Cidram: [Question] Cidram & NinjaPro Free Firewall, what to run first ?

Created on 3 May 2019  路  8Comments  路  Source: CIDRAM/CIDRAM

In a couple of php sites i use both Cidram and NinjaPro free (standalone) firewall, using prepend.

So the question is, what to run first and what second. Shall i run the firewall first to also protect Cidram or Cidram first and block some risks ? Speed and cpu usage (especially when under attack) is also important for me, since i run a shared hosting plan with more than one websites.

What do you think ?

Question Resolved

Most helpful comment

As to speed of the two. I can tell you my phpBB forum loads withen 200 ms. Sometime more sometimes less, but I blame that on my host I think.

Just remember that if you run Ninjafirewall, you might want to put it in test mode or what ever it's called to iron out any false positives. Read my topic here: https://cyberpcforum.com/viewtopic.php?p=1364#p1364

My site doesn't have very many users, but my website is more or less a learning tool. If anyone joins, then all the better. LOL

All 8 comments

Good question. In terms of speed and CPU usage, I'm not entirely sure which order would be best nowadays. I did some benchmarks a long time ago, with some older versions, but since then, both CIDRAM and NinjaFirewall (plus various other NinTechNet packages) have had quite a few new versions released, so I'm not sure the old benchmarks would be relevant anymore. Might need to do some more testing with current versions to properly benchmark everything, to know exactly which order would be best.

Either way though, both packages play well together, and are definitely compatible, so which is best aside, either should definitely work, at least. :-)

@DanielRuf and @737simpilot might have some thoughts about this though. I think (assuming I remember correctly) they've both ran CIDRAM and NinTechNet packages in conjunction before.

I run both as well, with NF executing before CIDRAM currently.

I think it comes down to how you want your safety to work. They are AFAIK somewhat redundant although not completely so together they enhance the protection. The reason I put NF first is that the overall footprint is smaller than for CIDRAM and I wanted a package for the real dirt, then something good for overall protection and control. Worth mentioning is also that back in those days CIDRAM wasn't as extended as it is today so then it was the safest choice.

I'm however also interested in some fresh benchmarks and thoughts about it. I know my CIDRAM installation blocks a lot more noise than NF, even being run after it. NF does a good job with most hack attempts though.

This is also my thought. First the NF to stop malicious attempts and then CIDRAM.

Still, most attacks are cought by CIDRAM, i mean blocking toxic IPs. I see all kind of strange vulnerabilities and probing stopped by blocks of CIDRAM. And not cought by NF (they should not).

I use ONE set of NF and CIDRAM for all sites (5) and that makes the scripts very busy (and the logs big).

NJ gives some stats about speed and i see for last month:

Screenshot(3)

I've been using the CIDRAM/Ninjafirewall combination for at least three years now. I run CIDRAM first then Ninjafirewall. Reason why is so that CIDRAM catches what was said, the "noise" first and then if any hack attempt after that gets past all of CIDRAM's IP blocks, Ninjafirewall will catch it.

Now note in order to run two PHP scripts like this you have to direct it to one file. I asked about this way back then at the ZBblock forum, and it was in fact Caleb that did some research and told me what I had to do. So this is what you probably need to do in order to have both hooked.

Create a folder called start or whatever name. In this start folder create a php file called start.php. In this file you would create the following:

<?php

require '/home/[user-name]/public_html/cidram/loader.php';
require '/home/[user-name]/public_html/firewall/firewall.php';

Then if you're hooking in htaccess the code would be like this at the very top:

php_value auto_prepend_file /home/[user-name]/public_html/start/start.php

Now, I have renamed the CIDRAM and Ninjafirewall folders to something else. So the CIDRAM folder might be something like door and the Ninjafirewall folder might be something called gate. Just an example, After I do this I forbid in robots the good bots from indexing it. Then in htaccess I have this code which only allows the top five search engines I want navigating my directory seeing the robots file:

RewriteEngine on
# Check that the request is for /robots.txt
RewriteCond %{REQUEST_URI} ^/robots.txt
# Check that the request matches an existing file
RewriteCond %{REQUEST_FILENAME} -f
# Check that the user agent does not contain google etc
RewriteCond %{HTTP_USER_AGENT} !google
RewriteCond %{HTTP_USER_AGENT} !yahoo
RewriteCond %{HTTP_USER_AGENT} !bing
RewriteCond %{HTTP_USER_AGENT} !Twitterbot
RewriteCond %{HTTP_USER_AGENT} !Facebook
# If all conditions above are met, then deny access to this request
RewriteRule ^ - [F,L]

Now since CIDARM has search engine verification and the fact CIDRAM and in my CloudFlare account I'm blocking an enormous amount of ASNs, there's little chance some other search engine or IP can access my robots or my directory and see the folders for CIDRAM and Ninjafirewall.

So there you have it. It's how I roll. :)

As to speed of the two. I can tell you my phpBB forum loads withen 200 ms. Sometime more sometimes less, but I blame that on my host I think.

Just remember that if you run Ninjafirewall, you might want to put it in test mode or what ever it's called to iron out any false positives. Read my topic here: https://cyberpcforum.com/viewtopic.php?p=1364#p1364

My site doesn't have very many users, but my website is more or less a learning tool. If anyone joins, then all the better. LOL

@737simpilot THANK you for all the usefull information, appreciated.

I see all kind of strange vulnerabilities and probing stopped by blocks of CIDRAM. And not cought by NF (they should not).

You should contact the support then and let them know. There are very fast and helpful.

I would load CIDRAM first and then NinjaFirewall like it is normally on the network level with iptables and modsecurity - filter on network / IPs first and then the rest goes through all other security layers further down (webserver and application level).

Was this page helpful?
0 / 5 - 0 ratings