article
article user shops file news flash Website navigation Supply and demand information

Block Bad Queries - Block Bad Queries

Is a simple, ultra fast plug-in that can protect your website from malicious URL requests. The BBQ checks all incoming traffic and silently blocks bad requests that contain nasty things eval( base64_ And the request string is too long. For unavailable Powerful. htaccess firewall This is a simple and reliable solution.

Download on this website:

[zrz_file link=" https://cdn.getimg.net/npc/2019/wordpress/plugin/block-bad-queries.20191109.zip " name="block-bad-queries.20191109.zip" code=""]
Block Bad Queries - Block Bad Queries

Great features

  • 100% Plug and Play
  • No configuration required (works normally)
  • Natural speed and simplicity, no unnecessary decoration
  • 100% focus on security and performance
  • Block various malicious requests
  • Prevent directory traversal attacks
  • Block executable file upload
  • Prevent SQL injection attacks
  • be based on 5G/6G firewall
  • Scan all incoming traffic and block bad requests
  • Scan all types of requests: GET, POST, PUT, DELETE, etc.
  • Work silently in the background to protect your website
  • Easy to use worry free security plug-in
  • Fully tested, error free performance
  • Compatible with other security plug-ins
  • Regularly updated and "future oriented"
  • adopt Whitelist/blacklist plug-in Custom Blocked String

Privacy

The plug-in does not collect or store any user data. It will not set any cookies, nor will it connect to any third-party location. Therefore, this plug-in will not affect user privacy in any way.

Works perfectly with or without the Gutenberg Block Editor

professional edition

For advanced protection and powerful features, check out BBQ Pro

Verify whether it is normal

once BBQ To install, you can verify its work by requesting the following website From your website S( example.com ):

  • http://example.com/proc/self/environ
  • http://example.com/path/?q=%2e%2e
  • http://example.com/path/base64_

These are just BBQ Examples of blocked garbage types. If your server returns a 403 "Forbidden" response for these examples, then BBQ Executing its tang. More tests can be carried out using the patterns contained in the BBQ firewall.

How does this work

This is basically my transplant to PHP G series   blacklist Adaptation of. It defines a set of matches and prevents malicious URL Request the regular expression to work. BBQ Scan three parts of each request:

  • Request URI
  • Query string
  • user agent

Checking these variables according to a set of known attack patterns designed by the policy is an effective way to prevent malicious attacks.

BBQ independent PHP script

In non WP Implemented on the website BBQ Script, please add the following code for each page request (for example, at the beginning of each page).

