Support > Security
Patch for new Elxis 4.4 Defender
datahell:
Elxis 4.4 has a new Elxis Defender that catches 3 times more attacks and spammers than the previous version. The Defender was redesigned, the old filters removed and new ones added that use different filtering technology and also supports logging attacks in security.log file. The patch I provide is for Elxis 4.2 and 4.3 sites, I didn't tested it with previous versions so don't apply it in Elxis 4.0 and 4.1. Read carefully the instructions I give below and do exactly as I say in order to apply the patch.
This patch is experimental. Use it at your own risk.
1. Open configuration.php file and make the site offline:
private $ONLINE = 0;
change DEFENDER options to this:
private $DEFENDER = 'GRI';
Add these configuration options:
private $DEFENDER_IPAFTER = 1;
private $DEFENDER_LOG = 1;
If DEFENDER_NOTIFY does not exist add it to:
private $DEFENDER_NOTIFY = 1;
Save the file. The site is offline now.
2. Go to your repository folder and locate folder logs
Upload these files from the patch zip:
{repository}/logs/defender_ips.php
{repository}/logs/defender_ip_ranges.php
{repository}/logs/security.log
Make sure all these files are write-able.
3. Go to folder includes/libraries/elxis/defender/ and DELETE these files:
agents.php
custom.php
general.php
hosts.php
ips.php
post.php
Upload in the same folder these files:
general.rules.php
custom.rules.php
4. Go to the parent folder (includes/libraries/elxis/) and update these files:
defender.class.php
exit.class.php
performance.class.php
uri.class.php
session.class.php
5. Go to folder includes/ and update Elxis loader:
includes/loader.php
The update is complete, turn the site back online by opening configuration.php and setting
private $ONLINE = 1;
IMPORTANT NOTES / TIPS
1. Don't save elxis configuration from the administration interface because you will lose the new configuration options (we updated only the defender, not the whole elxis, so you cant configure the new options from the admin area).
2. If you get too many security alerts disable sending emails them by setting DEFENDER_NOTIFY = 0 (I believe you will get 3-4 times more alerts)
3. Inspect the security.log file to see what defender caught. You can disable logging if you wish by setting DEFENDER_LOG = 0. Make sure log rotate is enabled: LOG_ROTATE = 1
4. The lists of blacklisted IPs are automated automatically. If you want to experiment set DEFENDER_IPAFTER = 0. If 0 slows down your site turn it back to 1.
Write me your experience of the new Elxis Defender for Elxis 4.4. Report any problems or false alarms you may find.
datahell:
I updated the patch for Defender above removing retail.telecomitalia.it from bad hosts and adding some other filters. If you get any false positives please report them below.
adus:
just implemented the Patch.
Thanks for that.
--- Quote from: datahell on January 24, 2016, 10:54:20 ---......
2. Go to your repository folder and locate folder logs
Upload these files from the patch zip:
{repository}/logs/defender_ips.php
{repository}/logs/defender_ip_ranges.php
{repository}/logs/security.log
Make sure all these files are write-able.
.....
--- End quote ---
But I didn't find a security.log in the zip-file.
So I copied the warning.log and renamed it to security.log
Will this work??
adus:
:o
Right at the moment I got the following:
--- Quote ---Security alert
Request dropped!
You have been banned! If you think this is wrong contact the site administrator.
Reference code: SEC-DEFB-0001
--- End quote ---
What should I do, to unban myself?
Thanks for yor reply..
perseas:
If you have open the administrator panel go to : Logs>(select row)>Defender bans and press Cear File.
This action will clear all IPs addreses from the file defender_ban.php.
Other option is with FTP .
Go to your Repository file > logs > defender_ban.php
Download and Open defender_ban.php and clear your IP address from the list of banned IPs and upload again.
Navigation
[0] Message Index
[#] Next page
Go to full version