Comments on: FirewallScript Provides PHP-Based Protection

By: The Community SEO Project « Naples Florida Web Design

The Community SEO Project « Naples Florida Web Design — Sun, 14 Dec 2008 06:25:21 +0000

[...] Featured on the homepage of TechCruch [...]

By: Wordpress je najlepší CMS na svete : M+M+M+M (4M)

Wordpress je najlepší CMS na svete : M+M+M+M (4M) — Tue, 29 Apr 2008 13:32:35 +0000

[...] s antihackom (podľa vzoru antivir) pre webové aplikácie, či ako to nazvať. A už je to tu: FirewallScript Provides PHP-Based Protection. Nuž ja vám neviem, ale odborníci by mohli (týmto ho pozdravujem z referrerov) čosi kdesi [...]

By: Richard

Richard — Fri, 25 Apr 2008 20:35:08 +0000

So users are expected to know what coding elements aren’t used in the scripts that are installed so they can add them in to the firewall php script?

I’ve set to see a single exploit attempt in the last 6 years which uses the term ‘javascript’ in the URL bar, I think that’s a poor example. Anyone who developers their own scripts can block certain terms from being used in the URL bar with suitable coding, they don’t need to fork out $85 for it.

I personally still don’t see why TC covered this, there’s better PHP scripts developed every minute of the day.

By: TechCrunch Japanese アーカイブ » FirewallScript、PHPベースのソフトウェア・ファイアウォール

TechCrunch Japanese アーカイブ » FirewallScript、PHPベースのソフトウェア・ファイアウォール — Fri, 25 Apr 2008 20:28:48 +0000

[...] [原文へ] [...]

By: FirewallScript lanza software con servicios de seguridad

FirewallScript lanza software con servicios de seguridad — Fri, 25 Apr 2008 19:11:05 +0000

[...] FirewallScript recientemente lanzó un software basado en servicios de seguridad que funciona en cualquier servidor que soporte PHP5. El software puede ser instalado y modificado por cualquier usuario, puede ser pre-configurado para determinadas aplicaciones web como Worpress y vBulletin. Para los interesados en Techcrunch ofrecen un código que les dará el 50% de descuento. [...]

By: Kevin

Kevin — Fri, 25 Apr 2008 17:33:18 +0000

@10 – How can Modsec be used with tight rules, when the admin cant control whats on his server? You cant globally disallow the word “Javascript” in the URL bar, because some legit scripts might use it. With this software, the admin knows exactly what he has, and can narrow down security to be much tighter than a server admin could, hence why it beats modsec in many areas. Modsec has to be vague and general (Especially on shared hosting) or it would cause so many errors with users installed scripts it wouldnt be funny. This does not.

By: bannerreviews.com

bannerreviews.com — Fri, 25 Apr 2008 15:13:02 +0000

While the company says this is great for shared web hosting environments, I wonder what kind of load it would generate for each and every page view, in addition to regular page loads.

You also have to put a ‘copyright’, or notice on your page saying you use the product, which is just inviting trouble.

By: Richard Harrison

Richard Harrison — Fri, 25 Apr 2008 14:20:42 +0000

Are you kidding? An $85 script that “guarantees 100% security”.

I’ll give away the secret of 100% protection for free: unplug your server from the internet.

Jason, did you check out their testimonials?

“People think my site is weird because it’s about the supernatural. But they’re out there! Sometimes the extraterrestrial see our website and try to hack it to avoid the information we reveal about them.”

By: Richard (Aventure Host)

Richard (Aventure Host) — Fri, 25 Apr 2008 13:56:17 +0000

As a web hosting company, we know that 99.999% of customers don’t consider the security risks contained in script installation, and for them to personally go out and purchase an $85 script, I can’t see it happening.

If mod_security is configured correctly, with a good ruleset it ultimately provides better security (server wide instead of domain wide) than this could.

@Josh , mod_security is based on rule sets, exactly the same as this script, so if you think that mod_security is outdated, you’ve just classed a product which runs on the same type of rules as outdated

By: Scot

Scot — Fri, 25 Apr 2008 08:55:46 +0000

After seeing this was not open source I went hunting on the web and found this:

http://munin.xqus.com/

By: Steve

Steve — Fri, 25 Apr 2008 07:51:14 +0000

Whilst it might look good, it wont do any good. There are many firewall packages that are complied code and run fast enough to not cause any
overhead to the system.
The idea to be user based config is good but it will add i guess an extra 50-100 ms to the site.

By: Arno

Arno — Fri, 25 Apr 2008 05:19:07 +0000

Wrong business model, make that open source and top it with professional commercial services, klabang there you go.

Picking Mambo over Joomla! makes me wonder how up to date this service is.

Arno

By: linuxamp

linuxamp — Fri, 25 Apr 2008 04:24:17 +0000

Damn, I read this article thinking, I’m gonna install this thing right now, then I got to the bottom and realized it wasn’t free. With all the comparison to modsec I kept thinking this thing was free and open source.

By: Kevin

Kevin — Fri, 25 Apr 2008 01:13:51 +0000

@4 – Technically, Techcrunch itself is on shared hosting. What if they wanted a web application firewall? Tough shit?

By: Peter Urban

Peter Urban — Fri, 25 Apr 2008 01:09:18 +0000

TechCrunch comment of firewall script {seesmic_video:{”url_thumbnail”:{”value”:”http://t.seesmic.com/thumbnail/MuZTAKrfqw_th1.jpg”}”title”:{”value”:”TechCrunch comment of firewall script ”}”videoUri”:{”value”:”http://www.seesmic.com/video/2BNfGNSYQY”}}}

By: Josh

Josh — Fri, 25 Apr 2008 01:06:19 +0000

You’re so wrong Trav, ModSecurity is outdated, it’s nice to finally have a fresh face for those of us who need a good solution on shared hosting! This gets my vote.

By: Trav

Trav — Fri, 25 Apr 2008 01:04:06 +0000

I still think ModSecurity is better!

By: Marwan

Marwan — Fri, 25 Apr 2008 01:03:46 +0000

Amazing, just amazing.