History

I've had some problems with abuse via open proxies for a time ago, and when we were banning abusers, they always found a new proxy to use and register new accounts with. Since this forum was a large type we could'nt just ban e-mails etc just like that, because this was leading to a very large amount of other banned users too.

At IRC, in the other hand, we had Open Proxy Monitors, that was banning everything that was blacklisted in some DNSBL-databases. No spammers had a chance to get in there as long they were listed in such database.

This is a plugin that blocks blacklisted hosts from some different DNSBL's. It uses the global_start-hook, a very simple handler for blocking proxies, and a vBphrase called OPM_Deny.


April 2006

The source has been rewritten a bit. The proxychecker is now using a cache that, by default, stores all ip's in a database for 6 hours. It scans some DNSBL's and can be configured to block proxies from bitmasks (defined in the plugin) which makes it a little bit more reliable, because it does'nt block everything it see).

Configuration is made from the plugin (hopefully there will be a nice admin interface in the future). Exceptions (ip's that can pass through this system even if it is a proxy) are also handled differently now.

// CHANGES
//
// 2008-09-20 (2.0.8)
//
// * Changed the routines for how to handle inclusion/exclusions
// * Splitted up plugins for 3.5/3.6 and 3.7
//
// 2007-08-05
//
// * Fixed reported bug, based on resolved hosts ending with 127
// * Changed database-tables to get rid of (hopefully) duplicate keys
// * Added resolver-function
// * Added two new block-methods available at the efnet-rbl
//
// 2006-06-28 (2.0.6/Another fix)
//
// * Proxyinclusions/exclusions didn't work properly
//
// 2006-06-28 (2.0.5/Fix only)
//
// * Fixed a bug in the $block-array that affected some of the blocking results
//
// 2006-06-28 (2.0.4)
//
// * opm.tornevall.org has a new entry for anonymizers, added support for this
// * Default value on "block everything detected" in plugin changed to "no"
//
// 2006-06-26 (2.0.3)
//
// * Created options for admincp (removed plugin-configuration)
// * Fixed a bit-bug for njabl
// * Plugin is now a function (rbl_livecheck) for external lookups
// * Added options for "only block on newuser-registrations"
//
// 2006-06-22 (2.0.3 RC)
//
// * The monitor is now a function
// * Added small compatibility with other plugins (with return)
//
// 2006-05-13
//
// * sorbs zones added (no bitmasking)
// * opm.blitzed.org removed
// * time() changed to TIMENOW
//
// 2006-04-21
// ==========
//
// * proxyinclusions
// quickly add own hosts that should be treated as a proxy
//


How does it work with other vBulletins?

This filter actually works with both 3.5 and 3.6, but for now, they will be separate versions, but for 3.5 and 3.6 you should look here (https://vborg.vbsupport.ru/showthread.php?t=96318) and for 3.7 you should look here (https://vborg.vbsupport.ru/showthread.php?t=191398).


How to use the compatibility thing

If you have a plugin that you want to use together with the proxy monitor (only returns a value if a an ip-address is registered as a proxy or not) you can call the function rbl_livecheck like this (example):


global $rblInstalled;

if ($rblInstalled) {
$remoteIsProxy = rbl_livecheck(1, $_SERVER['REMOTE_ADDR']);

//
// .. your code here ..
//

}

Report bugs if you find them...



Don't forget to install (https://vborg.vbsupport.ru/vborg_miscactions.php?do=installhack&threadid=96318) it :)

What happened to the xml?

What happened to the xml?

There it was. It disappeared when I was editing this thread. :)

You know you can make this a product and have it install the phrase auotmatically on install right?

You know you can make this a product and have it install the phrase auotmatically on install right?

I did'nt know that. I know very little about plugins. Is there any instructions for me somewhere about it? :)

Here you go. ;)

my feedback: actually, your script is overloading the servers on both sides as it connect each time a page is loaded... on irc there is no problem as you connect only once per logon, but on web, each time a page is loaded the script is activating...

what would be best is to cache the data received from the OPM databases, and make a verification only when a new session is built... this would ensecure the connection, and spare some contacts with the dB!

I don`t tried to install this plugin yet and the post about overloading server stoped me from installing but still iI think that this is a great idea and you should work on it because we all sooner or later will have problems with users that use some proxy servers and feel that we can`t do anything with them.

what would be best is to cache the data received from the OPM databases, and make a verification only when a new session is built... this would ensecure the connection, and spare some contacts with the dB!

Yes, that's a good idea, but that's something that I probably can't fix on my own, due to a lack of necessary php-skills. :)

Yes, that's a good idea, but that's something that I probably can't fix on my own, due to a lack of necessary php-skills. :)we all can help on this... you started a good thread/hack, i know that some others will be able to add to it... The Boofoon guy already had!

this is quite simply btw... a cronjob to query the proper servers will store the datas in the datastore, and we only retreive that information when needed... the cronjob can be set to update itself once a week or so, because these servers are not updating the listings that often...

This is an awesome idea....I think nexialys has an excellent point and that will make it an invaluable product.

Very nice a idea; thanks a huge bit for starting this, hopefully anyone with sufficient php skills will be able to "finish" it :)

cant it be placed at the start of session?

cant it be placed at the start of session?that's what i suggested... ;)

I use the PEAR Cache library for some of my more esoteric hacks, happy to write a PEAR compatible version if people feel that PEAR is an acceptable pre-requisite.

Of course... if someone can write a datastore version it would probably be better :)

Of course... if someone can write a datastore version it would probably be better :)this would be better in the fact that we need these addons to use the vBulletin protocol/codes ... or why would we code a software that big if nobody use it.. :)

Yah, this is very cool b/c we need this... we have some abusers that like open proxys.

As to the pear suggestion, hmm, would that be a stopper for some folks? Is it available on all hosts using PHP?

I might be able to be helpful with cron and cacheing things in the file system or database. I'll be back sometime after jelsoft does their release to work look at your code. For the moment, I'll subscribe to the thread.

Yah, this is very cool b/c we need this... we have some abusers that like open proxys.

As to the pear suggestion, hmm, would that be a stopper for some folks? Is it available on all hosts using PHP?

I might be able to be helpful with cron and cacheing things in the file system or database. I'll be back sometime after jelsoft does their release to work look at your code. For the moment, I'll subscribe to the thread.

I'm very happy that the plugin gave so many positive reactions. I look forward with the last "fix" for this one, because of my own lack of php-skills. Thanks a lot! :)

This idea rocks!

*subscribed*

This idea rocks!

*subscribed*

Is anything happening with this hack? I think its a great idea if the speed and load issues could be worked out.

For those that are interested there is a nice php script that can be added to VB to block proxies. It will write to a mysql table and check the table first for banned addresses. For you coders maybe this script here can be reworked to add these features.

http://phprbl.init1.nl/

For those that are interested there is a nice php script that can be added to VB to block proxies. It will write to a mysql table and check the table first for banned addresses. For you coders maybe this script here can be reworked to add these features.

http://phprbl.init1.nl/

That's the way the resolver for opm.tornevall.org works. The only problem is the cache-part for me. Does the url help in a similar way?

