BadBlock reviews wanted

**codename_B** · 5 February, 2011, 22:58 PM

Hey guys,

I decided to have a shot at making a free, open source alternative to the proprietary BlockScript.

It's hosted at google's code repository here so all I'm basically looking for are bug tests, and feature suggestions.

I've only tested it out on my own ip and country and it seems to work, so I really hope you guys can help me develop it further

B

**Greyhound** · 5 February, 2011, 23:36 PM

Any living demos?

**codename_B** · 5 February, 2011, 23:47 PM

Sure, let me just change the password to one less secure :P

Site with working demo:
http://jeffsnetwork.info
Working CPanel demo:
http://jeffsnetwork.info/badblock/admin.php
Password for CPanel demo:
password

Feedback please

**Leftfield** · 6 February, 2011, 02:58 AM

Do you have any idea what the open source means???

BTW: I dont have to test it to say it is already bad job as it needs 777 permission.

**codename_B** · 6 February, 2011, 09:34 AM

No it doesn't.

It's running fine with 644 permissions on my server.

As far as I'm aware open source means that the end-user is free to edit, change, re-release, play with, view, print out and eat etc the source code with no restrictions. It's not really the most encouraging thing you can do to put this down without even glancing at the source code.

Why would it need 777 permissions when you host the code on your own server?

**Leftfield** · 6 February, 2011, 10:15 AM

In no time 777 should be recommended:

CHMOD 0777 (or 0755 if running under suPHP) the "detector.php" file and the "/blockscript/tmp/" directory.

Regarding license, my bad. Somehow I couldn't/can't remember what open source license you have: Open Source Licenses by Category | Open Source Initiative

**codename_B** · 6 February, 2011, 10:25 AM

Dude, you're looking at the proprietary script!!!

You want to look at my script http://code.google.com/p/badblock/wiki/BadBlock

My bad for including the link to the proprietary one lol.

Would you mind giving mine a look over?

**codename_B** · 6 February, 2011, 12:03 PM

Just added adblock detection to the test site here.

If there are any adblock users out there let me know if it works for you. It won't automatically redirect you if you're using adblock, just display a custom message.

This is configurable on or off in the control panel.

**Mike-XS** · 6 February, 2011, 13:33 PM

Hi, interesting project you started there.

I had a quick look. Here's a few suggestions.

Looking at how you save the config file data in the admin.php, such as passing the whole IP blocklist through the url, maybe to avoid any possible browser problems with uri length you might want to change the forms to use POST instead of GET.

More info here:
- WWW FAQs: What is the maximum length of a URL?

I decided to have a shot at making a free, open source alternative to the proprietary BlockScript.

Next suggestion... be original.

Instead of trying to clone the Baron's blockscript, build something that is unique. Even your admin page looks a lot like blockscript's layout. Are you going to try and add all the same features too eventually ?

--

What techniques are you using to block scrapers. ? I didn't see anything. Just the empty useragent check and IP ban ?

Take a look at how bad behavior handles scrapers and other assorted bots, if you need some ideas. You may even be able to incorporate it into your own script.

-

Maybe replace the external query to geoplugin with maxmind's GeoIP script so everything is self contained, or provide an option to choose between either one.

And how about more options for people to choose how to handle the blocks when something is redirected to blocked.php. Like a 403 forbidden header option, or a page where someone can contact support.

-

You could prevent direct access to includes with something like this:

Code:

 define('badblock',true);

Code:

if(!defined('badblock')){die('No Soup For You');}

--

Are you planning to add in some logging too ?

I'll have to test it some more, but good luck

**codename_B** · 6 February, 2011, 13:47 PM

Thanks for the feedback, I'll get working on those, especially the URI length one ASAP

A lot of the features are fairly basic at this time, I'm working on developing them further like the scraper block etc. I'm also going to add blocking referrers etc.

The code is all completely separate from blockscript, but obviously if I wanted a free, open source alternative to something I'd want to have a similar featureset.
Like how openoffice is to microsoft office for example. Some people would rather have something free and open source rather than pay upwards of $100 for it. Not everyone, but some people.

As for custom error pages etc that's all already handled in blocked.php

PHP Code:


<?php
//Here you can set what you want the php script to do. Default is redirect to google.
header('Location: http://badblock.uf6.info/blocked.png');
?>

You can add pretty much anything you want there, the script redirects to that file which then handles the message/action that the script gives to the user.

I suppose that adding user configurable options to the error page can't be a terrible thing, I'll probably add that into the control panel (lol blockscript has that).
Yeah, originality isn't paramount for now, functionality and freedom is.

Logging is coming as soon as I decide how I want to do it, as is adblock detecting support (which I have decided how I want to do, just needs testing).

Direct access to the includes isn't really a problem at all, the worst that'll happen is people will get an adblock message, and hopefully those pages won't get indexed because they're basically blank, but I will think about it - low priority atm though.

Thanks again for the feedback