VSF Simple Block

VSF Simple Block

** This plugin is still in development and as such cannot be guaranteed to even install correctly. However, I have been using it on three sites with success. **

If you have an existing installation of this plugin, please make sure you do a database backup before upgrading. And if you need to install 0.2.1 because 1.X doesn’t work, 0.2.1 is available below

Simple Block does what it says really. It’s effectively a software firewall of sorts. Enter an IP Address (or an IP range) or a host or a browser summary into the block rules table and save it. Then watch as visitors that match those entries are bounced and cannot access your site.

Block Rules:
IP address is an exact match.
IP range is an exact match to the specified range.
Host is a like match, so if you enter for example google, anything that has google in the host anywhere will be blocked.
Browser summary works just like Host. Add in a value like spider and any hit on your website that contains spider in the browser summary anywhere will be blocked.

In the settings page enter a bounce address of your chosing which will be used to “forward” the users on to if they match a record in the block table.

Filter Rules:
There is also a filter table which is read before the bounce address. Values in this allow hits from users that match in exactly the same way as the block table. Because this is queried before the block table any matches will be allowed through.

Block Records:
Is a list of all hits that have been bounced and also a single reason why. for example if you have a block record for browser summary – bot – and the google bot arrives on your site, you will get a record that the google bot has been bounced. (I don’t recommend blocking the google bot)

Also:
Auto block is not (coded) enabled yet. Work in progress.
Import and Export does work, but hasn’t been used a lot yet.

Please note that this plugin has the ability to block you if misused! Please be very careful when using this plugin. This plugin requires database rights to create tables and also create and run a stored procedure. Without those database rights this plugin will not be able to function.

Requirements

WordPress 3.0+ (but it will probably work on lower versions)
MySQL (as there is a query which will probably not port as is)

Screenshots

Simple block image 1

Simple block image 2

Simple block image 3

Simple block image 4

Simple block image 5

Simple block image 6

Version

1.1 – 01/01/2012 Bug fix to the stored block stored procedure as it wasn’t logging IP blocks (as identified by Sylvain). Also an improvement to the logging which is now in a separate stored procedure rather than being copied around the code.
1.0 – 27/02/2011 Added url blocking.
0.2.1 – 20/01/2011 Added spider trap information and page to the project.
0.1 – 12/11/2010 Initial version.

Please consider donating!

If you’ve found this plug-in helpful, please consider donating! Buy me something from my wish list: Amazon.co.uk wish list. That way I’ll feel more inclined to add new features and fix bugs!

Download

Current version 1.1 – MD5 Hash 69e5f57ebb44bef8f95abeb2380a7e2a

Version 1.0 – MD5 Hash e41a8e5bbe8aa14334cf3c2632d23f04

Version 0.2.1 – MD5 Hash 2a6bda2be015fd2fe267d881142d5ed9

The plug-in is also available from wordpress.org and can be found here!

  • jack999

    Hello Victoria,
    could you please add the following feature to your vsf simple block plugin.It will be of real help to me.

    >> website should not be displayed to users who visit a particular page in blog.
    It means after visiting that page he should not see it any further and should be redirected to general setting page,what so

    ever he do.

    To achieve this what i think is::
    a. create minimum 2 fields in settings page to enter url to be monitored.

    b. know the ip address of visitor who visits that page[above URL].

    c. add that ip address instantly(automatically) to block ip list.

    Now that visitor will never see website, till his ip changes.

    d. to add further inteligence you can use a combination of ip and cookie to trace the same user.
    For ex. if the IP address of blocked visitor changes,and next time he visits the site,cookie stored in his browser from

    previous session tells that he is blocked so his new ip is again added to blocked ip list,irrespective of him visiting the

    monitored url or not

    I hope that you please add a,b,c & d to your plugin.
    It will really help me and many others.
    Thanks a lot for such a great plugin.

  • Victoria

    Hi Mohit / Jack,

    I currently have one update in progress which is similar. It will add in a spider trap feature which means that a bait page can be added to your website and anyone who reaches that bait page will be auto added to the ban table and blocked from then on. I’m currently using it on two websites, but until I’m happy that code is ok (next weekend) I can’t edit the code base.

    Your suggestion is very similar to something I had thought of myself. I have my own logging plugin which monitors all visitors and every week I get one or two visitors trying blog.v-s-f.co.uk//admin.html etc. Anyone who adds double slash to my url will be added to my ban list when I see them. I also ban people who try accessing cgi-bin, phpmyadmin etc. So yeah I can definitely see the benefit in your suggestion of having a table of links that should be auto banned.

    At the moment I must admit that I just don’t have much time. Just got a new job and the commute is really taking it’s toll. When I knocked this plugin out, I was unemployed 🙂 I’ll try my best, but it’s likely to be a few months.

    Thanks
    Victoria

  • griff701

    The ability to automatically add to the banned list the ip of anyone who tries to access blogname.com/a-certain-area would be fantastic 🙂

  • Victoria

    As I work on this project, I get to a certain point and then place it on this site and one of my other sites to test it out. However with the current change I’m making (and potentially all future changes), I’m finding that I’m not getting enough “bad” visitors to try the release candidates out!

    For example the request above for url blocking, I have a snapshot version, without exporting and importing of rules, but haven’t been able to test the new feature as no ones visited the “bad” urls I have listed.

    So, If your reading this and would like to try future snapshot versions (early release candidates) before they are made public, send me a message and I can set something up for early release candidates. I must point out that the early release candidate versions are likely to contain bugs, but that’s the whole point – for people to test and notify me of the bugs!

  • Jordan McGrath

    Gentlemen I need you’re help asap.

    I’ve by accident blocked my own IP and it has completely rendered my website useless. I need you help majorly. Please get back in touch.

    Jordan.

  • Victoria

    Hi Jordan,

    Eek! Hopefully you have access to your database and know how to use it?
    You’ll need to get access to the database and ideally make a backup of the tables listed below (incase you want any data in them later). Then you’ll need to run all four of the following sql commands to clear ALL data in the simple block tables:

    truncate table wp_vsf_block_urls;
    truncate table wp_vsf_block_rules;
    truncate table wp_vsf_block_hits;
    truncate table wp_vsf_block;

    If you don’t know how to use your mysql database, you’re going to need to ask a friend. I’m happy to try and help as much as I can.

    Thanks
    Victoria

  • mrgaric

    I have installed VSF Simple Block and it seemed to install okay. All of the interface appears normal and I have followed the instructions to block IP addresses. It just doesn’t seem to block the IP addresses I have added to my Block Rules under Value. I haven’t changed any other settings.

    What is the best place to start trying to implement a solution?

    Thanks

  • Victoria

    Hi mrgaric,

    Can you provide me with the result from the following query?
    select * from wp_vsf_block_rules;

    Also, what IP address or range are you hoping to block?

    Diagnosing without that data would be fairly difficult / impossible.

    Thank you
    Victoria

  • jankph

    This doesn’t work so well on my blog. It only blocks tag pages and category pages. All other pages and posts are fully visible. BTW, the same happens with other plugins like IP Filter and WP Ban, and it could be a theme issue. I’m using WP 3.2.1 and the Atahualpa 3.6.4 theme.

  • websta

    Can your plugin help against the TimThumb hack that is plaguing many WordPress and other sites?

    For example, see: [removed]

    If so, can you please give specific instructions so everyone can benefit thereby?

  • Victoria

    Hi Websta,

    Sorry for the delay, was on holiday.

    I’ve taken a look on the net regarding TimThumb and I don’t think my plug-in will help you.

    What I would recommend is the following:
    Always update everything! (after doing a backup) The number of people that don’t do updates is frightening and can lead to your site being compromised easily.
    Backup your database and website files regularly.
    If you don’t have SSL (HTTPS) for the login page, make sure you’re using a plug-in which can encrypt the sent passwords. E.g. Semisecure Login Reimagined
    Use an anti-spam plug-in for stopping rogue bots registering, E.g. SI CAPTCHA Anti-Spam
    Use a plug-in which checks basic things about the incoming request, E.g. Bad Behavior
    Use a statistics plug-in to show you exactly who’s browsing your site, E.g. VSF Simple Stats
    And use a manual blocking plug-in, like this one.

    Please also take a look at the following about TimThumb:
    http://wordpress.org/support/topic/wordpress-321-vanilla-is-far-from-secure
    http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

    Thanks
    Victoria

  • revekozu

    Thanks for this useful plugin!

    I quickly put the halt on what felt like a baidu, yandex soso,mj12 attack.

    However I can’t get the export to work for me. I suspect some conflict with another plugin, tried turning off caching plugin and a couple other things…

    Anyway… Is there a file in the plugin folder I could use to copy settings to other installs?

  • revekozu

    I figured out the simple answer to my question. Just exporting wp_vsf_block_rules.sql from the database and importing into new installs worked quick and easy for me.

    Thanks again

  • Jim53

    Hi Victoria, I think I have blocked a domain by accident. Nothing is showing on the software program, but I would like to check as the traffic from that ip has just dried up.
    Where can i check ‘behind the scenes’ I’m a bit of a newbie at this so go easy please !

    Thanks

  • Jim53

    Just to add to that Q, where is the ‘blocked users’ file kept and what is it called ?

    Thanks

  • Victoria

    Hi Jim,

    There is no file storing the ‘block users’, everything is stored in your mysql database.

    Option 1:
    Go in to the admin panel (Settings–>VSF Simple Block), Click on the link “Block Rules”. There are two sub pages in that menu: “Block User Rules” and “Block URL Rules”. From there you can then selectively remove rows using the buttons.

    Option 2 (rather drastic – not recommended if you don’t know how to use the database):
    Now depending on whether you’ve been using the plugin for a long time, you could simply remove all records using the below commands:
    truncate table wp_vsf_block_urls;
    truncate table wp_vsf_block_rules;
    truncate table wp_vsf_block_hits;
    truncate table wp_vsf_block;

    Or if you only want to remove selected records, you’ll need to view the database table content and look in the tables and selectively delete rows (from only the four tables listed above!) 🙂

    Hope that helps

    Victoria

  • Jim53

    Thanks Victoria, Well I’ve checked and it seems that the tables are not showing any ip’s and neither is the settings (i’ve sent you a pic by email).
    So it must be empty right ?

    thanks