It's still a question of querying that data only on session (1 time) instead of global (every page load)

There's no longer a session.php. It's in class_core.php I think
I browsed the new code and came away muttering to myself...but ima noob :ermm:

I would think the best thing to do would add an extra column in the session table to do a hash of the "host" column, so you know when it changes that you need to re-check the IP.

Then add another (bool) column to store if it's an open proxy or not.

Find a hook in the session management to add in the necessary check / storing code, and you should be good to go.

Then each time a page is requested all it has to do is a quick MD5 of the current IP against the stored IP, if it's the same and it's okay, then nothing new, if it changes then make a new RBL request and go from there.

Session is a HEAP table, so it will go fast, and also clear out over time.

I could knock this out in an afternoon (assuming there are hooks in place, otherwise it would require a couple lines of manual file editing).

Easy as pie.

Well TMM I install it just to try. The idea is super, but my knowhow is a little to low for helping you out.

This option should be standard in the boardsoft a lot of us have problems with abusers who are changing proxy's within the hour.

I aplaud you TMM

Ad

Well, since there has been no reply about my concept, I'll go ahead and code a session based one like I stated above.

Well, since there has been no reply about my concept, I'll go ahead and code a session based one like I stated above.

Your concept is good. For my purposes though I found a better solution. I hacked a couple scripts to 1) check the IP against a banned table first if not found then check the rbl servers 2) if found in the rbl servers write the blocked IP's into my .htaccess file blocking the user completely 3) customized my 403 page to display the service they are blacklisted on and provide removal instructions.

Anyone wanting the script can PM me. It would be nice if someone that was a good coder (not me) went through it refined and optimized it.

Well, since there has been no reply about my concept, I'll go ahead and code a session based one like I stated above.

Thank you for that... I have not much knowhow about this, so if you can do it then it's great.

Ad

I'm about 99% done. All I had to do actually was add a single column to the session table labeled "OPM".

The code is flexible enough that you can add more RBL's and choose the reponse code(s) you want to blacklist. (Since not all return the same 127.0.0.x code, or the last number can have different meanings).

Yes, I could of added an additional blacklist table, however I wanted to do this quick and easy, and also this is just a realtime blackhole, not a permanent one. Though your hack (webspider) does sound worthwhile. I actually have only had to block a couple users via my firewall that were severly abusing the forum.

Anyhow, once I get that last little kink worked out, I'll post the code in this thread.

Alright, I've finished the code... My last problem was that the templates were not showing up, the issue came because the global_start hook occurs before the header & footer templates are fetched, so I had to add them in manually.

There's 3 simple steps to implementing this.

1 DB addition
1 Phrase addition
1 XML file to import

I guess this could of been a "product" or whatever to automate the DB & Phrase, but I haven't had a chance to mess with that yet, and I don't plan on supporting this, so please don't ask.

The code is simple enough, I think a person could figure out how to add additional RBLs.

Anyhow, I'm not trying to step on the original author's toes with this hack, this is just a slightly different alternative that only checks (and saves) once per session (instead of every request).

Could someone remake a bit @eoc_Jason code into produck so it could be installed and uninstalled right from the ACP? Thank you :)

ps.
I think that this option when will be done and working on 100% should be included as a standard option.

I actually modifed it even more from what I posted for my forum, only to run the check on specific user groups.

I'll probably futz with it some more today, to make it an actual "product" for my site.

TMM-TT (or anybody) can use the file I uploaded and expand upon it however they want. I don't want to step on anybody's toes with this hack, which is why I'm offering for someone else to manage it. However if nobody else wants to step up to the plate I am more than willing to do it.

EDIT - Here is an update from the previous page. This is released as a "product" so that it adds the database field & phrase and everything automatically.

You have some typo errors at the bottom in the msg but thats no big deal.

Installed & tested it with my Hide IP platinum application and it blocks the proxies it uses that are blacklisted :)

I am extremely impressed. Well done eoc Jason you are a star.

I personally think this has to be the hack of the month!

Jason you earn a price :rolleyes:

Installed and tested with several proxy proggies and it works fine !!!

Many thanks from me and the mods of my forum.


Ad

PS:

Perhaps it's better to start a new thread or edit the first post (mister moderator) while things are different now then mentioned in the first post IMHO.

lol, I just noticed there was a type in the OPM_Deny phrase, it's pseudo engrish. Oh well. I'm sure people will customize it to meet their needs anyways.

Like I said, you can have it check other RBL's, and set only the returned error code that you want (if they return multiple), it will stop after the firs the blacklisted found. However I think spamhaus is enough since it is a combination of the 3 big ones out there.

You can additionally test it if you edit your session table directly and set your session OPM = 2. (I had a heck of a time finding an open proxy!).

I've found that about 1 or 2 out of the current users online is marked as an open proxy (I have about 250-400 people online at a time usually). Some are false positives though as I got a few complaints and when I checked them out, they were entries that haven't been tested in weeks or months!

I have several usergroups which people get auto-promoted, so only my guests, and lowest registered usergroup actually get checked, which I might even allow guests too, not sure at this moment in time.

If you only want to check certain usergroups, you can use the following IF statement around the two function calls.


if (!in_array($vbulletin->userinfo['usergroupid'],array(1,2,3,etc...)))
{
// The two session OPM IF statements would go here.
}

Nice work! I had kludged something together earlier, but a plugin is a lot better. I've installed it and will test it out :)

I'm not sure I agree with the comments on caching. This plugin uses gethostbyname() to do a DNS request to the blocklist servers. This DNS request will be issued to the (colo provider's) DNS cache and that server will already cache the answer for you. This server will keep it in the cache as long as the TTL of the record in the blocklist, so you are caching it as long as the blocklist specifies it, which is often hours or days, and you have the best chance of having an up to date result, because your DNS takes care of caching and retrieving.

Caching would also make the code more complex and prone to errors, also it costs extra time for a feature that DNS already provides. A network DNS lookup is also often faster than a database table lookup and does not stress the disk.

When you check one blocklist, the network load is comparable to doing HostnameLookups On in Apache, which is minimal for all but the largest sites. If needed, I would advise checking a composite blocklist that mirrors many other lists, so you only spend one DNS packet in and out.

I actually modifed it even more from what I posted for my forum, only to run the check on specific user groups.

I'll probably futz with it some more today, to make it an actual "product" for my site.

TMM-TT (or anybody) can use the file I uploaded and expand upon it however they want. I don't want to step on anybody's toes with this hack, which is why I'm offering for someone else to manage it. However if nobody else wants to step up to the plate I am more than willing to do it.

EDIT - Here is an update from the previous page. This is released as a "product" so that it adds the database field & phrase and everything automatically.

eoc_Jason

Doesnt look like anyone wants to step up... Anyway, great product and its already working and has stopped a few of my problem childern on my site. Though my only conplaint was it blocked one of my regulars who isnt even on a open proxy BUT who's ISP has lots of blacklisted IPs because of spam/proxy abuses. He is using a static ip so he is having to submit it to spamhaus and see if they will remove it. Plus he is contacting his ISP about the issue...

As for any future updates you or anyone might make on this product it would be nice to have a exculed IP list via your admincp. Basicly, a nice little field were I could add ips that should be exempt from the blacklist access block even if they are blacklisted via spamhaus or some other list you might be using via this product. But then again one user having to deal with this is all that big of deal....

