Firewall Script

by Jeremy Schoemaker on April 28, 2008 · 38 comments

David Naylor has been pimping this Firewall Script software for the last week or so. I figured I would check it out. Seems pretty slick. Looks to do what a lot of mod_security does but without all the silly dependencies and the root admin access.

I think its another great example of a very badly needed service. People are getting hacked all the the time and the cost of this is like 80 bucks…. which is nothing for a serious site. I personally have not had time to test it but Dave has asked me to go through it so I will probably give it a go next weekend on some boxes and report my findings back.

About the author...

– who has written 2415 posts on ShoeMoney.com.

Hi I am Jeremy Schoemaker and ShoeMoney.com is my blog. 99% of the post here are done by me but you will see others occasionally make guest posts. This blog is fun to write but for my day job I run several online companies.

Images provided by ShutterStock


Mark recommends you read these posts also:

  1. harrypotter What Internet Marketers Can learn From Harry Potter
  2. guide-tipsforsuccess 9 Random Tips On Being A Successful Online Marketer
  3. shutterstock_47651305 PPV Advertising 101 – Untap the Potential (Part 1 of 3)

{ 38 comments… read them below or add one }

1 Michael D April 28, 2008 at 10:35 am

The mentions of WP blogs being hacked has been high lately. Looks like this script will work for everything on the server that uses php. Wondering if it is domain specific or offers protection for everything on the server. Easy to install?

Reply

2 Debo Hobo April 28, 2008 at 11:03 am

This is definitely something I need to look into. Good question-Is it easy to install.? I guess we will fine out when Shoe tests it next weekend. I for one am looking forward to that post. :)

Reply

3 ShoeMoney April 28, 2008 at 11:08 am

it looks pretty easy. I should have one of our less technical people give it a go and report on it. Btw u need a gravatar!

Reply

4 Clog Money April 28, 2008 at 11:34 am

This is an interesting idea and I’m curious to how it functions on a shared hosting platform. I just can’t see how a php script can protect your site on a shared hosting platform where you don’t have direct access to the specific server modules. Then again I would say that as the sceptical programmer I am ;)

Reply

5 Pete April 28, 2008 at 11:46 am

Would be nice to hear from some one who has used the service before…

Reply

6 Terra Andersen April 28, 2008 at 11:57 am

I agree… I’d love to hear what someone thinks of this who has used it before!

Reply

7 Roger April 28, 2008 at 12:09 pm

Dunno about whos used it/how good it is, but they have a affiliate program and I think I could make a assload of money promoting this all over the place.

Reply

8 Michael D April 28, 2008 at 12:09 pm

I have one but I guess I needed to add another email address. Let’s see if it works.

Reply

9 Mubin April 28, 2008 at 12:45 pm

Glad to see dave got something in return for bloggin about fighters.com!

Reply

10 Tim Linden April 28, 2008 at 1:33 pm

Just remember folks, this doesn’t replace a real firewall. It’s just for the application layer. A normal firewall blocks before reaching the script. The combination will work wonders, but leaving either side out still leaves you vulnerable.

Reply

11 Roger April 28, 2008 at 1:48 pm

@tim -

Using .htaccess preappend, it would stop it before it reaches the script. Its the same thing as modsecurity- so its just as much a firewall as modsec is. Any .php page thats called, it calls the firewall first, and if the firewall doesnt like it, it discards the request never even reaching the script

Reply

12 Hustle Strategy April 28, 2008 at 1:55 pm

Lets see if mine works…

Reply

13 Rekzai April 28, 2008 at 1:59 pm

I’ll try it out when my community gets bigger.

Reply

14 Clog Money April 28, 2008 at 2:00 pm

I think what Tim is trying to say is that there are ways to exploit sites before they even reach the application level, which btw the .htaccess would be part of.

Reply

15 Matt April 28, 2008 at 2:44 pm

Looks very interesting. I have a normal software firewall, but no “php firewall”. I have many blogs on my server, and keeping them upto date is annoying.

