v.1.0.10

README.md

@@ -1,12 +1,12 @@
 Antiscan
 ========
 
-Automatic block (ban) IP addresses used by bad crawlers or vulnerability scanners.
+Automatically block (ban) IP addresses used by bad crawlers or vulnerability scanners.
 
 **Antiscan** is an add-on module that extends the [IP Address Blocking](https://backdropcms.org/project/ip_blocking)
-module (version 1.x-1.0.5 or newest) to automatically block anyone who tries to access paths defined as restricted.
+module (version 1.x-1.0.5 or newer) to automatically block anyone trying to access restricted paths.
 
-Usually it is a bad crawler looking for known potentially vulnerable paths,
+Usually this is a bad crawler looking for known potentially vulnerable paths,
 such as "wp-admin.php", "xmlrpc.php" and so on.
 
 Also, since version 1.x-1.0.5, you can block bad robots using their well-known User-Agent strings and spam referrer domains.
@@ -20,24 +20,40 @@ Install this module using the official Backdrop CMS instructions at https://back
 
 Configuration and usage
 -----------------------
-Administration page is available via menu *Administration > Configuration >
-User accounts > Antiscan* (admin/config/people/antiscan)
-and may be used for:
+The administration page is available from *Administration > Configuration >
+User accounts > Antiscan* menu (admin/config/people/antiscan)
+and can be used to:
 
-- add your patterns for paths to be restricted (some usefully patterns are already added out of the box);
-- set paths or portions of paths that will NOT be restricted to avoid self-blocking;
+- add your patterns for paths to be restricted (some useful patterns are already added out of the box);
+- specify paths or parts of paths that will NOT be restricted to avoid self-blocking;
 - set "User-Agent strings" to be blocked;
 - set "Referrer spam domains" to be blocked;
-- enable automatic reporting to AbuseIPDB about blocked scanners activity ("AbuseIPDB report" module should be installed);
-- enable logging for blocked access attempts (enabled by default);
-- select the time after which the blocked IP will be unblocked automatically;
+- enable automatic reporting to AbuseIPDB about blocked scanner activity ("AbuseIPDB report" module should be installed);
+- enable logging of blocked access attempts (enabled by default);
+- select the time after which the blocked IP will be automatically unblocked;
 - use "Test Mode" to test your patterns, your current IP will not be blocked, but you may see a message when you try to visit the restricted path.
 
-Also, this module provides a block with information about the number of currently blocked IP addresses.
-You can place this block in any convenient place.
+This module also provides a block with information about the number of currently blocked IP addresses.
+You can place this block anywhere you like (for users with 'antiscan settings' permission).
 
 **Screenshots** are available at https://findlab.net/projects/antiscan
 
+Known issues
+------------
+Sometimes you may see in log messages like this:
+> "Warning: Cannot modify header information - headers already sent by (output started at /core/includes/bootstrap.inc:3133) in antiscan_action() (line 164 of /modules/antiscan/antiscan.module)"
+
+Here is the explanation.
+
+When Backdrop served a cached page, the 'X-Backdrop-Cache: HIT' and 'cache-control' headers were sent with the obsolete entries before they were actually generated for the request.
+
+To avoid such messages and incorrect module actions (in such cases can not get in time to reject blocked IP) you have two options:
+
+- you can disable prefetching for cached pages: go to 'admin/config/development/performance' and within the 'Caching' fieldset uncheck the 'Use background fetch for cached pages' checkbox, then press the 'Save configuration' button;
+- add the option '$settings['page_cache_invoke_hooks'] = TRUE;' to your 'settings.php' file.
+
+Disabling prefetching for cached pages (first option) is sufficient to avoid such collisions in most cases.
+
 License
 -------
 This project is GPL v2 software. See the LICENSE.txt file in this directory for

antiscan.admin.inc

@@ -13,7 +13,7 @@ function antiscan_form($form, &$form_state) {
   $config = config('antiscan.settings');
 
   $form['top'] = array(
-    '#markup' => t('When a web crawler or even a person tries to visit a path that matches one of the patterns specified in the field below, their IP address will be blocked.')
+    '#markup' => t('If a web crawler or even a person (except for logged in users) tries to visit a path that matches one of the patterns specified in the fields below, their IP address will be blocked') . ' <u>' . t('immediately without warning.') . '</u>',
   );
 
   $url = url('admin/config/people/ip-blocking');
@@ -37,15 +37,15 @@ function antiscan_form($form, &$form_state) {
 
   $form['noblock'] = array(
     '#type' => 'fieldset',
-    '#title' => t('Not blockable path patterns'),
+    '#title' => t('Non-blockable path patterns'),
     '#collapsible' => TRUE,
     '#collapsed' => TRUE,
   );
 
   $path_noblock = $config->get('path_noblock');
   $form['noblock']['path_noblock'] = array(
     '#type' => 'textarea',
-    '#title' => t('Not blockable path patterns'),
+    '#title' => t('Non-blockable path patterns'),
     '#rows' => 5,
     '#columns' => 60,
     '#default_value' => $path_noblock,
@@ -88,7 +88,10 @@ function antiscan_form($form, &$form_state) {
   $form['unblock_after'] = array(
     '#type' => 'select',
     '#options' => array(
-      86400 => t('1 day'),
+      900 => t('15 minutes'),
+      3600 => t('60 minutes'),
+      43200 => t('12 hours'),
+      86400 => t('24 hours'),
       604800 => t('7 days'),
       2592000 => t('30 days'),
       31536000 => t('365 days'),

antiscan.info

@@ -8,4 +8,4 @@ dependencies[] = ip_blocking (>=1.x-1.0.5)
 
 configure = admin/config/people/antiscan
 
-version = 1.0.9
+version = 1.0.10

antiscan.module

@@ -352,7 +352,7 @@ function antiscan_abuseipdb_report() {
           // Replacing information that may be sensitive.
           switch ($request) {
             case 'path':
-              $message = 'scanning for vulnerable files';
+              $message = 'malicious activity detected';
               break;
             case 'ua':
               $message = 'forbidden user agent';