Anyway, thanx again for a great product.

EDIT - Here is an update from the previous page. This is released as a "product" so that it adds the database field & phrase and everything automatically.

AWESOME!! I have this one idiot that keeps coming back saying crap like "u can't get rid of me" blah blah. I hope this does, at least it is a step in the right direction.

Skydancer - I agree with your statements about how DNS "should" cache the info, however, not knowing what all RBLs set their TTL to, or also any mis-configurations, having one little bit of info stored locally makes sense (to me).

The current RBL lookup in the code is spamhaus' list, which is actually a combined open proxy list from 3 sources. So you get a 3-fer-1 in the query.

Lastly, the session info for vB is a HEAP table (meaning it's only stored in memory, not on the HD). vB does a "SELECT *" from the table when doing it's inital session stuff, so there is no added overhead in that case.

Like I said in a previous post, the worst-case scenario that I can think of is if the RBL goes does or does not respond in a timely fashion. I did not put in any timeout / exception handing.

Nice work! I had kludged something together earlier, but a plugin is a lot better. I've installed it and will test it out :)

I'm not sure I agree with the comments on caching. This plugin uses gethostbyname() to do a DNS request to the blocklist servers. This DNS request will be issued to the (colo provider's) DNS cache and that server will already cache the answer for you. This server will keep it in the cache as long as the TTL of the record in the blocklist, so you are caching it as long as the blocklist specifies it, which is often hours or days, and you have the best chance of having an up to date result, because your DNS takes care of caching and retrieving.

Caching would also make the code more complex and prone to errors, also it costs extra time for a feature that DNS already provides. A network DNS lookup is also often faster than a database table lookup and does not stress the disk.

When you check one blocklist, the network load is comparable to doing HostnameLookups On in Apache, which is minimal for all but the largest sites. If needed, I would advise checking a composite blocklist that mirrors many other lists, so you only spend one DNS packet in and out.


cnutter - Yes, I had the same issue with a couple of my members getting dumped with bad dynamic IPs. However, all the sites that spamhaus uses has extremely simple (one-click removal) links, which will remove the IP and by the next update (hourly) should no longer be blocked. An IP exclusion would not work for most people as they have dynamic IPs. Instead you might want to consider doing it by usergroups, as I posted a snip of code above about bypassing the check for certain groups.

Regarding the "Stepping on someones toes"; it's ok with me if you step on my toes, because I needed help with this plugin from the start myself. I knew that you guys in here could help me with this one, to make it better. So any ideas are still welcome. My RBL-DNS opm.tornevall.org (http://opm.tornevall.org) is free to use as long as it exists, and will be continuously updated with new proxies, and old proxies will be marked as "not working" when they are not reachable anymore.

The values for working and not working are:

$bit_working = 2;
$bit_blitzed = 4;
$bit_timeout = 8;
$bit_error = 16;


.. and the blitzed-one is used if the proxies are matched with the blitzed database (Currently around 4200 out of 28300 registered proxies has been matched to their database).

By the way, thanks for all help. :)

I think one major thing that needs to be addressed is a low "timeout", incase a RBL becomes un-responsive. I've been so busy I haven't had a chance to look into that yet, but I know there is a PHP variable somewhere. Also there might be a better method than using the gethostbyname function, not sure.

We've installed this as a product now and hope it's working. Are there things to do after the install such as update a blacklist somewhere?

i had to disable this. It was causing major lag on my site.

I was not having a lag at all but I did find a high ratio of false positives.

I was not having a lag at all but I did find a high ratio of false positives.
DITTO here.

Which list were the false positives coming from? I usualy found most were coming from CBL, which I disabled that code in mine. There were IPs that were last checked / listed many, many months ago. Which you would *think* would get de-listed over time, but they wern't.

Perhaps the actual checking code should be a shutdown query, as to not lag the end-user. Then the regular check against the session table can be where it currently is.

is there a way to just do this for new users registering?

Which list were the false positives coming from? I usualy found most were coming from CBL, which I disabled that code in mine. There were IPs that were last checked / listed many, many months ago. Which you would *think* would get de-listed over time, but they wern't.

Perhaps the actual checking code should be a shutdown query, as to not lag the end-user. Then the regular check against the session table can be where it currently is.
eoc_Jason I used your plug in and not the one in first thread.
It rejected connections from "GoBigWest" and "Dialup.cc". Both ISPs use Level3 numbers.

Rejected IPs were

IP Address: 4.250.177.131
Hostname: dialup-4.250.177.131.Dial1.Weehawken1.Level3.net

IP Address: 4.250.138.133
Hostname: dialup-4.250.138.133.Dial1.Weehawken1.Level3.net

The Spamhaus website said that the IP's weren't listed, but other whois sites were able to correctly identify them as Level3.

is there a way to just do this for new users registering?

Yes, just edit the plugin and add at the top:

if (THIS_SCRIPT=='register') {

and at the bottom:

}

Yes, just edit the plugin and add at the top:

if (THIS_SCRIPT=='register') {

and at the bottom:

}


Skydance so it should look like this if we only one it to check users as they register on a site?

if (THIS_SCRIPT=='register') {

if ($vbulletin->session->vars['OPM'] == 0) {
OPM_proxy_check(IPADDRESS);
}

if ($vbulletin->session->vars['OPM'] == 2) {
// parse some global templates
eval('$gobutton = "' . fetch_template('gobutton') . '";');
eval('$spacer_open = "' . fetch_template('spacer_open') . '";');
eval('$spacer_close = "' . fetch_template('spacer_close') . '";');
eval('$headinclude = "' . fetch_template('headinclude') . '";');
eval('$header = "' . fetch_template('header') . '";');
eval('$footer = "' . fetch_template('footer') . '";');

eval(standard_error(fetch_error('OPM_Deny',IPADDRE SS)));
}


function OPM_proxy_check($OPMremote) {
global $vbulletin, $db;

$cleaned['sessionhash'] = "'" . $db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'";

$OPMlist = array(
"xbl.spamhaus.org" => array(4,5,6)
);


$OPMreverse = implode('.',array_reverse(explode('.',$OPMremote)) );

foreach ($OPMlist as $OPMhost => $OPMcodes) {
$OPMresult = explode('.',gethostbyname($OPMreverse.".".$OPMhost));

if($OPMresult[0] = 127 && in_array($OPMresult[3],$OPMcodes)) {
$db->query_write("
UPDATE " . TABLE_PREFIX . "session
SET OPM = 2
WHERE " . TABLE_PREFIX . "sessionhash = $cleaned[sessionhash]
LIMIT 1
");
$vbulletin->session->vars['OPM'] = 2;
break;
}
}

if ($vbulletin->session->vars['OPM'] == 0) {
// This IP is okay for this session
$db->query_write("
UPDATE " . TABLE_PREFIX . "session
SET OPM = 1
WHERE " . TABLE_PREFIX . "sessionhash = $cleaned[sessionhash]
LIMIT 1
");
}

return;
}
}

Or... Just use it for the test...


if (THIS_SCRIPT=='register') {
OPM_proxy_check(IPADDRESS);
}

I'm just curious - has anyone tested opm.tornevall.org (http://opm.tornevall.org)-resolver, and got false positives?

