David Naylor has been pimping this Firewall Script software for the last week or so. I figured I would check it out. Seems pretty slick. Looks to do what a lot of mod_security does but without all the silly dependencies and the root admin access.
I think its another great example of a very badly needed service. People are getting hacked all the the time and the cost of this is like 80 bucks…. which is nothing for a serious site. I personally have not had time to test it but Dave has asked me to go through it so I will probably give it a go next weekend on some boxes and report my findings back.
ZK @ Web Marketing Blog (24) 
Stocks on Wall Street (22) 
Ricky Peterson (21) 
R Kumar (17) 
Mary (17) 
Ben Pei (14) 
Juhani Tontti (14) 
Dimas (13) 
Canada Immigration (13) 
Denny (13) 
R Kumar (112) 
fas (89) 
Michael Zhao (77) 
almir (76) 
Jay @ work from home (63) 
Find Affiliate Offers (56) 
Dino (50) 
Dick (577) 
Goran Website (444) 
Melvin (309) 
Taris Janitens (274) 
Tushar Dhoot (265) 
Tushar (260) 
Moneybites (256) 
meethere (246) 
Getting your website secured is very good in this insecure online world.
Iooks interesting, cant wait to hear what you think.
i’m a small player and a firewall isn’t in my priorities list yet
Thanks for the script. Definitely worth it.
Upgrading to php5 doesnt take much time. I just did on my vps a day ago. Just re compiled with Apache…
Thanks, Look forward to your findings before I give it a go.
Not a replacement for a real firewall, but it should work great paired with one. The price is right too if you’re running any kind of serious site.
How bout a Plugin For WP for this ?
It’s a shame it only works on PHP5.
And before people tell me to upgrade, I have too many PHP4-only scripts to bother doing that. Seemed like a good script though.
Thanks for the link, i will test it.
Not really, vulnerabilities in wordpress are due to the code which makes up the software. This program merely monitors what looks like it may be an attack and then you decide from there whether to ban that person or not. At least I would imagine that’s how it works. I have not actually used the program.
It is really awesome having The Shoe to not only alert us to new toys, but also to test them for us!
Hows that work out on shared hosting?
Oh, right.
Fantastic script!
Cool script. Thanks from me
Thank’s for this script
If one hosts on a dedicated server? No sharing, will that decrease WP’s vulnerability to hacking attacks? Or does one still need this software too?
Linux already comes with a pretty easy to use firewall. Its called iptables.
mine worked below. seems you gots some work to do…
$40 dollars per sale and $19.99 just for joining the program. $100 payment minimum. Not bad commish
~Terry
Yes you are correct in thinking what I’m saying
The point is you can DOS Apache and having an application firewall would do nothing. You’d need something that stops it before getting to Apache. The point isn’t to say this firewall is bad, but to remind people that it’s part of the solution not “the” solution.
That testimonial must be true – you can’t make stuff like that up!
Seriously, I would be interested to find out how easy this is to install and setup. I’m a linux noob and am eager to learn about this kind of stuff
Does it not concern anyone that the one testimonial on their site is from a guy who thinks aliens were trying to hack his site?
For those wanting an open source solution one alternative may be PHP-Intrusion Detection System. The default is to send an alert following suspect behaviour but killing the script instead wouldn’t be too much work.
Looks very interesting. I have a normal software firewall, but no “php firewall”. I have many blogs on my server, and keeping them upto date is annoying.
Shame it only works with php5, I might have to look into updating.
I think what Tim is trying to say is that there are ways to exploit sites before they even reach the application level, which btw the .htaccess would be part of.
I’ll try it out when my community gets bigger.
Lets see if mine works…
@tim -
Using .htaccess preappend, it would stop it before it reaches the script. Its the same thing as modsecurity- so its just as much a firewall as modsec is. Any .php page thats called, it calls the firewall first, and if the firewall doesnt like it, it discards the request never even reaching the script
Just remember folks, this doesn’t replace a real firewall. It’s just for the application layer. A normal firewall blocks before reaching the script. The combination will work wonders, but leaving either side out still leaves you vulnerable.
Glad to see dave got something in return for bloggin about fighters.com!
I have one but I guess I needed to add another email address. Let’s see if it works.
Dunno about whos used it/how good it is, but they have a affiliate program and I think I could make a assload of money promoting this all over the place.
I agree… I’d love to hear what someone thinks of this who has used it before!
Would be nice to hear from some one who has used the service before…
This is an interesting idea and I’m curious to how it functions on a shared hosting platform. I just can’t see how a php script can protect your site on a shared hosting platform where you don’t have direct access to the specific server modules. Then again I would say that as the sceptical programmer I am
it looks pretty easy. I should have one of our less technical people give it a go and report on it. Btw u need a gravatar!
This is definitely something I need to look into. Good question-Is it easy to install.? I guess we will fine out when Shoe tests it next weekend. I for one am looking forward to that post.
The mentions of WP blogs being hacked has been high lately. Looks like this script will work for everything on the server that uses php. Wondering if it is domain specific or offers protection for everything on the server. Easy to install?