Register

Author Topic: BotBanish 3.x Release History  (Read 2188 times)

Randem

  • Administrator
  • Hero Member
  • *****
  • Posts: 2681
BotBanish 3.x Release History
« Reply #1 on: January 18, 2018, 08:00:45 PM »
Not Released - Version 3.4 Build 0

CHG: Added country flags icons to countries analytics reporting area.

CHG: Added browses icons to browser analytics reporting area.

FIX: Browsers were being reported incorrectly.

CHG: Return htaccess processing to Apache 2.2 format. Many Apache 2.4 servers are not setup for full usage of the new format leading to 500 series errors. IPv6 can no longer be supported in the htaccess file using Apache 2.2.
_____________________________________________________________________________________________________________________

06/17/2019 Version 3.3 Build 1

ADD: Added SMF SSI support.

CHG: Various corrections.
_____________________________________________________________________________________________________________________

06/13/2019 Version 3.3 Build 0

ADD: Portuguese, Italian, Swedish and German Language Support.

CHG: Streamlined install and uninstall procedures.

ADD: IPv6 process directives to htaccess file. Must be running Apache version of at least 2.4.00 for IPv6 processing to be used. Default is IPv4 only. This is an automated feature.

ADD: Create a blank favicon.ico when one does not exist on client's site. When the browser contacts a site; it looks for a favicon.ico file. if one is not there a 404 Document Error is generated causing BotBanish to treat this as an venerability search.

ADD: [SMF Only] On installation BotBanish will import existing IP addresses from the smf_log_banned table into the BotBanish block IP table and place these IP into the .htaccess file to incorporate any existing bans.

ADD: On install, BotBanish will add support to convert the .htaccess file directives from pre Apache version 2.4.00 format to post Apache 2.4.00 format when BotBanish is running on Apache Version higher than 2.4.00 (This applies to BotBanish Generated Information ONLY!)

ADD: Ability to stop bots / bad users from downloading your files.

ADD: Adds monitoring of your forum webpages and file downloads that can help you with Analytics about the visitors on your site and further protect your site from bot / bad users. This will assist you in getting real analytic about your site not bot induced analytics.

ADD: Generate analytics reports from monitored webpage traffic and file downloads.
_____________________________________________________________________________________________________________________

04/06/2019 - Version 3.2 Build 5

ADD: [SMF Only] When adding an IP address to the ban list, BotBanish will add it to the .htaccess file so that the IP does not have access to the website. When removing the ban, the IP will be removed from the .htaccess file.

ADD: Backup .htaccess file during install.

CHG: On installation, BotBanish rule changes are placed in a block in the .htaccess file in case the user makes changes to the BotBanish rules; they can still be removed upon uninstall.

FIX: On 400 Series errors BotBanish will now count these as venerability searching and will lock the IP out after repeated attempts.

CHG: Improved User-Agent checking.

ADD: [SMF Only] Support for SMF 2.1 RC1.

CHG: [SMF Only] Removed Support for SMF 2.1 Beta 3.

ADD: French Language Support (Thanks to SMF's Forum maximus23)

ADD: Good / Bad Domain processing to client side. Client can choose which domains are good or bad which can differ from the BotBanish Server's decision

ADD: Upon uninstall, BotBanish will remove all IP addresses from the .htaccess file that BotBanish recorded placing into it. This will ONLY happen when choosing "Remove all data associated with this modification." at uninstall time. If you uninstall and intend to re-install BotBanish, do not choose to delete the data so as to retain data that was already collected.

ADD: [SMF Only] Blacklist / Whitelist user interface added to maintain Spider, Domain and IP lists.

FIX: [Server Side Only] When a ErrorDocument exception on the client side was generated; BotBanish counted it as an attempt to gain access to the system. This was in error as an ErrorDocument exception of 200 is an acceptable exception condition.

ADD: Upon installation BotBanish will place a dummy favicon.ico file in the root of the site; if one does not already exist. This is to stop the browser from generating unwanted 404 Document Errors each time someone accesses the site. 404 Document Errors count in the effort to deny an IP from accessing the site. 404 Document Errors can also be generated when your site refers to non-existent pages and files which will cause IP lockouts accordingly. Bots continually test a sites vulnerability by attempting to access backdoor areas of systems which may or may not exist.

CHG: Moved BotBanish settings from Mod Miscellaneous area to BotBanish menu area.
_____________________________________________________________________________________________________________________

01/08/2019 - Version 3.2 Build 2

ADD: New user / bot capture routines.