Hey check this out today... which is better?

https://vborg.vbsupport.ru/showthread.php?threadid=98705

Different methodology with his. He's basically doing a check for guests only, every time when they post.

There's a million different ways you can implement a DNSBL for a forum, it all just depends on what you are trying to prevent.

im trying to prevent any ba****d spammer trouble maker :)

Yes, just edit the plugin and add at the top:

if (THIS_SCRIPT=='register') {

and at the bottom:

}


FYI -- This seems to have buggered up ANYONE from joining my forum. I have gotten at least 50 email in the past 3 days from people who say they just get a blank page when they try to join the site. This is was confirmed by myself when I tried to create a test account and couldnt. After I removed skydancers code change everything went back to being fine. Though I am getting around 15 to 20 of my normal users reporting blacklist issues. So I have hence uninstalled this plugin. Thanx guys but the high number of false postives and lack or whitelist option precluded me from using this any longer...

how do you know which ip is blocked or banned from the admin control panel? I been looking around ..sorry I'm a noobie . :)

There is no recording of that data (in any of the code that I've seen posted). Though you could probably output the IP & time to one of the various logs if you wanted to.

There is no recording of that data (in any of the code that I've seen posted). Though you could probably output the IP & time to one of the various logs if you wanted to.

Question: I installed this plugin over the weekend (eoc_Jason's version) & a friend of mine told me to test it with http://anonymouse.org/ and it went right through. later that same day a friend of mine who uses T-Mobile service on his PDA said he get a message about blacklisted proxy when he tried to log in. So my question is, who updates these lists & how does one get an IP added?

http://anonymouse.org/ only uses 2 IP Addresses:
82.96.100.100
85.195.119.22

Each list is maintained by a separate group of people. Most are automatic testing scripts that look for certain ports and test to see if they can connect properly. I've noticed that the CBL list seems to generate a lot of false positives, and also contains a lot of stale data. (i.e. I had one IP that was last checked over 6 months ago and it was listed!)

Sites like the one you posted above is not considered an exploited proxy since they are offering the service. If you don't want users using that service than simply block their IPs as usual.

I modified my script slightly to help people that were experiencing errors. Basically I changed the line in the code to add the IP address as such:

eval(standard_error(fetch_error('OPM_Deny',IPADDRE SS)));

Then modified my phrase as such:


<p><b>Sorry, but you do not have access to this forum!</b>
<p>The reason is you are trying to access this site via a <b>Blacklisted Open Proxy</b>! If you are using a dynamic IP you probably just got dumped with one that a person abused before you.
<p>Fear not! You can find out more info about where your IP is blacklised (and removal) via the <a href="http://www.spamhaus.org/query/bl?ip={1}">Spamhaus Website</a>.
<p>The IP in question is: <b>{1}</b>
<p><b>DO NOT</b> contact us about being removed, <u>we do not control the lists</u>! Please follow the link above, once you go to the site that has your IP listed, removal is usually a 1-click process. After submitting your IP for removal, the DNS is usually refreshed within the hour.

Each list is maintained by a separate group of people. Most are automatic testing scripts that look for certain ports and test to see if they can connect properly. I've noticed that the CBL list seems to generate a lot of false positives, and also contains a lot of stale data. (i.e. I had one IP that was last checked over 6 months ago and it was listed!)

Sites like the one you posted above is not considered an exploited proxy since they are offering the service. If you don't want users using that service than simply block their IPs as usual.

I modified my script slightly to help people that were experiencing errors. Basically I changed the line in the code to add the IP address as such:

eval(standard_error(fetch_error('OPM_Deny',IPADDRE SS)));

Then modified my phrase as such:


<p><b>Sorry, but you do not have access to this forum!</b>
<p>The reason is you are trying to access this site via a <b>Blacklisted Open Proxy</b>! If you are using a dynamic IP you probably just got dumped with one that a person abused before you.
<p>Fear not! You can find out more info about where your IP is blacklised (and removal) via the <a href="http://www.spamhaus.org/query/bl?ip={1}">Spamhaus Website</a>.
<p>The IP in question is: <b>{1}</b>
<p><b>DO NOT</b> contact us about being removed, <u>we do not control the lists</u>! Please follow the link above, once you go to the site that has your IP listed, removal is usually a 1-click process. After submitting your IP for removal, the DNS is usually refreshed within the hour.


Thanks. I am using your script with that line intact. ;)

Which list were the false positives coming from? I usualy found most were coming from CBL, which I disabled that code in mine. There were IPs that were last checked / listed many, many months ago. Which you would *think* would get de-listed over time, but they wern't.

Do I just comment out the line below to disable CBL?

127.0.0.4 = CBL / Composite Block List @ cbl.abuseat.org

Also, does anyone have a test online proxy I can run through to make sure it's working correctly?

I don't get this... For eoc_Jason's hack, do you just install the XML and that's it?

Is there any need to configure anything?

Thanks.

Or... Just use it for the test...


if (THIS_SCRIPT=='register') {
OPM_proxy_check(IPADDRESS);
}


I have added this snippet of code right after

*********************************************/

and before:

if ($vbulletin->session->vars['OPM'] == 0) {

Would someone be so kind as to explain where I went wrong?

I only want to check for proxies during registration.

I also have a problem with a very reliable member, they can not access the forums with this hacked installed as a stock plugin. They sent me the following:

My IP address from home is blacklisted. It is my earthlink account.
Thanks in advance

Sorry if this has already been asked, but where can you put your own list of IPs? For instance, if I find IP addresses that are being used as open proxies but have not been listed at spamhaus, can I put these into my own file somewhere as a '2' value and, if so, does this go straight into the DB?

Sorry if this has already been asked, but where can you put your own list of IPs? For instance, if I find IP addresses that are being used as open proxies but have not been listed at spamhaus, can I put these into my own file somewhere as a '2' value and, if so, does this go straight into the DB?

Please don't tell me that this hack has been abandoned already...

This could have been really big.

It appears it has. That's a shame, when security is more needed then ever.

:( so I guess it means a little reverse engineering for this - has anyone else found a solution to adding unlisted IPs before I start to reinvent the wheel?

You can blacklist IPs in the vB Options...

Otherwise to have it work smooth with the current RBL checks you could install a DNS server locally that can be used as a local RBL.

Or you could fudge it and create an array with the list of IPs, then do a second check to see if it's in_array() and if so set the flag to block them.

I would love to develop it further, but I just don't have the time with other projects. Some things you might want to consider changing is have the check run as a shutdown query or something, so that the user doesn't have to sit and wait and get impatient if the check doesn't run quickly.

I know some people warned that on large sites this may cause problems. I'm here to say that is VERY true. My server loads were, on average, 1.00 across the board or less. After the board started picking up more and more members, and averaging more than 20 online at a time--the load was up to 4-8 (average). I couldn't think of what the problem was, i started blaming PHP and apache lol... but that wasn't it. Just keep this in the back of your mind if you use it. I removed it, and my load on the server and page load time - is back to normal:

Page generated in 0.28239 seconds with 17 queries [Server Loads: 0.37 0.40 : 0.76]

If you switch the code to a shutdown query, then it shouldn't affect load as much.

not sure if its just me. but when i install it, it messes up my index. and won't view it.. i disable - and perfect? :s any way to block any type of proxys?

