ZBBlock Into ModxCMS

Hi Zaphod,

Although I am no programmer I tried integrating the ZBBlock php include as a snippet into Modxcms

I am not sure if the whole page gets parsed as PHP or just the snippet, but anyhow this is how the index page I tried placing the snippet in looked like after:

« MODx Parse Error »
MODx encountered the following error while attempting to parse the requested resource:
« PHP Parse Error »

PHP error debug
Error: include(/nobt/zbblock.php) [function.include]: failed to open stream: No such file or directory
Error type/ Nr.: Warning - 2
File: /home/besto/public_html/manager/includes/document.parser.class.inc.php(769) : eval()'d code
Line: 2

Parser timing
MySQL: 0.0022 s (6 Requests)
PHP: 0.0301 s
Total: 0.0324 s

All the best from from Josh

	goodthanks wrote:
	Error: include(/nobt/zbblock.php) [function.include]: failed to open stream: No such file or directory

Best guess the error lies here, and it means that it's looking in the wrong directory for ZB Block.

Assuming that /nobt/ is your webserver root directory...

Try inlcuding it as /nobt/zbblock/zbblock.php

The next version of the program should have a better way to "aim" things, but for now, try that.

FYI, looking at the end of the month to impliment all I want in ZB Block regarding that.

Zap Smile

P.S. Keep me posted, please. And your server must be running (have available) PHP for this to work BTW.

the next version updates sounds good zap,

I had renamed the zbblock folder to nobt, incase bad bots started to look out for folders named zbblock as ones to avoid, not sure if that is how it works, was probably taking un-needed precautions

I may try putting zbblock in the modxcms snippets folder without an include, see if it can work that way

There's your problem...
ZB Block needs to call several files in /zbblock/ and /zbzblock/vault/ to work right.

As long as you don't tamper with filenames, it will work right.

And yes, not only was your precaution unneeded, it was detrimental.

ZB Block is hardened PHP code, and will not use MySQL (a major security risk for a security script).

So, except where mentioned (forwarding hell off opion, the include segment, and the file open/write) please don't tamper with it. It could actually make you more susceptible to attack if you do!

Hi Zap,

Thanks, still had the same problem in modx after renaming the main folder back to zbblock, maybe zbblock and modx are not compatible. For the modxcms I only really need something to keep bad bots out from using up bandwidth and downloading pages, the security part I think is fine. Would putting a link from all modx templates to zbblock to a non cms'ed plain php page with zbblock be useful against bots if they followed the link, maybe it would stop them coming back?

However I do use a php affiliate redirect script which uses a database to manage affiliate links, I don't think this will ever be upgraded so I worry for its security. So when I have spare time, I will put zbblock into the more major files to see how that goes, hopefully bullet proof it so to say should be fantastic. Sorry I can not give feedback right now, just super busy trying to figure out how to set up prestashop with inventory

Was also wondering if google bot could be kept out from going in the eternal loop?

Regards from Josh

On where ZB Block can be executed from...

I had misgivings about ZB Block being included from a non PHP page. Your server probably wouldn't know how to process it. I smell a hiearchy error.

But ZB Block's include segment, can be put inside of any .php page that is currently working, and you want protected. The higher up in the code, the better. If it can be placed on top, best.

If the page is sending data to the client before ZB Block can be executed, you may as well turn off forwarding hell, by commenting out (//) the 2 header lines. It will still work, it just won't attempt to hog-tie the 'bot.

It would probably be a good idea to at least try to execute it before any entry forms are displayed, as this is where the 'bots begin to feed.

Now, on Google safety...

Just watch for Googlebot showing up in the killed_log.txt . Google just completely spidered my site with no problems. A visiting good spider will never see ZB Block, will never see the loop. A clean visitor, such as Yahoo! Slurp or Googlebot should see nothing, as sucessful execution adds 0 bytes to the page.

To date, Yahoo! Slurp, and Googlebot, and a few other good engines have been caught 0 times. But, who knows what the future holds, am sure that if they do get caught, it would be an accident.

To make sure that good bots that follow robots.txt don't actually suck up forwardinghell.php add this to your robots.txt

	Code:
	User-Agent:* Disallow: /zbblock/*

Get back to me on problems and sucesses please. I would love to help.

Zap Smile

Hi Zap,

Thanks, I put zbblock in the top of the PHP database information config file for the php redirect script I am using, zbblock seemed to work just fine with it. This should prevent any attempts from any people trying to get the database information (as this is the only file containing the databse information). Is that right or would more pages need protection? Only really concerned about database hacks on that script any bandwidth sucking bad bots going into your forwarding hell would be an added bonus

Made sure to disallow /zbblock in robots.txt

Thanks from Josh

	goodthanks wrote:
	Thanks, I put zbblock in the top of the PHP database information config file for the php redirect script I am using, zbblock seemed to work just fine with it.

Honestly, I would put it in the redirect script itself (assuming it is php), so more non-database hacking malbots get nabbed. And I would put it in all php pages that you could. The more exposure to visitors ZB Block gets, the more good it should do. There are other icky things that it protects against (and even more in the next signature update, including some logfile script injections).

Also, remember to test it's function with

	Code:
	http://<yoursite>/<protected page.php>?test=ctestc

That is the custom signature test, the last test in the files. If your browser stalls, or (if you have forwarding hell switched off) you get the banned notice, and a new entry shows up in killed_log.txt ... it is working right.

But it is your site... so put it where you will.

And if you want linkage as a user of ZB Block, check out http://zaphodb777.dyndns.org/forum/viewtopic.php?t=40 and do as it asks, and I'll link you from http://zaphodb777.dyndns.org/zbblocksites.php

Zap Smile

Hi Zap, thanks

Sorry for the delayed reply, (have been doing a start your own business course)

I put http://mydomainnamehere.extension/folder/anotherfolder/theconfigfile.php?test=ctestc

the page came up with this:

Warning: include(/zbblock/zbblock.php) [function.include]: failed to open stream: No such file or directory in /home/besto/public_html/folder/anotherfolder/theconfigfile.php on line 1

Warning: include() [function.include]: Failed opening '/zbblock/zbblock.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/besto/public_html/folder/anotherfolder/theconfigfile.php on line 1

Also you mention killed_log.txt?

Is this something I need to make and put in the main zbblock folder. As I have not got one in the zbblock normally

thanks from Josh

Okay, you can't use any of the automatic aiming systems, as who, or whatever set up your php decided that php programs need to be in a seperate folder off somewhere outside of the webroot. Most php programs don't work under those conditions exactly right, unless you manually specify where the program itself is running from.

It is explained in the docs.txt file under "*** If Script Does Not Work".

You will have to target the files and folders manually, if you are using 0.1.8 beta, you will have to change 1 line in ZB Block itself, and change your include segment you are putting in .php files to match.

Get back to me if you need any more help. (I doubt your will though.)

Zap Smile

Edit: Changed once instance of word automatically to manually.