 <? php /* Plugin Name: Block Bad Queries (BBQ) Plugin URI:  https://perishablepress.com/block-bad-queries/ Description: Automatically protects WordPress against malicious URL requests. Author: Jeff Starr Author URI:  https://monzillamedia.com/ Version: (standalone) License: GPL v2 Usage: No configuration necessary. Upload, activate and done. BBQ blocks bad queries automically to protect your site against malicious URL requests. Tags: security, protect, firewall, php, eval, malicious, url, request, blacklist */ $request_uri = $_SERVER['REQUEST_URI']; $query_string = $_SERVER['QUERY_STRING']; $user_agent = $_SERVER['HTTP_USER_AGENT']; // request uri if (	//strlen($request_uri) > 255 ||  stripos($request_uri, 'eval(') ||  stripos($request_uri, 'CONCAT') ||  stripos($request_uri, 'UNION+SELECT') ||  stripos($request_uri, '(null)') ||  stripos($request_uri, 'base64_') ||  stripos($request_uri, '/localhost') ||  stripos($request_uri, '/pingserver') ||  stripos($request_uri, '/config.') ||  stripos($request_uri, '/wwwroot') ||  stripos($request_uri, '/makefile') ||  stripos($request_uri, 'crossdomain.') ||  stripos($request_uri, 'proc/self/environ') ||  stripos($request_uri, 'etc/passwd') ||  stripos($request_uri, '/https/') ||  stripos($request_uri, '/http/') ||  stripos($request_uri, '/ftp/') ||  stripos($request_uri, '/cgi/') ||  stripos($request_uri, '.cgi') ||  stripos($request_uri, '.exe') ||  stripos($request_uri, '.sql') ||  stripos($request_uri, '.ini') ||  stripos($request_uri, '.dll') ||  stripos($request_uri, '.asp') ||  stripos($request_uri, '.jsp') ||  stripos($request_uri, '/.bash') ||  stripos($request_uri, '/.git') ||  stripos($request_uri, '/.svn') ||  stripos($request_uri, '/.tar') ||  stripos($request_uri, ' ') ||  stripos($request_uri, '<') ||  stripos($request_uri, '>') ||  stripos($request_uri, '/=') ||  stripos($request_uri, '...') ||  stripos($request_uri, '+++') ||  stripos($request_uri, '://') ||  stripos($request_uri, '/&&') ||  // query strings stripos($query_string, '?') ||  stripos($query_string, ':') ||  stripos($query_string, '[') ||  stripos($query_string, ']') ||  stripos($query_string, '../') ||  stripos($query_string, '127.0.0.1') ||  stripos($query_string, 'loopback') ||  stripos($query_string, '%0A') ||  stripos($query_string, '%0D') ||  stripos($query_string, '%22') ||  stripos($query_string, '%27') ||  stripos($query_string, '%3C') ||  stripos($query_string, '%3E') ||  stripos($query_string, '%00') ||  stripos($query_string, '%2e%2e') ||  stripos($query_string, 'union') ||  stripos($query_string, 'input_file') ||  stripos($query_string, 'execute') ||  stripos($query_string, 'mosconfig') ||  stripos($query_string, 'environ') ||  //stripos($query_string, 'scanner') ||  stripos($query_string, 'path=.') ||  stripos($query_string, 'mod=.') ||  // user agents stripos($user_agent, 'binlar') ||  stripos($user_agent, 'casper') ||  stripos($user_agent, 'cmswor') ||  stripos($user_agent, 'diavol') ||  stripos($user_agent, 'dotbot') ||  stripos($user_agent, 'finder') ||  stripos($user_agent, 'flicky') ||  stripos($user_agent, 'libwww') ||  stripos($user_agent, 'nutch') ||  stripos($user_agent, 'planet') ||  stripos($user_agent, 'purebot') ||  stripos($user_agent, 'pycurl') ||  stripos($user_agent, 'skygrid') ||  stripos($user_agent, 'sucker') ||  stripos($user_agent, 'turnit') ||  stripos($user_agent, 'vikspi') ||  stripos($user_agent, 'zmeu') ) { @header('HTTP/1.1 403 Forbidden'); @header('Status: 403 Forbidden'); @header('Connection: Close'); @exit; } ?>

No changes need to be made to this code, so you should be all right. Note that this script is different from the current version of the WP plug-in. The updated version of the plug-in has been optimized to better work with WordPress, but this version of BBQ still continues to protect non WP websites in general.

Please note that you can use the latest mode to update the BBQ blacklist in a separate script at any time. Just Download the BBQ plug-in, Then copy the regular expression array from the main plug-in file.

Perishable Press
plug-in unit

WP Real Media Library - File Management WordPress Plug in

2019-11-18 0:49:23

plug-in unit

Dashboard Widgets Suite - Dashboard Widget Suite

2019-11-18 23:02:00

⚠️
Some codes and tutorials on Npcink come from the Internet, and are only for netizens to learn and exchange. If you like this article, you can Attach original link Reprint at will.
No intention of infringing your rights, please send an email to 1355471563#qq.com Or click on the right Private message: Muze feedback, we will deal with it as soon as possible.
0 replies A Author M administrators
    There is no discussion yet. Tell me your opinion

Unlock member permissions

Open membership

Unlock massive high-quality VIP resources

Open now
Personal Center
Shopping Cart
Coupon
Sign in today
There are new private messages Private Message List
search
customer service

  • Scan code to open the current page

Back to top