I experienced similar problems, completely crippled the index.php with a could not locate OPM_Deny message I believe it was. Index works fine with it disabled...

maybe a offical release/fix for 3.5.2?

I've been playing around with this code a bit and I'm not sure if this works, so I want to check with you before I say something about the code. If it works, maybe someone can help me with a product update? :)

First, I created a new table for the database (dumped with mysqlcc :)):



CREATE TABLE `proxycache` (
`ip` varchar(15) NOT NULL default '',
`dateline` int(11) NOT NULL default '0',
`listed` int(11) NOT NULL default '0'
) ENGINE=HEAP DEFAULT CHARSET=latin1 COMMENT='proxycache';




And the code, for caching resolved hosts (this is a replacement for my first code actually):



// ################################################## #####
// DNSBL/OPM Proxy Blocker for VB 3.5.2
// Based on an old script added to global.php
// Version 1.0.1 - Written by Tomas Tornevall (TMM-TT)

$timestamp = time();
$cleanafter = 21600;
$timediff = $timestamp - $cleanafter;

// Clean up old entries
$db->query_write("DELETE FROM " . TABLE_PREFIX . "proxycache WHERE dateline < $timediff");


// OPM Databases to use
$opmlist = array(
"opm.blitzed.org",
"opm.tornevall.org",
"dnsbl.njabl.org"
);

// Pick the data we need
$OPMremote = $_SERVER['REMOTE_ADDR'];

// Make the data reversed for DNSBL
$OPMReverseRemote = explode(".", $OPMremote);

$reverseip = "$OPMReverseRemote[3].$OPMReverseRemote[2].$OPMReverseRemote[1].$OPMReverseRemote[0]";

$proxydb = $db->query_first("SELECT ip,listed FROM " . TABLE_PREFIX . "proxycache WHERE ip = '$OPMremote' LIMIT 1");

$proxyexist = $proxydb['ip'];
$proxylisted = $proxydb['listed'];

// If nothing has been added, act normal
if (!$proxyexist) {

foreach ($opmlist as $OPM) {
$OPMResolved = gethostbyname($reverseip . "." . $OPM);
$OPMAnswer = explode(".", $OPMResolved);
// Block all hosts that has been resolved to 127.0.0.xxx
if ($OPMAnswer[0] == "127") {$opmfound = 1;}
}

}


// Manually added OPM's goes here, just in case of problems (You might want to let someone in?)
// Dont forget the $proxylisted = 0 here
//if ($OPMremote == "whatever.you.want.to.protect.here") {$OPMfound = 0;$proxylisted = 0;}

if ($opmfound == 1) {
$db->query_write("INSERT INTO " . TABLE_PREFIX . "proxycache (ip, listed, dateline) VALUES ('$OPMremote', 1, $timestamp)");
$proxylisted = 1;
} else {
// 127.* was'nt found, so this one is'nt listed. Also check if it was found in the db. If not - add
if (!$proxyexist) {$db->query_write("INSERT INTO " . TABLE_PREFIX . "proxycache (ip, listed, dateline) VALUES ('$OPMremote', 0, $timestamp)");}
}

// If found in db, send error
if ($proxylisted == 1) {
eval(standard_error(fetch_error('OPM_Deny')));
}




Any comments? Can this work? :)




Edit/050103: Just found a human-bug, that was fixed from now :)
$query_write should be $db->query_write, very sorry for that.

seems like these are all using Front-End Error Messages if im correct... and this is no longer in vbulletin 3.5.3 can someone update these?

works fine in 3.5.3 for me

I would love for this to come back to life. I had been using it, and it was wonderful! The only drawback was from the "false positives", and sadly, I had to disable it - if someone could step up and code in a conditional statement that checks against a admin-entered .txt or .xml whitelist, put your PayPal link in. and I'll send some "thanks" your way... ;)

I am having problems changing the OPM Phrase that appears to people...

Any IDeas?

I've just uploaded a new version...

Added to version 2.0.1:

// CHANGES
//
// 2006-04-21
// ==========
//
// * proxyinclusions
// quickly add own hosts that should be treated as a proxy

could this mod be modded so it only checks new registering users? is it just a case of replacing the hookname with register_start instead of global start?

Also how would i go about adding sorbs.net to the list?

I'm looking at the 2.0.1 plugin code, and I noticed that you did this:

// Right now
$timestamp = time();

My I ask why are we creating a new variable instead of using the default one defined in the initializer (./includes/init.php ~line30)?
define('TIMENOW', time());

Surely its not by a whole lot individually, but I'm sure it'd save some resources to use the already defined static value than creating a new one each time?

opm.blitzed.org needs to removed from the default list, as it is no longer in operation.

http://lists.blitzed.org/pipermail/opm-announce/2006q2/000015.html

opm.blitzed.org needs to removed from the default list, as it is no longer in operation.

http://lists.blitzed.org/pipermail/opm-announce/2006q2/000015.html

Thanks! :)

Here we go -

// 2006-05-13
//
// * sorbs zones added (no bitmasking)
// * opm.blitzed.org removed
// * time() changed to TIMENOW

Is this supposed to work with Public Proxies? I am testing it on my site and it doesn't seem to....

if it works properly.. it ll be one of the best xml product i´m adding

thanx a lot buddy..

gr8

I'm getting this sql error for some reason:

Invalid SQL:
INSERT INTO vb_proxycache (ip, listed, dateline) VALUES ('165.138.192.9', 0, 1147712488);
MySQL Error : Duplicate entry '165.138.192.9' for key 1

and for me this is incompatible with menu control 1.3 and hit coutner hacks

The duplicate entry can be fixed (I think) with a repair or optimize on that table. The menu control sounds new for me.. :)

I only want to check for proxies during registration.




Same here, did you find yoru solution? Anybody?

Same here, did you find yoru solution? Anybody?


How about moving the plugin from global_start to register_start?

Does that do the trick?

What I want is to disallow people on proxies to register, I don't want the script to check any further than that.

I am pretty happy with the alter ego detector hack, and I don't have a problem with people using multiple nicks, I just want to disallow signups that come via a proxy.

I think this is big hack my board avarage is 400 online user at a lot time any big server can be install this hack ?? and have you see any problem ?
regards

How do i install this, am a newbie. Have download it but cannt find how to add it to the plugin system.

Go to manage products, then at the bottom click add/import product, then click browse and nav to the .xml file and you're done.

*edit*
I do have a question..I've installed the hack, is that it, install it and it's good to go, nothing to configure?

Ever since I installed this today I've been getting these kind of errors emailed to me

Database error in vBulletin 3.5.4:

Invalid SQL:
INSERT INTO proxycache (ip, listed, dateline) VALUES ('62.252.64.13', 0, 1149904834);

MySQL Error : Duplicate entry '62.252.64.13' for key 1 Error Number : 1062
Date : Friday, June 9th 2006 @ 09:00:35 PM
Script : http://www.talkjesus.com/private.php
Referrer :
IP Address : 62.252.64.13
Username : bigwhale
Classname : vb_database


Anyone know what's it all about?

Can someone please help me? I'm getting a few of these errors each day

Nice. Helped my get rid of some slammers. Thanks.

Help? I uninstalled this hack and people are still being blocked!

Sorry for all delayed answers...