CHG: Updated SQL Injection Protection.
_____________________________________________________________________________________________________________________

11/11/2018 - Version 3.2 Build 1

ADD: Allow user to allow a whole IP Segment not to be blocked in the botbanishclient_ip_dnb table with one entry I.E.

 xxx.xxx.xxx. will allow IP addresses from xxx.xxx.xxx.* (1 - 255)
 xxx.xxx. will allow IP addresses from xxx.xxx.* (1 - 255) . (1-255)

A similar process is also done on the server side to block IP ranges of which the client can override.

ADD: When an IP address is added to the .htaccess with the notation of locking out a whole segment (xxx.xxx. or xxx.xxx.xxx.), all the IP addresses matching the segments will be removed from the .htaccess file to save space.

ADD: Sorts on occasion, the IP deny list and the BOT deny list in the .htaccess file and eliminate duplicates to keep the .htaccess file manageable.
______________________________________________________________________________________________________________________

10/17/2018 - Version 3.2 Build 0

CHG: Disabled a SMF call to checkSession in the LogInOut.php file that gave the message 'Unable to verify referring url. Please go back and try again' when a user came to the SMF login page from an external link / page. Coming from an external link / page does not create a security issue when attempting to log in.

ADD: More aggressive SQL Injection Protection.

ADD: More indicator types of Bot blocking in messages.

ADD: More aggressive Bot detection.

ADD: Independent email support.
______________________________________________________________________________________________________________________

07/19/2018 - Version 3.1 Build 0

FIX: Addresses an issue when a bots user-agent had special characters and/or code in it in an attempt to avoid detection while injecting code into the hosted site causing 500 Internal Server Errors.

ADD: Added BotBanish for Websites functionality to the SMF install to aid in the detection of bots searching for hosting vulnerabilities. The SMF install will protect your hosted domain also.

CHG: Change anonymous bot information to be written to error database / file as well as sent to email if so chosen. Was originally email only.

ADD: Block PHP / SQL code injection attacks.

ADD: Monitoring of 400 Series Document Errors.

CHG: Changed BotBanish to use HTTPS communications which may lead prior BotBanish HTTP Clients to not work.
______________________________________________________________________________________________________________________

05/29/2018 - Version 3.0 Build 2

FIX: Addresses a DNS issue that slowed down forums. Only guest attempting to log on will experience a slight delay acquiring DNS.
________________________________________________________________________________________________________________________

05/19/2018 - Version 3.0 Build 1

FIX: If the BotBanish Client cannot connect to a the default BotBanish Server, it will automatically attempt to switch to an alternate BotBanish Server.
________________________________________________________________________________________________________________________

05/17/2018 - Version 3.0 Build 0

ADD: If the BotBanish Client cannot connect to a the first BotBanish Server, it will automatically attempt to  switch to an alternate BotBanish Server.

ADD: If the BotBanish Server cannot connect to a database, it will automatically switch to an alternate database on a different server.

FIX: If the BotBanish Server cannot be reached, it will generate an error in the log file but will not give the white screen of death. The client will just continue as if the request was good until the BotBanish server is back online.

FIX: When an @ sign was detected in the user agent of a bot attempting to attack the system a entry in the .htaccess file was recorded with a cr/lf in the entry causing a 500 Internal Server Error page stopping access to the site.

Invalid entry would look like this:

Code: [Select]
SetEnvIfNoCase User-Agent "webauth
cmcm.com." bad_bot

When the entry should look like this:

Code: [Select]
SetEnvIfNoCase User-Agent "webauth@cmcm.com." bad_bot

NEW: BotBanish Client and Server now supports both GET and PUT request to transfer data. The default request method is now PUT for secure communications. The GET request method is still supported for older versions of BotBanish.

NEW: BotBanish Client for OpenCart is now compatible with OpenCart versions 2.1.x thru 3.x.

NEW: BotBanish Client will now dynamically find the administrative email address in order to send administrative email notifications.

NEW: BotBanish Client emails will now have the BotBanish version included in the body of the email of the currently running version of BotBanish that generated the message.

NEW: (SMF Only) BotBanish Client will automatically check for new versions of BotBanish Client in Package Manager and alert the Admin on screen if one is available.

NEW: (SMF Only) BotBanish Client available settings can be changed at Administration Center Modification Settings Miscellaneous section

NEW: (SMF Only) Default set for email notifications to be written to the error log.

NEW: Allow user to decide if BotBanish sends an email after detection or just logs the information to the error log file.

NEW: Detects Spoofing bots. Bots that claim to be legitimate search engine bots such as Google or Bing and are not; are ejected from the system.