PDA

View Full Version : Anti-Spam Options - @byssGuard - Protection Suite


TheSupportForum
11-10-2012, 11:00 PM
THIS MOD WAS DEVELOPED BY
Simon Hind of
The Support Forum (http://www.thesupportforum.co.uk)


PLEASE REMEMBER TO RATE MY MOD
REMEMBER TO "MARK AS INSTALLED"


if you like this mod please Nominate for MOTM


https://vborg.vbsupport.ru/

MOD Live on

http://www.thesupportforum.co.uk
http://www.legijastranaca.com


This MOD works on : All vBulletin4 versions



How does it work?

AbyssGuard matches the actions and IP addresses of the visitors against predefined lists with malicious actions thus preventing them from viewing your website. The IP matching is done via the http:BL service of Project Honey Pot. in some cases you will find that Googlebot will show as referer spam, this "DOES NOT" mean it is blocked the only blocked activity is and must be on their httbl list

here's an example
if someone pass Google User Agent it?s being checked. First the httpBL of Project Honey Pot matches up the IP against their database, if it?s Google they?ll know and further execution of the script will be terminated. If they don?t recognize it as Google or you don?t have this option enabled, the script will check if the given user has passed a Referer. Google and any other major Search Engine will NEVER pass a referer, so it?s most possibly a referer spammer disguised as Google.

legitimate Googlebot not to pass header Accept and I have information for one more case where it accepted a cookie. But if Google can?t access a page they try again the next second with different IP and the right tags. Generally nothing to worry about

Furthermore you can check from Google Webmaster Tools (https://www.google.com/webmasters/tools/) if your web site is accessible by Googlebot, just to be sure.


Requires:

Server that can run PHP.

this will run on every vbulletin board version from VB4, VB3 has not been tested

signup with Project Honey Pot (http://www.projecthoneypot.org?rf=114692)


if you are a developer and using this mod, if you have rewrote any part of this and wish to share to help the improvement of this please PM me, you will be added to
CoAuthor / Supporter Section.

VERSION 3.2.2 RELEASED

Implemented is as follows
AbyssGuard Protect : Core Product

Bad-Behavior 2.2.11 (http://bad-behavior.ioerror.us/download/)
Ban Crawlers ( Spiders )
^ - Optional : Create Thread
^ - Optioanl : E-mail Notification
Ban IP's / Ranges
^ - Optional : IP visit E-mail Notification
Bot Registration Prevention
Thread Creation on Crawler activity
^ Thread Selection : list of forums shown
^ Thread Username : Admins,Mods,Super Mods selectable on list (thx to kh99's help)
Email Filter (https://vborg.vbsupport.ru/showthread.php?t=134095) - Allow only certain TLD's to register
Prevent Number only registrations (https://vborg.vbsupport.ru/showthread.php?p=2378046) - Prevent Number only registrations

-------------------------------------------------------------------------------------------------------------
Version History

3.2.2 - 11/11/12 - some added extras
3.2.3 - 12/11/12 - some added extras
Current Bugs
3.2.2 - Scheduled Task does not run automatically, this will be fixed in next release
3.2.3
-------------------------------------------------------------------------------------------------------------

Common Issues / Checks
Before reporting any bugs / issue please ensure you have overwritten all files
each version we cleanup code an can cause hidden errors
Reporting issues about IP address is not a bug you will need to contact projecthoneypot (https://www.projecthoneypot.org/contact_us.php) for legitimate IP removal

They can not unblock referer spam, this is cookie based spam going to your website from a users cookie

-------------------------------------------------------------------------------------------------------------
The technical stuff

ensure that allow_url_fopen is enabled for your php ( Available since PHP 4.0.4 ) ( if this is not enabled then the log file can not be created, you will need to ensure that you create the file manually) if you have cpanel you can enable it

ensure that safe_mode & safe_mode_gid are off in php settings



confirmed to be working on
php versions: 5.2.17, 5.3.15
MySQL Version: 5.5.23-55
vBulletin Versions: 4.1.12, 4.2.0
--------------------------------------------------------------------------------
Suggestions / Requests

if you want to help improve this mod please make a suggestion and we'll see how we can incorporate your ideas

Please be aware we can not improve the API system for projecthoneypot

--------------------------------------------------------------------------------
DID YOU KNOW : Referer Spam
(also known as log spam or referrer bombing[1]) is a kind of spamdexing (spamming aimed at search engines). The technique involves making repeated web site requests using a fake referrer URL that points to the site the spammer wishes to advertise.[2] Sites that publicize their access logs, including referrer statistics, will then inadvertently link back to the spammer's site. These links will be indexed by search engines as they crawl the access logs.This benefits the spammer because of the free link, which gives the spammer's site improved search engine ranking due to link-counting algorithms that search engines use.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DID YOU KNOW : Bad Cookies
These types of cookies can be used to store and track your activity online. Cookies that watch your online activity are called malicious or tracking cookies. These are the bad cookies to watch for, because they track you and your surfing habits, over time, to build a profile of your interests. Once that profile contains enough information there is a good chance that your information can be sold to an advertising company who then uses this profile information to target you with interest specific adverts.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if you are browsing your website with bad cookies on your computer it can crawl your website in disguise of a search engine, they use legitimate cookies which holds legitimate search engine IP's to crawl your website for information this is why the logvier will show them as referer spam


Copyright ?2012 The Support Forum, All Rights Reserved. you have only permission to use, not copy modify sell or distribute this software IN NO EVENT SHALL THE SUPPORT FORUM (http://www.thesupportforum.co.uk/forum.php) BE LIABLE FOR DAMAGE TO CODE, OR MODIFIED VERSION NOT MADE BY OUR CODING TEAM we will support only the unmodified versions on request from this thread or our website

