vb.org Archive - Miscellaneous Hacks - Check Proxy RBL on New User Registration.

Page 10 of 26

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)

- - Miscellaneous Hacks - Check Proxy RBL on New User Registration. (https://vborg.vbsupport.ru/showthread.php?t=131852)

sinisterpain

02-03-2007 09:54 AM

Quote:

Originally Posted by Stanley Steamer (Post 1173564)

This is my first kill.

I have a question. I received the PM from the program with this alert, but it was also supposed to post it in a hidden forum for the moderators.
Can this send the message to PM's and a forum, or just one or the other?
Do I use the full url of the forum or do I just write in the forum name and the ID number?

It will do both thats how I currently have it set up.
"ForumID For RBL reports
The forum you want RBL reports to be posted into. " In this option field put your forum id where you would like the post to go.

Stanley Steamer

02-03-2007 05:47 PM

I just recieved four of these identical PMs at the same time (2:25 pm), but it still hasn't posted anything in the special forum.
I copied and pasted the forum url from the browzer bar into the forum ID box.
I have all the permissions set so that it can access the hidden forum and make posts and threads.
I will have to re-check everything to see if I missed something.

Quote:

ALERT!

Someone has tried to register using the IP Address 193.193.193.153 which is MATCHED IN THE RBL DATABASE of the dnsbl.ahbl.org RBL.

This registration attempt has been allowed.

Registration Details: abossakon ( abossbsd@pelotka.info )

The Finman

02-03-2007 07:46 PM

Quote:

Originally Posted by Stanley Steamer (Post 1173564)

Hmmmmm...I usually don't post images of my Admin CP, but in this case it may help.

I have mine setup to post in the moderator's private forum (24), as well as send me (The Finman) a PM.

I would check yours against mine, as that would probably be the easiest way to find the problem.

http://www.ronaldreagan.com/temp/rbl2.jpg

Let me know if that helps. :)

Stanley Steamer

02-03-2007 09:54 PM

I see it.
You have the forum number (24) where I pasted the entire url into the box.
I'le just put in the forum number and see if it works.
By the way, it just killed another spammer a few minutes ago.
This program is great!

Stanley Steamer

02-04-2007 01:27 PM

It works now, thanks Finman.:)
It blocked this spammer this morning.

Quote:

ALERT!

Someone has tried to register using the IP Address 125.252.11.214 which is MATCHED IN THE RBL DATABASE of the sbl-xbl.spamhaus.org RBL.

This registration attempt has been allowed.

Registration Details: Sazanas ( sazanas@cardsphonesites.com )

It blocked it four times in a row with each registration attempt being one minute apart.
I assume this was an automated spam bot?

DaNIEL MeNTED

02-06-2007 01:28 AM

If you're getting multiple hits that close together I'm going to assume you're getting hit by a spam bot as I haven't had too many other reports of multiple hits like that... I've looked through the code and can't see anything that would cause it.

Glad to hear its helping out!!!

The Finman

02-06-2007 02:44 AM

Quote:

Originally Posted by Stanley Steamer (Post 1174405)

It works now, thanks Finman.:)
It blocked this spammer this morning.

It blocked it four times in a row with each registration attempt being one minute apart.
I assume this was an automated spam bot?

Yes, that is what it was.

I don't get too many of those, but I have had a couple try three times in under a minute.

This hack addresses the unique ability of bots to try and register using abilities beyond that of an ordinary human.

Quote:

This mod calculates the time it takes to go between these two pages:

The point is to try and prevent bots from registering at your forum when the time between the two pages is humanly impossible, assuming that humans actually take the time to complete the registration page.

Should a user be blocked from registering at your forum, an email will be sent to your vB webmasteremail address and the user will see the vB noregister phrase message, so no screenshot is necessary.

https://vborg.vbsupport.ru/showthrea...istration+time

I've downloaded it, but I haven't had a chance to install it. If any of you try it before I do. I would very much like some feedback on it. :)

Sincerely

~Fin

thumbsucker

02-06-2007 07:57 AM

I'm using

proxies.dnsbl.sorbs.net
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org
sbl-xbl.spamhaus.org

Is this overkill?

I'm primarily concerned with people who use fake IPs and such.

Stanley Steamer

02-06-2007 04:54 PM

Quote:

Originally Posted by thumbsucker (Post 1175847)

I'm using

proxies.dnsbl.sorbs.net
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org
sbl-xbl.spamhaus.org

Is this overkill?

I'm primarily concerned with people who use fake IPs and such.

I have all of these on my list.

sbl-xbl.spamhaus.org
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net
http://www.ahbl.org
dnsbl.ahbl.org
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org

So far the only one that has blocked them is sbl-xbl.spamhaus.org.
Whether or not it is over kill to have this many on the list, it doesn't hurt to have a big arsenel.

Quote:

I'm primarily concerned with people who use fake IPs and such.

Block this IP number ---> IP# 209.67.219.98

Blocking this IP blocks all of these proxy servers.

http://www.proxypanther.com/
http://www.doggyproxy.com/
http://www.elephantproxy.com/
http://www.monkeyproxy.net/
http://www.rainbowproxy.com/
http://www.thruzilla.com/
http://www.anonymizator.com/
http://www.anonymitor.com/
http://www.passthem.com/
http://www.sneakover.com/

I completly ruined a forum invasion with this one.:)

DaNIEL MeNTED

02-06-2007 05:40 PM

Quote:

Originally Posted by Stanley Steamer (Post 1176097)

So far the only one that has blocked them is sbl-xbl.spamhaus.org.
Whether or not it is over kill to have this many on the list, it doesn't hurt to have a big arsenel

That's because as soon as it matches one it stops processing ... if you move another one to the top of the list you'll see it show up in the reports.

Quote:

Originally Posted by Stanley Steamer (Post 1176097)

Block this IP number ---> IP# 209.67.219.98

I completly ruined a forum invasion with this one.:)

I'll add that to the next release.

All times are GMT. The time now is 03:16 PM.

Page 10 of 26

« First

Last »

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01380 seconds Memory Usage 1,756KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (10)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: