Support » Plugin: BBQ Firewall » Search Spam

Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Author Jeff Starr

    (@specialk)

    I have added guangxiymcd in the latest version (20200706), so those requests will be blocked. Thank you for the feedback.

    guangxiymcd is just an example. I have hundrets of chinese domain names in my search log. they all start with www. and end with .cn
    can you add a rule to block all those requests?

    Plugin Author Jeff Starr

    (@specialk)

    I will take a closer look and see what I can do for the next update. Thanks for the feedback and ideas, much appreciated.

    Plugin Author Jeff Starr

    (@specialk)

    Just to follow up with this. I replaced the static pattern guangxiymcd with a dynamic pattern ^www\.(.*)\.cn$ so BBQ should block any request that includes this in the query string:

    * Query string begins with www.
    * Then any characters or none
    * Query string ends with .cn

    So it specifically matches/blocks based on those criteria. Plugin update should be available soon. Let me know if it helps cut down on the spam, or if any further refinements are possible.

    These are great news.
    I’ll let you know how well it works

    Just tested it. (Version: 20200811)
    When I enter a search ‘www.abcdefg.cn’ it still gets logged and the search is executed.

    I also have the following searched in the log, which seem to be malicious:
    Home%2F\\think\\app%2Finvokefunction
    index%2F\\think\\app%2Finvokefunction

    When I enter these in the search bar, the search is also executed as usual.

    Plugin Author Jeff Starr

    (@specialk)

    Does the query string match what you reported:

    they all start with www. and end with .cn

    That is exactly what I added to the plugin. So look at the query string and compare with your own requirements.

    Yes, all the querys only include the url in the format www.whatever.cn
    I have just cleared the log, but I can send you a screenshot once it filled up again

    • This reply was modified 5 months, 2 weeks ago by coholm.
    • This reply was modified 5 months, 2 weeks ago by coholm.
    Plugin Author Jeff Starr

    (@specialk)

    What are some examples of the requested URLs you are getting? Paste a few entire URLs so I can take a look. They should look something like this:

    https://example.com/path/whatever/?the-query-string=something-blah-blah

    Make sure to remove your domain name from the examples before posting.

    
    https://whatever.com/produkte?wpv_post_search=www.whatever.com
    
    https://whatever.com/produkte?wpv_view_count=1187&wpv_post_search=www.whatever.cn&wpv_filter_submit=Suchen
    
    https://whatever.com/produktkategorie/mikrofone?wpv_view_count=1187&wpv_post_search=www.whatever.cn&wpv-product_cat%5B%5D=mikrofone&wpv_filter_submit=Suchen
    
    Plugin Author Jeff Starr

    (@specialk)

    So that’s why it is not working for you. These are the query strings:

    wpv_post_search=www.whatever.com
    wpv_view_count=1187&wpv_post_search=www.whatever.cn&wpv_filter_submit=Suchen
    wpv_view_count=1187&wpv_post_search=www.whatever.cn&wpv-product_cat%5B%5D=mikrofone&wpv_filter_submit=Suchen

    Take a close look at those and tell me if they meet the criteria outlined above.

    Oh ok. I thought that the part after the equal sign (=) is the query string.
    I’m not sure if you can create a rule that catches all the possibilities after the equal sign that contain www. and .cn

    @specialk Thanks for the latest update. Works perfect now

    • This reply was modified 1 month, 3 weeks ago by coholm.
Viewing 15 replies - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.