MySQL Error : Duplicate entry '62.252.64.13' for key 1 Error Number : 1062

I think a database repair on the table proxycache should fix duplicate entries. I've got the same problems, specially with sessions those moments, when my server completely locked up so I had to force a reboot and that table is also fixed the same way.

I do have a question..I've installed the hack, is that it, install it and it's good to go, nothing to configure?

Everything is (still) made from the plugin code. I've been working with a troll-tracker tonight, that can be configured via admincp settings so I hope I can fix it for this product too. :)

Look for this code in the plugin, for configuration (below):


// Configuration (this should be moved to the admin panel)
// 0 = off, 1 = on



What I want is to disallow people on proxies to register, I don't want the script to check any further than that.

I have a version 2.0.3 in my hand now, and that code works as a function so it can be called from other plugins too. With an admin interface, there might be a chance that this can be fixed easier than today. :)


Help? I uninstalled this hack and people are still being blocked!


If it's uninstalled, it shouldn't do anything, so this is very strange. Do you still have the same problem?

It's still 2.0.3 but some changes to the configuration has been made. The request for another function has also been added, refering to this request


// 2006-06-26
//
// * Created options for admincp (removed plugin-configuration)
// * Fixed a bit-bug for njabl
// * Plugin is now a function (rbl_livecheck) for external lookups
// * Added options for "only block on newuser-registrations"

Minor modifications has been made to the source. The first one is only a default value (look below ;)). The second change affect opm.tornevall.org - an extra separate entry has been added to the DNS-database for anonymizers (like iphide.com and anonymouse.org, the only two web-based anonymizers I know actually). I think blocking of proxy-by-web-anonymous-services can be useful in some way, somewhere. :)


// 2006-06-28
//
// * opm.tornevall.org has a new entry for anonymizers, added support for this
// * Default value on "block everything detected" in installer changed to "no"

Thanks! I was waiting for those 2 to be blocked :]

Thanks! I was waiting for those 2 to be blocked :]
And now, it works better. Just found a bug in the $block-part, that should be fixed now.. :)

haha another mod on my car site called me saying he couldnt get on ... he uses aol, im guessing its blocking those as well?

haha another mod on my car site called me saying he couldnt get on ... he uses aol, im guessing its blocking those as well?

Only if it's registered in some of the RBLs listed. :)

It also depends on how the monitor is configured. I used to have more hosts in the list before but since some of the rbls fight e-mail spam and therefore blocks large dynamic ip ranges, I had to remove some of them. If the "Block everything" is set to yes, the monitor will also block everything, not matter how it's registered and that may in some cases include dynamic hosts. That's why block everything is set to no as default.

The phrase added in the product gives an address to www.tornevall.net/cgi-bin/ip.cgi where you can check which engine the ip is detected as blacklisted.


Edit:

This post made me look so inclusions/exclusions really worked properly. It didn't - the conversion from the old "plugin-configuration" made me forget a few things in the new versions. So there's a new update, again. :)


// 2006-06-28 (2.0.6/Another fix)
//
// * Proxyinclusions/exclusions didn't work properly

Thanks the best usefull script I have seen for a long period of time.

Many other scripts are good to, but they are mostly "fun"

Hi i really need help fixing this error i get this in my email how do i fix

Database error in vBulletin 3.6.0:

Invalid SQL:
INSERT INTO proxycache (ip, listed, dateline) VALUES ('218.11.207.244', 1, 1155435828);

MySQL Error : Duplicate entry '218.11.207.244' for key 1 Error Number : 1062
Date : Saturday, August 12th 2006 @ 10:23:31 PM
Script : http:///forums/infraction.php?do=report&p=14975

Is there still a huge problem with false positives? Right now, I'm limiting the DNSBL to opm.tornevall.org, because it blocks Tor and many anonymizers.

EDIT: How does it affect the server load? I temporarily disabled it, because when it was activated my load average rose by quite a bit. Maybe it was a coincidence.

Heh, I've done something wrong when installing and now I can't get into the admincp as its seeing my normal isp ip as a proxy. I'm locked out any suggestions please...

hehe clean your system and secure it. Go to the dnsrbl list and get removed, then login

Thats not helpful at all, as my ip is dynamic...

Has anyone heard about relakks (http://www.relakks.com), the anonymous VPN (some swedish piracy sites has been writing about this, because it makes filesharing more secure)? I've been thinking a while on how this network opens for new abuse-methods into forums, so I decided (yesterday) to add a bunch of completely new entries (65025 ips) into tornevall.org's RBL-database as a preparation for the future. I haven't been testing this with this product yet, but I think adding relakks.tornevall.org into the RBL-list might work, if you'd like to block the Relakks network. I've added this system on another subdomain so this shouldn't interfere with opm.tornevall.org (http://opm.tornevall.org).

I get a lot of these each day, maybe a dozen but various IP's.

Is this normal?

Database error in vBulletin:

Invalid SQL:
INSERT INTO proxycache (ip, listed, dateline) VALUES ('81.153.88.1', 0, 1157465418);

MySQL Error : Duplicate entry '81.153.88.1' for key 1 Error Number : 1062
Date : Tuesday, September 5th 2006 @ 09:10:20 AM
Script : http://www.talkjesus.com//login.php
Referrer :
IP Address : 81.153.88.1
Username : Unregistered
Classname : vb_database

Can someone please help out? Still getting these errors

Even some that show as no proxy?
http://www.dnsstuff.com/tools/city.ch?ip=68.34.123.100

Can someone please help out? Still getting these errors

Can you check if ip-field in the the proxycache is set as a key? If not, this might cause problems wipe dupe keys. An alternative can be to optimize/repair the table.

I've also noticed that the proxydb can't handle ipv6 properly. Maybe thats something to look at. :)


Even some that show as no proxy?
http://www.dnsstuff.com/tools/city.ch?ip=68.34.123.100

Doesn't it show up as proxy? What do you mean? :)

http://www.tornevall.net/cgi-bin/ip.cgi says:


REMOTE_ADDR 68.34.123.100

cbl.abuseat.org => unlisted
dnsbl.njabl.org => unlisted
dnsbl.ahbl.org => unlisted
rbl.efnet.org => unlisted
http.dnsbl.sorbs.net => unlisted
socks.dnsbl.sorbs.net => unlisted
misc.dnsbl.sorbs.net => unlisted
opm.tornevall.org => unlisted
relakks.tornevall.org => unlisted

This may sound dumb, but how do you check using tornevall.net? I can't see anywhere to put in an IP address.

This may sound dumb, but how do you check using tornevall.net? I can't see anywhere to put in an IP address.


I never added a field for doing that because of the risk of spam (like bruteforcetesting networks), but http://www.tornevall.net/cgi-bin/ip.cgi?q=<ip> should work. :)

Questions from a techy admin at my forums:

Is there an option to only scan users when logging on/are logged on, to reduce the amount of scanning even further?
Also, can it log anywhere whenever it does detect someone trying to use a proxy in case we need to troubleshoot a false positive or something?
And what sort of error message does someone detected as an open proxy receive?

Where is "ip-field" to check if its set as key or not? If it is set as key, what should I do then?

Sorry for the delayed answer.. :cry:

Where is "ip-field" to check if its set as key or not? If it is set as key, what should I do then?


The table is called proxycache and the field 'ip'.

If the key is missing, this command to the sql should fix it:

ALTER TABLE proxycache ADD PRIMARY KEY(`ip`);

field "ip" is already there..what to do now?

field "ip" is already there..what to do now?
Can you see if it has a primary key?
If you think it hasn't, try the command I gave before -
ALTER TABLE proxycache ADD PRIMARY KEY(`ip`);

Hopefully, that'll help..If not, you can try to reinstall the product or use...
OPTIMIZE TABLE proxycache
alt.
REPAIR TABLE proxycache

...instead

I would like one like this that used the list from http://www.ahbl.org/docs/ircbl.php

Also would be nice to have one that checked the URLS people put it their posts and blcok them if they are listed on lists we select.

I would like one like this that used the list from http://www.ahbl.org/docs/ircbl.php


If you want the standard support, just add ircbl.ahbl.org to the DNSBL list in the configuration (attached example). I'll try add specific support for it in the next version.



Also would be nice to have one that checked the URLS people put it their posts and blcok them if they are listed on lists we select.

Do you mean like if someone posts www.freeporn.com into the forum, that post should be blocked if it's listed in the BL?

Questions from a techy admin at my forums:

Is there an option to only scan users when logging on/are logged on, to reduce the amount of scanning even further?
Also, can it log anywhere whenever it does detect someone trying to use a proxy in case we need to troubleshoot a false positive or something?
And what sort of error message does someone detected as an open proxy receive?
Any chance of an answer to these questions? I need to know before we can go ahead with implementing this on our forums. Thanks in advance. :)

Any chance of an answer to these questions? I need to know before we can go ahead with implementing this on our forums. Thanks in advance. :)
There is no option for that yet, but can be fixed. :)

Do you want it to work with the login.php-script only, and if a userid is equal to a logged in user?

That sounds good - If my techy has other thoughts I'll be sure to post them.

Also, is there any chance of knowledge on the second two questions?

Thanks once again for all your help. :)

I just installed this on my forum and it blocked me. I'm using Optimum Online at home and a leased line from VERIO at work. No clue why both are blocked as proxies. Any thoughts?

I just installed this on my forum and it blocked me. I'm using Optimum Online at home and a leased line from VERIO at work. No clue why both are blocked as proxies. Any thoughts?
If you can't log in to your forum, enter

define(DISABLE_HOOKS, 1);

to your config.php so you can disable the blocker while you're investigating...

Then check www.tornevall.net/cgi-bin/ip.cgi if that page says where you might be blacklisted (I just wrote a FAQ (http://forum.tornevall.net/showthread.php?t=134348) about the blacklist part).

You can also add your ip into the configuration under "Exclude from monitor". Then it won't block you.

It looks like there's a few problems with proxyblocking on admins. I'll take a look on some solutions on this. Maybe a function for "only look for logged in" users, so you have a chance to login before getting blocked. :)

My techy's response...

https://vborg.vbsupport.ru/external/2006/09/2.gif

Checking on logging in only wouldn't be good enough, especially if you tell your browser to "remember" to be logged in via cookies - you could even log in normally, then hop over to a proxy :p Checking whenever the user isn't a guest is good :p Of course, an option to only check when the user tries to post/PM/other database-changing function might be better than for every page request, but that's not important at the moment :p

I can always find out the answer to the error message question I asked by myself if we implement it, having access to multiple IP addresses simultaneously to post from :p I suppose the logging bit isn't that important right now either since I now noticed it says it caches IPs for a few hours, since we can then use an SQL query instead on the cache table, though it would be nice if with the IP it stored the username that attempted to connect from it in there as well :p

My techy's response...

tell your browser to "remember" to be logged in via cookies - you could even log in normally, then hop over to a proxy


How about something like this?

Let's say someone is logging into a forum in the normal way. After this, he switch to a proxy. The RBL checks if there's any changes from the last activity (with a limit of like 10 minutes so we're sure we don't block all dynamic users - besides, it should only look after proxys anyway, so that might not interfere with normal activity), and if the new ip is detected as a proxy, the users again gets blocked...

I've passed that on to my techy again. :D He's constantly going on about how it should include usernames in the proxycache at the moment... don't know if that's something you can do?

On a sidenote, is there any way for me to do a check on an IP to see if it is really an open proxy? I know there are sites that will check my own PC, but I'm not sure if there are sites that allow me to check other people's IPs. This would help me be reasonable when dealing with people who have complained that they can no longer get in.

PS. I have to say, you're definitely one of the more helpful guys I've experienced at these kind of boards. Thanks for your continuing assistance!

EDIT: Here's the response from our techy after quoting you to him...

Yeah, I saw that post, but I thought that's how it worked anyway? I thought it checked if the user's IP is in the database, it uses that data. Then if the user hops to a proxy (or changes IP address because he's dynamic), obviously his IP will be different so I thought it would check again anyway? I didn't know it cached if the user was clean, then it remembers the user, regardless of his IP address.

I originally mentioned the possibility of the address changing in context of if you only checked when the user logs on rather than all the time like it currently does, which wouldn't be when you want to check anyway. When I asked about only checking for users logging on/are logged on, I should have made it clearer by saying we don't care to check guests (or spiders) if they're using a proxy or not, since they can't post anyway, hence only continuously checking actual users logged in :p

TMM-TT do you know if this works on 3.6.x

TMM-TT do you know if this works on 3.6.x
Yes it does :)

thank you.

What about v3.6.2?

Do you mean like if someone posts www.freeporn.com into the forum, that post should be blocked if it's listed in the BL?

That would be nice if it didnt slow the site down too much..

Can you see if it has a primary key?
If you think it hasn't, try the command I gave before -
ALTER TABLE proxycache ADD PRIMARY KEY(`ip`);

Hopefully, that'll help..If not, you can try to reinstall the product or use...
OPTIMIZE TABLE proxycache
alt.
REPAIR TABLE proxycache

...instead

I am trying to install this on 3.6.0 and I'm getting the same database errors this user was.

Invalid SQL:
INSERT INTO proxycache (ip, listed, dateline) VALUES ('75.11.10.116', 0, 1160700950);

MySQL Error : Duplicate entry '75.11.10.116' for key 1
Error Number : 1062
Date : Thursday, October 12th 2006 @ 08:55:54 PM
Script : http://forums.nasioc.com/forums/forumdisplay.php?f=112
Referrer : http://forums.nasioc.com/forums/forumdisplay.php?f=23
IP Address : 75.11.10.116
Username : Unregistered
Classname : vb_database

And the IPs do already have records, so it's trying to insert a ip that's already been inserted. Shouldn't the code check to see if it's been inserted before trying to insert it again or run an update?

I have the primary key setup properly for ip.

I have repaired, optimized the proxycache table, but still no luck getting away from this error.

TMM-TT do you know if this works on 3.6.x


I get nothing but errors with this sent to my email =(

I added 'aol.com' to the 'exclude from monitor' section, but it is still blocking AOL users from registering. as much as i'd like to block AOL users... :) ... is this a bug or am I doing something wrong?

Thanks!

Thanks, really usefull!

i have just installed this and first must say thanks :)

however im having a few problems with a few of my regular behaved members getting blocked, and so far it just seems those who are with pipex, and bulldog isp's but only those with a static ip.

i have added exceptions etc but the only thing i could do to get them working is input their whole ip, whereas id rather be able to put in a partial ip to the exception list such as 81.86.*.* , but this doesnt work.

is there anyway i can make this happen, or maybe possible to add it to an update please :)

many thanks

i have just installed this and first must say thanks :)

however im having a few problems with a few of my regular behaved members getting blocked, and so far it just seems those who are with pipex, and bulldog isp's but only those with a static ip.

i have added exceptions etc but the only thing i could do to get them working is input their whole ip, whereas id rather be able to put in a partial ip to the exception list such as 81.86.*.* , but this doesnt work.

is there anyway i can make this happen, or maybe possible to add it to an update please :)

many thanks

just out of curiosity - did you try entering the exception as:
81.86.*
rather than: 81.86.*.* ...?

vBul seems to favor the x.y.* format.

I still can't get this add-on to work properly with AOL users.

If this setting:
Block on registration
Only block users on newuser-registrations

is set to "No" - does that make it so this mod checks when people have already registered? In other words - expanding the mod out from only new user registration?

I am trying to install this on 3.6.0 and I'm getting the same database errors this user was.

I have the primary key setup properly for ip.

I have repaired, optimized the proxycache table, but still no luck getting away from this error.

I am encountering the same problems as well. I configured this product to only block new registrations. I assumed that if you only block new registrations it will only check to see if an IP is blocked when a user tries to register. No such luck. :(

Is there any fix for this "Duplicate entry" issue?

There is no like manual with it, where on earth do you put it in the ACP??

worked it out :) thanks

Just updated my own forum with this one, that hopefully gets rid of a resolver-problem. Please report bugs, if you find them. :)


// 2007-08-05
//
// * Fixed reported bug, based on resolved hosts ending with 127
// * Changed database-tables to get rid of (hopefully) duplicate keys
// * Added resolver-function
// * Added two new block-methods available at the efnet-rbl

Administered from admin -> options -> DNSBL/Open Proxy monitoring

If you still have problems with duplicate keys, try reinstall the new version from scratch. I've removed the keying, to see if it works better without it. I think I should take care of some other problems reported here too, like the exclusion-part, so admins also can exclude domains (not just IP's) from the checking.. At least try, since I guess extra resolving takes extra time..

...then grandly attempted to demonstrate it to my wife by looking up "free web proxy" on Google and connecting with the first thing I saw, which turned out to be a network of web-based proxies at http://www.privax.us

Not only wasn't it blocked by this plugin, but I copy/pasted the entire list of their proxy sites into the proper place in the Admin Control Panel, and it still wasn't blocked!

I am no longer sure this thing is even working...how can I check?

Thanks in advance.

I don't know how other proxy-blockers works, but webproxies are added manually into the dnsbl at tornevall.org (at least for the moment).

You can test ip's by adding them into this url: http://dnsbl.tornevall.org/scan.php?ip=XXXX (where XXXX is the IP)

Like this: http://dnsbl.tornevall.org/scan.php?ip=149.9.0.58

Edit: It seems that all those sites listed at privax is using the same exit...

Not only wasn't it blocked by this plugin, but I copy/pasted the entire list of their proxy sites into the proper place in the Admin Control Panel, and it still wasn't blocked!

I saw that I missed explaining this part so I'll do that too

If you want to block hosts based on webproxys you must add the exit-ip into the controlpanel. Some proxies have different "exits" compared to the website you're testing from.

Anyway, I've added some anonymous webproxies into the dnsbl now, so if you want to test some of them, I think you can do that now. :)

I saw that I missed explaining this part so I'll do that too

If you want to block hosts based on webproxys you must add the exit-ip into the controlpanel. Some proxies have different "exits" compared to the website you're testing from.

Anyway, I've added some anonymous webproxies into the dnsbl now, so if you want to test some of them, I think you can do that now. :)

I'm not sure what you mean by "exits", but I did see that the first proxy listed used an address like w2.hidemyass.com when browsing so that's what I put in the control panel.

Anyway thanks for the fast response!

Outstanding! Works great.

Any way we can edit the error message? I tried looking around but couldn't come up with how to do it.

Outstanding! Works great.

Any way we can edit the error message? I tried looking around but couldn't come up with how to do it.

Fun to hear that! :)

The error message is a global phrase called OPM_Deny.

installed

worked on http://hidemyass.com

installed

worked on http://hidemyass.com
The ip I got from that site when I tried to use it, was added to Tornevall DNSBL (http://dnsbl.tornevall.org) at 2007-11-02. Maybe you have the wrong settings for the plugin?

You should enable the option "opm.tornevall.org: Block anonymizers".

Thanks for this, good modification should help stop people spamming on proxies.

Cheers ;)

Killy

The ip I got from that site when I tried to use it, was added to Tornevall DNSBL (http://dnsbl.tornevall.org) at 2007-11-02. Maybe you have the wrong settings for the plugin?

You should enable the option "opm.tornevall.org: Block anonymizers".

I was saying it worked! Its good!

Thanks for your response. If I want to whitelist a network, can I do it with a CIDR mask?

8.7.68.0/22

Like that?

I was saying it worked! Its good!

Thanks for your response. If I want to whitelist a network, can I do it with a CIDR mask?

8.7.68.0/22

Like that?
I have been thinking of that before, so that may be released in the next version if I can make it work :)


Edit:

worked on http://hidemyass.com (http://hidemyass.com/)

I was saying it worked! Its good!

NOW I saw that...! :o

I'm having a false positive problem on my forum where a lot of the blocked IPs only turn up as open relays on http://dnsbl.tornevall.org/scan.php

I'd like to allow them to access my site. I have checked all the "no" boxes involving relays and have also limited my blacklist hosts to opm.tornevall.org. Finally, I've added their Class B subnet (e.g., 123.231.*) to the "Exclude from monitor" list.

What else do I need to do to get these folks back up on my board?

thanks!

I'll make the exclusion-system more sensitive. I haven't fixed the subnetting/CIDR-checking yet, but at least I will do something about the wildcarding. There will be a 2.0.8-release in a moment :)

Done!

And there's a specific version for 3.7 (https://vborg.vbsupport.ru/showthread.php?t=191398) now, since I don't like changing the xml-content for every release. :)

Would love a log feature for this... the timestamp, ip and if present, the screenname.

Got it and added to my planlist! :)

http://forum.tornevall.net/project.php?issueid=992

sorry the stupid question, but do we just install this addon on vBulletin?

do we need to configure anything?

oh and on which category do I install this?

admin_index_main1?

Or somewhere else?

FYI: Time to change the blitzed bitmask, perhaps?

http://www.stopforumspam.com/forum/viewtopic.php?id=2224

The DNS Blacklist has also been updated:
Live reporting from scrapers
DNS runs on MySQL so everything reported goes live immediately
Daily statistics about added and removed hosts

FWIW, this plugin is perfect for blocking registration from certain countries. Use the country RBLs at http://countries.nerd.dk/.

Is this plugin available for vBulletin 4?

Bump. No errors on 4.1.7, but new users from countries I previously blocked with http://countries.nerd.dk/ are now getting through. I'll say it doesn't work on 4.