Randem Systems Support Board

11/29/2020 - Version 3.6 Build 4

FIX: Spiders were being included in the referrer counts. They have been removed.

NEW: Allowed BotBanish to collect SMF attachment download information for BotBanish Analytics.

FIX: Removed keywords that if used in the url (SEO) would lead to site being blocked.

NEW: (SMF ONLY) Viewing numbers will not increase when the originator of the thread, administrator or known spiders views the thread. The download count will also not increase on attachments under the same conditions.

NEW: (SMF ONLY) Added spiders to the SMF spiders table which don't already exist for better reporting.
____________________________________________________________________________________________________________________

07/31/2020 - Version 3.6 Build 3

CHG: Various minor fixes.
____________________________________________________________________________________________________________________

05/30/2020 - Version 3.6 Build 2

FIX: Error Message "PHP Warning:  Use of undefined constant BOTBANISH_TIMEZONE - assumed 'BOTBANISH_TIMEZONE'" and BotBanish Analytics stops. Added BOTBANISH_TIMEZONE to have a default value.
____________________________________________________________________________________________________________________

05/12/2020 - Version 3.6 Build 1

CHG: Added installation function to help speed up importing new tables so that the error "Field 'updated' doesn't have a default value" should not be encountered when starting SMF after installation.
____________________________________________________________________________________________________________________

04/21/2020 - Version 3.6 Build 0

CHG: Management of the htaccess forced cache flush was improved for both IP and BOT with regard to time between flushes and number of items in the cache.

CHG: BotBanish will no longer create a .htaccess file in the application folder if one does not already exist. BotBanish will however still create a .htaccess file in the root is one does not exist. If the .htaccess file already exists in the application's folder, BotBanish will place entries into it as well as in the .htaccess file in the root.

CHG: Removed SMF scheduled task in flushing the BotBanish htaccess cache and replaced with a BotBanish scheduled task to do the same.

CHG: Changed some table structures which included date and time entries on both client and server sides. Install will convert old table structures to the new table structures.

CHG: Change the extensions on the .htaccess file renaming to reflect actual date and time values instead of UTC time in seconds.

NEW: Can now download the BotBanish tables (in SQL format) for backup purposes from the BotBanish menu. The SQL file will contain all instruction to recreate the tables.

FIX: Corrected some issues with converting and consolidating entries in the .htaccess file.

FIX: Blacklist IP deletion not removing IP block from the .htaccess file.

FIX: Segment block of an IP not being recorded when not followed by a period. In Apache 2.2 the trailing period was required, in Apache 2.4 it is not used.

FIX: On Centos OS with CPanel, Apache may put a php handler in the .htaccess file which contains unicode quotes. These quotes are changed to UTF-8 quotes to keep from generating 500 error codes.
____________________________________________________________________________________________________________________

12/09/2019 - Version 3.5 Build 0

CHG: Full Apache 2.2 to 2.4 IP and BOT denial support.

CHG: Re-implemented IP and Bot sorting in the htaccess file.

NEW: Conversion of IP and Bot denials in .htaccess file from Apache 2.2 to Apache 2.4 format. Consolidation of formats after conversion in case multiple denial areas are in the same .htaccess file.

CHG: Improved IP and BOT processing in the htaccess file. Will automatically consolidate IP ranges to be blocked.

CHG: Adding or deleting an IP or spider from the blacklist will also remove the IP or spider block from the htaccess file at the same time. Adding an IP or spider to the white list WILL NOT delete the IP or Spider from the htaccess block list.

CHG: Full PHP 5.6 to 7.2 compatibility.

NEW: htaccess file caching for new IP / BOT blocks to be added to the htaccess file. This will help when being inundated with attacks so that BotBanish is not using too many CPU cycles writing to the htaccess file. However when caching is enabled; IP / BOT blocking will not be immediate until the cache is cleared and the data is written to the htaccess file.  The values of the cache holdings and flush time length can be changed in BotBanish Settings. The cache is automatically flushed every 20 minutes (default) when forum is busy or after the maximum items are in the cache (default 20). If the forum is not busy then the next time someone access the forum after 20 minutes the cache will be flushed.

CHG: Add more user-agents (good and bad) on client side on an install with empty tables (good and bad spider). This will generate better spider blocking on the initial install in the htaccess file.

NEW: Simultaneously modify .htaccess files in the root and in the application's folder location, if application is installed in a different folder than the root (IE. OpenCart, SMF, WordPress).

CHG: Various corrections.
____________________________________________________________________________________________________________________

12/04/2019 - Version 3.4 Build 5

FIX: Corrected incorrect .htaccess entries.

FIX: .htaccess IP/BOT entries will now be consolidated and sorted upon install.
____________________________________________________________________________________________________________________

12/04/2019 - Version 3.4 Build 4

FIX: Corrected blacklist additions and removals from the .htaccess file.

FIX: Corrected BotBanish database table update on install to reflect new table structures.
____________________________________________________________________________________________________________________

11/21/2019 - Version 3.4 Build 3

FIX: Corrected improper <Files> tag to reflect <Files *>. Error would not allow access to files in no directory other than the DOCUMENT_ROOT folder.
____________________________________________________________________________________________________________________

11/19/2019 - Version 3.4 Build 2

FIX: SMF ONLY!. Changed names in package-info.xml that was causing installation error in package to match new naming conventions. This affects installations for 2.1 RC1 and 2.1 RC2 only.
___________________________________________________________________________________________________________________

10/30/2019 - Version 3.4 Build 1 - A REQUIRED & IMPORTANT UPDATE!

FIX: On an Apache 2.4 system IP / BOT blocking was recorded but not blocked. This is because of the change in structure of Apache 2.4.
______________________________________________________________________________________________________________

10/03/2019 - Version 3.4 Build 0

CHG: Added country flags icons to countries analytics reporting area.

CHG: Added browses icons to browser analytics reporting area.

FIX: Browsers were being reported incorrectly in the analytics.

CHG: IPv6 can not be supported in the htaccess file using Apache 2.2.

CHG: Various corrections.
_____________________________________________________________________________________________________________________

06/17/2019 Version 3.3 Build 1

ADD: Added SMF SSI support.

CHG: Various corrections.
_____________________________________________________________________________________________________________________

06/13/2019 Version 3.3 Build 0

ADD: Portuguese, Italian, Swedish and German Language Support.

CHG: Streamlined install and uninstall procedures.

ADD: IPv6 process directives to htaccess file. Must be running Apache version of at least 2.4.00 for IPv6 processing to be used. Default is IPv4 only. This is an automated feature.

ADD: Create a blank favicon.ico when one does not exist on client's site. When the browser contacts a site; it looks for a favicon.ico file. if one is not there a 404 Document Error is generated causing BotBanish to treat this as an venerability search.

ADD: [SMF Only] On installation BotBanish will import existing IP addresses from the smf_log_banned table into the BotBanish block IP table and place these IP into the .htaccess file to incorporate any existing bans.

ADD: On install, BotBanish will add support to convert the .htaccess file directives from pre Apache version 2.4.00 format to post Apache 2.4.00 format when BotBanish is running on Apache Version higher than 2.4.00 (This applies to BotBanish Generated Information ONLY!)

ADD: Ability to stop bots / bad users from downloading your files.

ADD: Adds monitoring of your forum webpages and file downloads that can help you with Analytics about the visitors on your site and further protect your site from bot / bad users. This will assist you in getting real analytic about your site not bot induced analytics.

ADD: Generate analytics reports from monitored webpage traffic and file downloads.
_____________________________________________________________________________________________________________________

04/06/2019 - Version 3.2 Build 5

ADD: [SMF Only] When adding an IP address to the ban list, BotBanish will add it to the .htaccess file so that the IP does not have access to the website. When removing the ban, the IP will be removed from the .htaccess file.

ADD: Backup .htaccess file during install.

CHG: On installation, BotBanish rule changes are placed in a block in the .htaccess file in case the user makes changes to the BotBanish rules; they can still be removed upon uninstall.

FIX: On 400 Series errors BotBanish will now count these as venerability searching and will lock the IP out after repeated attempts.

CHG: Improved User-Agent checking.

ADD: [SMF Only] Support for SMF 2.1 RC1.

CHG: [SMF Only] Removed Support for SMF 2.1 Beta 3.

ADD: French Language Support (Thanks to SMF's Forum maximus23)

ADD: Good / Bad Domain processing to client side. Client can choose which domains are good or bad which can differ from the BotBanish Server's decision

ADD: Upon uninstall, BotBanish will remove all IP addresses from the .htaccess file that BotBanish recorded placing into it. This will ONLY happen when choosing "Remove all data associated with this modification." at uninstall time. If you uninstall and intend to re-install BotBanish, do not choose to delete the data so as to retain data that was already collected.

ADD: [SMF Only] Blacklist / Whitelist user interface added to maintain Spider, Domain and IP lists.

FIX: [Server Side Only] When a ErrorDocument exception on the client side was generated; BotBanish counted it as an attempt to gain access to the system. This was in error as an ErrorDocument exception of 200 is an acceptable exception condition.

ADD: Upon installation BotBanish will place a dummy favicon.ico file in the root of the site; if one does not already exist. This is to stop the browser from generating unwanted 404 Document Errors each time someone accesses the site. 404 Document Errors count in the effort to deny an IP from accessing the site. 404 Document Errors can also be generated when your site refers to non-existent pages and files which will cause IP lockouts accordingly. Bots continually test a sites vulnerability by attempting to access backdoor areas of systems which may or may not exist.

CHG: Moved BotBanish settings from Mod Miscellaneous area to BotBanish menu area.
_____________________________________________________________________________________________________________________

01/08/2019 - Version 3.2 Build 2

ADD: New user / bot capture routines.

CHG: Updated SQL Injection Protection.
_____________________________________________________________________________________________________________________

11/11/2018 - Version 3.2 Build 1

ADD: Allow user to allow a whole IP Segment not to be blocked in the botbanishclient_ip_dnb table with one entry I.E.

xxx.xxx.xxx. will allow IP addresses from xxx.xxx.xxx.* (1 - 255)
xxx.xxx. will allow IP addresses from xxx.xxx.* (1 - 255) . (1-255)

A similar process is also done on the server side to block IP ranges of which the client can override.

ADD: When an IP address is added to the .htaccess with the notation of locking out a whole segment (xxx.xxx. or xxx.xxx.xxx.), all the IP addresses matching the segments will be removed from the .htaccess file to save space.

ADD: Sorts on occasion, the IP deny list and the BOT deny list in the .htaccess file and eliminate duplicates to keep the .htaccess file manageable.
______________________________________________________________________________________________________________________

10/17/2018 - Version 3.2 Build 0

CHG: Disabled a SMF call to checkSession in the LogInOut.php file that gave the message 'Unable to verify referring url. Please go back and try again' when a user came to the SMF login page from an external link / page. Coming from an external link / page does not create a security issue when attempting to log in.

ADD: More aggressive SQL Injection Protection.

ADD: More indicator types of Bot blocking in messages.

ADD: More aggressive Bot detection.

ADD: Independent email support.
______________________________________________________________________________________________________________________

07/19/2018 - Version 3.1 Build 0

FIX: Addresses an issue when a bots user-agent had special characters and/or code in it in an attempt to avoid detection while injecting code into the hosted site causing 500 Internal Server Errors.

ADD: Added BotBanish for Websites functionality to the SMF install to aid in the detection of bots searching for hosting vulnerabilities. The SMF install will protect your hosted domain also.

CHG: Change anonymous bot information to be written to error database / file as well as sent to email if so chosen. Was originally email only.

ADD: Block PHP / SQL code injection attacks.

ADD: Monitoring of 400 Series Document Errors.

CHG: Changed BotBanish to use HTTPS communications which may lead prior BotBanish HTTP Clients to not work.
______________________________________________________________________________________________________________________

05/29/2018 - Version 3.0 Build 2

FIX: Addresses a DNS issue that slowed down forums. Only guest attempting to log on will experience a slight delay acquiring DNS.
________________________________________________________________________________________________________________________

05/19/2018 - Version 3.0 Build 1

FIX: If the BotBanish Client cannot connect to a the default BotBanish Server, it will automatically attempt to switch to an alternate BotBanish Server.
________________________________________________________________________________________________________________________

05/17/2018 - Version 3.0 Build 0

ADD: If the BotBanish Client cannot connect to a the first BotBanish Server, it will automatically attempt to  switch to an alternate BotBanish Server.

ADD: If the BotBanish Server cannot connect to a database, it will automatically switch to an alternate database on a different server.

FIX: If the BotBanish Server cannot be reached, it will generate an error in the log file but will not give the white screen of death. The client will just continue as if the request was good until the BotBanish server is back online.

FIX: When an @ sign was detected in the user agent of a bot attempting to attack the system a entry in the .htaccess file was recorded with a cr/lf in the entry causing a 500 Internal Server Error page stopping access to the site.

Invalid entry would look like this:

SetEnvIfNoCase User-Agent "webauth
cmcm.com." bad_bot

When the entry should look like this:

SetEnvIfNoCase User-Agent "webauth@cmcm.com." bad_bot

NEW: BotBanish Client and Server now supports both GET and PUT request to transfer data. The default request method is now PUT for secure communications. The GET request method is still supported for older versions of BotBanish.

NEW: BotBanish Client for OpenCart is now compatible with OpenCart versions 2.1.x thru 3.x.

NEW: BotBanish Client will now dynamically find the administrative email address in order to send administrative email notifications.

NEW: BotBanish Client emails will now have the BotBanish version included in the body of the email of the currently running version of BotBanish that generated the message.

NEW: (SMF Only) BotBanish Client will automatically check for new versions of BotBanish Client in Package Manager and alert the Admin on screen if one is available.

NEW: (SMF Only) BotBanish Client available settings can be changed at Administration Center » Modification Settings » Miscellaneous section

NEW: (SMF Only) Default set for email notifications to be written to the error log.

NEW: Allow user to decide if BotBanish sends an email after detection or just logs the information to the error log file.

NEW: Detects Spoofing bots. Bots that claim to be legitimate search engine bots such as Google or Bing and are not; are ejected from the system.