designed to replace premium hardware appliance firewalls. This is NOT a single solution, but works well as a layer in a multiple layer of defense setup.

I agree that "firewall" isn't an appropriate term for the script, although it does provide good protection for vulnerable and commonly targeted webapps.

Lastly, you get what you pay for, and anyone mentioning any sort of script as a total solution is a fuckin' idiot who isn't fit to tie their own shoe laces let alone give network security advice. If you want 100% protection unplug the power.

GrouchyAdmin

If you want protection, and you pay $85 for a PHP script, I have a wooden knob that makes your sound more true with a digital amp..

__________________

k0nr4d

They can't block a major ddos attack. I've been coding for years and I don't see any possible way outside of this being a module for apache. The server will still get the requests, still process them and this script will still have to use overhead on top of what the regular requests already do.

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

StuartD

Your site states:
"100% protection guaranteed
When properly configured, FWS can block any attacks on your site, guaranteed."

__________________
This is me on facebook
This is me on twitter

onlineriches

where did I say I wrote the script or this was my site?

I don't even know why I bother responding, not one person in here has read all my responses to the questions in the thread.

k0nr4d

proper configuration being "deny from *.*.*.*"

__________________
Mechanical Bunny Media
Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

brandonstills

Is this a joke? Protecting from DDOS in PHP? Yeah right!

__________________

Brandon Stills
Industry and programming veteran
[email protected] | skype: brandonstills | ICQ #495-171-318

ro8in

Ok so its protecting the exploits on current scripts but this script can have exploits on its own.. This is filling water to a leak bottle if you ask me..

__________________
------
Offcourse its a dude posting here. Probably a fut ugly one too. Fuck still people falling for this 100 year old trick

ro8in

Suddenly you have nothing to do with this sca errr script?? hmmm I guess this is the punchline lol

__________________
------
Offcourse its a dude posting here. Probably a fut ugly one too. Fuck still people falling for this 100 year old trick

StuartD

Do you also create php scripts for backpeddling?

__________________
This is me on facebook
This is me on twitter

Iron Fist

I'll do you one better... hit the button called Power - now that's the ultimate firewall.

__________________
i like waffles

quantum-x

ust to add a serious re-reply in this thread.

If you're interesed in this type of functionality, consider getting Atomic Secured Linux.
http://www.atomicrocketturtle.com/Jo...t/view/137/34/

It's very, very affordable [think $130], runs in the *kernel* layer, [as opposed to php - muffled giggles], and will protect you from ddos to sql injection.

I happen to know the guy who writes it - his credentials include 5 years in the whitehouse heading digital security.

'Onlineriches' credentials? who knows...

__________________
PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -