Skip to content

Change Log

Jump to bottom
bitslip6 edited this page Apr 29, 2022 · 25 revisions

1.8.0

release release date

  • support for WordPress

  • added headless chrome to bad user agents

  • added the following additional whitelist robot user-agents and networks:

    • google-mobile, google-ads, google-read-aloud, feedfetcher-google, mediapartners-google, google-sites, google-lighthouse, stackdriver
    • bingpreview
    • proximic
    • seekport, xovibot, neevabot, mj12bot
    • cloudflair
    • petalbot, yisouspider, ceznambot
    • wordpress, photon
    • wikipedia
    • medium.com
    • bitly
    • amazon
    • paloaltonetwork
    • dataprovider.com
    • moz.com, semrush, admantx, seostar
    • addthis.com
    • site24x7
    • cron-job
    • mxtoolbox, adscanner, adsbot, hubspot, mediatoolkit, linkpadbot, telegram, outbrain
  • clean up default list of alerts/blocks/errors/exceptions
  • add install.log
  • improved WordPress file hashing
  • added support for WordPress async hashing
  • improved file recursion for hashing
  • fix for block file permissions (0644)
  • don't check the rate limit for whitelist bots
  • never add whitelist bots to the IP block list
  • fixed an issue that could prevent bot whitelist failures to add IP Block
  • fixed an issue that could prevent dashboard access when the firewall was disabled
  • added new settings configuration page

1.4.3

release release date

  • 278 commits working with 10 PRO clients
  • major rewrite for WordPress support
  • major improvements in bot detection
  • bot detection support for sites with no cookie support (requires shared memory support)
  • allow IP block default to true
  • auto system configuration now enabled by default
  • improved support for alerting
  • UI redesign and display improvements
  • improved log filtering for passwords
  • moved log files to cache directory
  • added support for cache busting for aggressive web caches (looking at you wpengine!)
  • added support for header debug output
  • improved http request support (now supports php curl)
  • support for word press plugin validation
  • support for setting dashboard password on first login
  • improved shared memory support
  • added support for filtering cookies
  • begin moving old test suite over to new code base
  • SMS multi factor authentication for PRO version
  • improved whois support for bot detection
  • major support for WordPress added

1.2.6

release release date

  • refactor request from array to object type for improved performance, code completion and memory use
  • moved bad-agent.txt to cache directory
  • constants move into const.php
  • default to local nameservices for name resolution
  • add sent headers to logging for pages serving http response codes >= 300

1.2.5

release release date

  • regex review for ReDOS, resolved 1 polynominal time regex. All regex cleared of ReDOS
  • improved PHP serialized object detection
  • improved detection of html src="injection" type cross site scripting detection

1.2.4

  • reduce file and function length of several files for code climate
  • reduce nesting of several functions for code climate
  • change verified bot icon from blue check to blue shield check
  • openssl_psuedo_random_bytes has been replaces with random_bytes
  • whitelisted bots with http response code >= 300 now logged in alerts as code 31002
  • prior to 1.2.4 some ipv6 whitelist networks were not checked correctly and could return not whitelisted for some whitelisted ips
  • permissions for shared memory segments and semaphores not have group write permission. Allowing shared access with command line php for www-data group members.

1.2.3

  • fix IP reporting on chart for IPv6 address ::1
  • check_domain block code chart mapping normalization
  • add request detail to dashboard
  • remove PHP warning on dashboard when report file is empty

1.2.2

  • version bump for release

1.1.9

  • minor fixes for some installs

1.1.8

  • Added country flag for originating IP
  • In some cases whitelisted bots could be logged when requesting 404 pages. This has been removed.
  • Minor performance improvements.
  • Add support for "" for bot whitelist source networks ( = from anywhere)
  • updatekeys.sh now makes config.ini.php (config cache) and bitfire/cache web writable (owned by www-data)
  • fix a bug when logging that did not save request schema
  • when reporting on blocks BitFire now continues processing even after hitting a match in "report" mode
  • add support for pulling source IP from any HTTP header
  • add support for "Forwarded" header RFC 7239 (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded)
  • add http response code to logs
  • fix total block number on by IP of dashboard
  • require_full_browser now supports "report" mode, which will update counters but not block any requests

1.1.7

  • Kax of 10 IPs displayed on dashboard pie chart
  • Unknown bot version numbers are now shown as 'x'

1.1.6

  • UI fixes.
  • Unknown bot alerting now alerts a different code for unknown bot / known bot impersonation.
  • Added code 24002 - unknown bot.
  • Added code 24001 - whitelisted bot impersonation.
  • Accept header monitoring added with no alerting / blocking. Consider adding blocking for requests with missing headers when not in whitelist / browser required modes.
  • Support for block_file configuration. All blocks can be written to a file in config.ini. to disable, set to false.

1.1.5

  • Added /bitfire dashboard
  • Support for reporting / non-blocking mode
  • Elastic search bot monitor
  • Improved alert code mappings

1.0.5

  • Performance improvements
  • Code cleanup
  • config.ini structure improvements
  • Feature policy default to deny
  • Comment removal
  • Remove headers.php from critical code path
  • Default cache type from no_operation to shm
  • updatekeys.sh now also updates all system php.ini with prompt (sudo root password required)
  • Fixed bug in apcu cache path

1.0.4

  • Update configuration files
  • Improve configuration parameter names

Clone this wiki locally