Shame it only works with php5, I might have to look into updating.

Reply

16 Jonathan Street April 28, 2008 at 3:27 pm

Does it not concern anyone that the one testimonial on their site is from a guy who thinks aliens were trying to hack his site?

For those wanting an open source solution one alternative may be PHP-Intrusion Detection System. The default is to send an alert following suspect behaviour but killing the script instead wouldn’t be too much work.

Reply

17 Hypnosis Dude April 28, 2008 at 5:03 pm

That testimonial must be true – you can’t make stuff like that up!

Seriously, I would be interested to find out how easy this is to install and setup. I’m a linux noob and am eager to learn about this kind of stuff

Reply

18 Tim Linden April 28, 2008 at 6:35 pm

Yes you are correct in thinking what I’m saying ;-)

The point is you can DOS Apache and having an application firewall would do nothing. You’d need something that stops it before getting to Apache. The point isn’t to say this firewall is bad, but to remind people that it’s part of the solution not “the” solution.

Reply

19 Terry Tay April 28, 2008 at 9:09 pm

$40 dollars per sale and $19.99 just for joining the program. $100 payment minimum. Not bad commish ;-)
~Terry

Reply

20 Hustle Strategy April 28, 2008 at 9:57 pm

mine worked below. seems you gots some work to do…

Reply

21 lazyhat April 29, 2008 at 12:09 am

Linux already comes with a pretty easy to use firewall. Its called iptables.

Reply

22 Web Marketeer April 29, 2008 at 1:36 am

If one hosts on a dedicated server? No sharing, will that decrease WP’s vulnerability to hacking attacks? Or does one still need this software too?

Reply

23 установка кондиционеров April 29, 2008 at 1:37 am

Thank’s for this script

Reply

24 Conditioner April 29, 2008 at 1:38 am

Cool script. Thanks from me :)

Reply

25 Atklimat April 29, 2008 at 1:39 am

Fantastic script!

Reply

26 Roger April 29, 2008 at 1:48 am

Hows that work out on shared hosting?
Oh, right.

Reply

27 Web Marketeer April 29, 2008 at 2:33 am

It is really awesome having The Shoe to not only alert us to new toys, but also to test them for us!

Reply

28 Clog Money April 29, 2008 at 3:17 am

Not really, vulnerabilities in wordpress are due to the code which makes up the software. This program merely monitors what looks like it may be an attack and then you decide from there whether to ban that person or not. At least I would imagine that’s how it works. I have not actually used the program.

Reply

29 Frumkes April 29, 2008 at 6:40 am

Thanks for the link, i will test it.

Reply

30 Accenseo April 29, 2008 at 1:26 pm

It’s a shame it only works on PHP5. :(

And before people tell me to upgrade, I have too many PHP4-only scripts to bother doing that. Seemed like a good script though.

Reply

31 Tamish Mehra April 30, 2008 at 2:43 pm

How bout a Plugin For WP for this ?

Reply

32 Asia'h Epperson April 30, 2008 at 7:07 pm

Not a replacement for a real firewall, but it should work great paired with one. The price is right too if you’re running any kind of serious site.

Reply

33 Mattaw May 2, 2008 at 9:32 am

Thanks, Look forward to your findings before I give it a go.

Reply

34 Mayank Rocks May 2, 2008 at 10:37 am

Upgrading to php5 doesnt take much time. I just did on my vps a day ago. Just re compiled with Apache…

Reply

35 Mayank Rocks May 2, 2008 at 10:37 am

Thanks for the script. Definitely worth it.

Reply

36 Prosperity Writer May 5, 2008 at 2:27 am

i’m a small player and a firewall isn’t in my priorities list yet

Reply

37 TEGS May 6, 2008 at 6:27 pm

Iooks interesting, cant wait to hear what you think.

Reply

38 Moldova May 11, 2008 at 8:47 am

Getting your website secured is very good in this insecure online world.

Reply

Leave a Comment

Previous post:

Next post: