horst Posted April 1, 2018 Share Posted April 1, 2018 My personal preference is not to update the .htaccess file automatic. If something breaks, the complete site may become unrenderable. Also warning mechanism may not get invoked then(!). Additionally I only allow read access to the file for security reasons. So my favourite would be to collect candidates and provide them as alphabetically sorted markup on demand 2 Link to comment Share on other sites More sharing options...
ceberlin Posted August 28, 2018 Share Posted August 28, 2018 (edited) Simple question, in your instructions, what do you mean by Call the module from your home.php template $modules->get('Blackhole')->blackhole(); If I add this code somewhere on the homepage's php code, I get a 404 in the frontend, which I actually expected to happen (same behavior as on blackhole.php). (problem gone) Edited September 18, 2022 by ceberlin problem gone Link to comment Share on other sites More sharing options...
flydev Posted July 30, 2023 Author Share Posted July 30, 2023 Hi, This message is to be taken as informational and being transparency, NOT as a security alert. In short: The module code do not contain vulnerabilities, you are safe to use it. In depth: Years ago, I could spot some offsec users cloning/forking the project on Github. Theses last days, the project got more activities that can be seen on this graph and it look like the module is now included in some open-source offensive security tools. I took a few hours to find and go back to these tools and took the liberty of testing them myself on three online sites, based on Processwire with the module installed. I obtained no negative results, no red flags to deplore. What's more, the code is now monitored to automatically find and correct vulnerabilities in open source code and dependencies with security tools and DeepCode AI. If you ever find something or even if you are not sure about it, feel free to contact me by following the Security Policy. Have a nice day. 6 Link to comment Share on other sites More sharing options...
howdytom Posted May 29 Share Posted May 29 @flydev I stumbled upon this wonderful module. Thank you so much! I have noticed that version Blackhole 1.1.0 does not block the entire site as stated. Once the IP address has been blocked, it is still possible to load any sub pages. It only blocks access to the front and blockhole page. I have tested it with a clean PW 3.0.229 install. Can you reproduce it? 1 Link to comment Share on other sites More sharing options...
flydev Posted May 31 Author Share Posted May 31 Thanks @howdytom! I just answered on your github issue. Just in case you are not aware of, you can also find a Pro module made by @ryan that use mainly htaccess to kill bad bots. The Pros of RequestBlocker that is a Cons in Blackhole is the fact that agressive bots could degrade the server resources. sort of denial of service. Anyway, when used for example, behind a well configured reverse proxy or a service like cloudflare, the cons is really mitiged. Link to comment Share on other sites More sharing options...
howdytom Posted May 31 Share Posted May 31 @flydev Oh sorry, I got it now. ??♂️ I followed the Readme without thinking. To call the module on all templates I have added it to the _init.php. Now it is working as expected. Ryans Prod module looks like a good alternative. For now, I do prefer the Blackhole module. It is lightweight, quick and easy to implement. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now