Latest TweetsVerify any search engine or visitor via CLI Forward-Reverse Lookup perishablepress.com/cli-forwar…
Perishable Press

Whitelist & Blacklist Plugins for BBQ

BBQ Whitelist/Blacklist BBQ (Block Bad Queries) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval( and base64_. The plugin is ultra minimal, so there are no options to configure which strings are blocked or allowed — it’s basically a “set-it-and-forget-it” type plugin. To give the plugin more flexibility, here are two plugins that enable you to whitelist or blacklist your own custom strings.

Got BBQ? Get even more firewall protection. Upgrade to BBQ Pro →

BBQ Whitelist

If you’re running BBQ and discover that it’s blocking some page, you can “whitelist” the offending string to restore access. Let’s look at an example.

Let’s say that BBQ is blocking a page located at the following URL:

http://example.com/page/?referer=http://example.org/

This URL is blocked by BBQ because of the colon :, which is a reserved character.

To resolve the issue, we can install the BBQ Whitelist plugin and remove the matching pattern from $request_uri_array. To do so, open the BBQ Whitelist plugin and edit the “whitelist items” like so:

$bbq_whitelist_request_uri_items  = array('\/http\:', '\:\/\/');

Here we have added two items to the whitelist array, \/http\: and \:\/\/. Save, upload, and done. BBQ now will ignore the specified patterns and thus restore access to the page.

BBQ Blacklist

On the other side of the coin, let’s say that you have some string that you would like BBQ to block. For example, the infamous fckeditor seems to be a perpetual target for malicious scanning and wannabe exploits. So let’s block once and for all by adding it to BBQ.

To do so, first install the BBQ Blacklist plugin and edit the “blacklist items” like so:

$bbq_blacklist_request_uri_items  = array('fckeditor');
$bbq_blacklist_query_string_items = array('fckeditor');
$bbq_blacklist_user_agent_items   = array('fckeditor');

Here we have added the offending string to each of the three blacklist arrays, so we’re covered if the string appears in the URL, query string, and/or user agent. Then save, upload, and done. BBQ now will block the pesky fckeditor string wherever it’s found.

Note that BBQ Whitelist/Blacklist requires BBQ version 20150314 or better.

Download

Here you may download either whitelist or blacklist plugin:

WP Plugin - BBQ Whitelist – Version 20151107 (877 B zip)
WP Plugin - BBQ Blacklist – Version 20151107 (820 B zip)

BBQ GUI

Here is a simple settings page for the BBQ Blacklist & Whitelist plugins, for those who would like a GUI. Thanks to LyntServices for sharing :)

Jeff Starr
About the Author Jeff Starr = Web Developer. Book Author. Secretly Important.
Archives
5 responses
  1. Steve and Sally Wharton March 27, 2015 @ 9:03 am

    Hi Jeff,

    So to block buttons-for-website.com traffic/bots/whatever-they-are from my WordPress site (Linux/WP hosting on MediaTemple if that matters) I would add:

    (1) to BBQ Blacklist:

    $bbq_blacklist_request_uri_items  = array('buttons-for-website');
    $bbq_blacklist_query_string_items = array('buttons-for-website');
    $bbq_blacklist_user_agent_items   = array('buttons-for-website');

    Is it really that easy, or am I missing something? Or,

    (2) I would add this to my .htaccess file:

    # Block all http and https referrals from "buttons-for-website.com" and all subdomains of "buttons-for-website.com"
    RewriteCond %{HTTP_REFERER} ^https?://([^.]+.)*buttons-for-website.com [NC,OR]

    with no RewriteRule needed (like the RewriteRule ^(.*)$ http://semalt.com/ [L] seen in .htaccess) ????

    Thanks for clarifying for me. Awesome plugin/s; much appreciated!

    Cheers, Steve

  2. Hey Jeff,

    I found an infoo.php file in the root of my website. Inside the file it has the following code: <?phpinfo();?>

    Do you think this is malicious script? Or maybe it was placed in my root directory by a plugin perhaps?

    I’ve got your 5G firewall in place, do you have an updated version? I can only see a 6G Beta from a while ago.

    Many thanks

    • Jeff Starr

      That PHP function displays information about your server, PHP, Apache, etc. Whether or not it’s malicious depends on who put it there and for what reason. If you or maybe one of your associates put the file, then it’s probably nothing to worry about. Otherwise, if you are sure it was placed there by some unauthorized person/script, then yeah I would investigate asap. Bottom line is that it should not be there, or it should be locked down to prevent anyone else from accessing it.

  3. VladimĂ­r Smitka May 28, 2015 @ 6:37 am

    Hi, I made a simple plugin to manage custom rules for BBQ.

    I prefer the original way – edit files by hand (plugin uses DB, so there is a little impact in the performance), but it may be useful for somebody.

    https://github.com/LyntServices/bbq-gui

[ Comments are closed for this post ]