Jump to content

Weekly update – 31 March 2023


ryan
 Share

Recommended Posts

There are several updates on the dev branch this week (commit log), including issue fixes, feature additions and minor class improvements. One of the updates I'd planned to add this week was moving InputfieldTinyMCE into the core. However, I noticed that TinyMCE was up to version 6.4.1 now and we were still running 6.2.0, so I decided instead to upgrade ours to the latest and test it out for another week in its own repository. If all continues to work well, I'll likely commit it to the core in 3.0.215. If you have a chance to test the latest version of InputfieldTinyMCE, please do, and open an issue report if you run into any trouble. 

Last week the Wire Request Blocker module was released in the ProDevTools board and this week we have version 2, which includes several new additions:

  • Added support for blocking groups.
  • Added configurable settings for immediate block (rather than just a strike) for URLs and user agents.
  • Added support for using RequestBlocker in other applications (like we use it here in IP.Board).
  • Added a feature were you can manually test URLs or user agent strings to see how they match your rules.
  • Added a configuration setting so you can choose whether or not to use a log file.
  • Added a section to the docs on how to block URLs from your .htaccess file.

As I wrote this post, the processwire.com site is getting hounded with dozens of IPs trying to locate backup or database zip/rar/tar/gz files, using every possible combination of filenames and extensions you can think of, including those that include the term "processwire". Remember to never leave backup files or DB dump files accessible by URL lying around on your server, because they will get eventually found. Adding these rules (below) to WireRequestBlocker's URL matching rules seems to mostly stopped those DB/backup hunting bots:

/ba=/backups/|/backup/|/bak/|/back/
.txt=credentials.txt|backup.txt|password.txt|passwords.txt
.sql=.sql.gz|.sql.tar|backup.sql|dump.sql|db.sql|database.sql|mysql.sql|.com.sql
.tar=.tar.gz|.tar.sql|dump.tar|backup.tar|bak.tar|website.tar|backup.tar|www.tar
.zip=backup.zip|bak.zip|.com.zip|well-known.zip|index.zip|public_html.zip|website.zip|dump.zip|wallet.zip|application.zip
.rar=bak.rar|website.rar|backup.rar|www.rar
.gz=website.gz|bak.gz|backup.gz|.com.gz
/old/

WireRequestBlocker only knows its rules and doesn't know who's real and who's a bot, so be careful not to hit URLs containing those strings on this site or it might hit you with nothing but 403's for a few hours. 🙂 Next week is Spring Break here, so I'll likely be on a reduced schedule with kids home from school. Thanks for reading, have a great weekend! 

Screen Shot 2023-03-31 at 4.24.57 PM.png

+75 more blocks (not shown)

  • Like 21
  • Thanks 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...