TheSupportForum
11-11-2012, 09:49 AM
Welcome to @byssGuard Protection Suite
this MOD was developed to work in accordance with vbulletin, AbyssGuard Core works from projecthoneypot's API system we are not liable to improve that as our developers are not in anyway affiliated with them

we however do agree to support this mod fully for the rest of the addons included

PLEASE ONLY POST Questions / Suggestions about the MOD not about any IP address being blocked by projecthoneypot, if you believe that an IP address is causing a false positive or wrongly added to their database please contact them using the link below

projecthoneypot contact link (https://www.projecthoneypot.org/contact_us.php)
you will need to provide them a link to the IP that is causing the issue, they can not deal with search engine IP's as its not part of their httpBL

PLEASE REMEMBER TO "MARK AS INSTALLED"
support will only be given to those who done the above if you have made any modifications yourself we can not support you

Rich
11-11-2012, 11:03 AM
I was following the other thread regarding this mod. Should the people who installed the other mod remove it? Is there something wrong with it? Why do you need a new release thread if there have been no changes and why are you being so elusive saying things like:

i have requested that version to be removed for reasons you dont need

If there was indeed an issue with the other version it should be posted.

Paul M
11-11-2012, 01:40 PM
Enough.

I have removed the endless arguments from this thread.

If you have an issue with this modification, remove it and move on.

puertoblack2003
11-11-2012, 03:32 PM
Just wondering are you co-developing with eric for the vb bad behavior here https://vborg.vbsupport.ru/showthread.php?t=261498 ? I currently have this installed and it may cause a conflict...

TheSupportForum
11-12-2012, 12:50 AM
Just wondering are you co-developing with eric for the vb bad behavior here https://vborg.vbsupport.ru/showthread.php?t=261498 ? I currently have this installed and it may cause a conflict...

if you currently have Bad-behavior script installed it will not conflict, it simply moved the mod into @AbyssGuard - Protect Suite all settings will remain and also plugins will be transfered

Bad-behavior is connected to @AbyssGuard as both require the same httpbl key
the structure of vb bad behavior stays the same except that its imported into this mod, his mod is "code reusable" but nothing was touched all settings are identical

vb50kgpoo
11-12-2012, 05:45 AM
In addition to the fact AbyssGuard sees GoogleBot as a log referer spammer (NOT a good thing), according to my hosting company, the log referer spam I am getting now is all down to AbyssGuard (i.e. AbyssGuard has opened the door for spammers);

Hello,
/home/username is outside public_html folder. There is no way to see or access contents of any file in that folder from web.

About the referral spam, problem seems to be the Abyss itself. Abyss folder is inside public_html and reports with all links can be accessed from web, like:

http://mydomain.org/admin/Abyss/abyss-report.txt

You need to reconfigure the module to move the reports and backups outside public_html folder (e.g. /home/Abyss) or login to the control panel and protect the /home/username/public_html/admin/Abyss folder with a password.

TheSupportForum
11-12-2012, 10:59 AM
In addition to the fact AbyssGuard sees GoogleBot as a log referer spammer (NOT a good thing), according to my hosting company, the log referer spam I am getting now is all down to AbyssGuard (i.e. AbyssGuard has opened the door for spammers);

Hello,
/home/username is outside public_html folder. There is no way to see or access contents of any file in that folder from web.

About the referral spam, problem seems to be the Abyss itself. Abyss folder is inside public_html and reports with all links can be accessed from web, like:

http://mydomain.org/admin/Abyss/abyss-report.txt

You need to reconfigure the module to move the reports and backups outside public_html folder (e.g. /home/Abyss) or login to the control panel and protect the /home/username/public_html/admin/Abyss folder with a password.

yes i think customers are aware where they "want" to install it, this is why "path" is shown in vboptions for the mod, anyone who uses this mod is entitled to change the location of the log file :)

but it will need the full url which can't be given if configured this way
i will talk to my developers to see if that's possible

also once a visit arrives /bot/spammer or which even the plugin is active, this has nothing to do with the .txt file, the plugin first looks at projecthoneypots API
then if condition = yes it logs it, you can change all this in vboptions of the mod so that it doesnt read some of the data

Update :
there is meta noindex,nofollow so it will not show to bots

TheSupportForum
11-12-2012, 07:04 PM
VERSION 3.2.3 RELEASED

A Small fix has been released in the scheduled task for AbyssGuard Core
- Log files also created with the correct naming convention this was correct in this release

Alibass
11-15-2012, 02:04 AM
@Simon

Installed 3.2.3 and now there are no logs being created. It's like mod is turned off. Shows nothing in log viewer and I know that's not correct. I was getting lots of of records before the 3.2.3 install.

TheSupportForum
11-15-2012, 08:59 AM
@Simon

Installed 3.2.3 and now there are no logs being created. It's like mod is turned off. Shows nothing in log viewer and I know that's not correct. I was getting lots of of records before the 3.2.3 install.

ok looking into this now

TheSupportForum
11-15-2012, 04:16 PM
if anyone has 3.2.2 still installed can you please PM me the core_ag.php
full code please, i need to compare it with 3.2.3 as there is something missing causing it not to log

TheSupportForum
11-15-2012, 07:15 PM
@ABYSSGUARD CUSTOMER NOTICE


we will be fixing the current issue from scratch, our next release will be more fully tested before release

WE ARE STILL LOOKING FOR 3.2.2 core_ag.php file source if a customer still has that version installed we can release our next version please PM me the sourcecode of that file asap

Paul M
11-17-2012, 10:08 PM
More posts removed. Final warning to member concerned, you do not have this modification installed, so you have no business posting in this thread.

Alibass
12-29-2012, 07:55 PM
Uninstalled...