vb.org Archive
Page 2 of 5 1 2 34 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   DNSBL/Open Proxy-Blocking (https://vborg.vbsupport.ru/showthread.php?t=96318)

eoc_Jason 10-12-2005 02:12 PM
I think one major thing that needs to be addressed is a low "timeout", incase a RBL becomes un-responsive. I've been so busy I haven't had a chance to look into that yet, but I know there is a PHP variable somewhere. Also there might be a better method than using the gethostbyname function, not sure.

NuclioN 10-12-2005 09:25 PM
We've installed this as a product now and hope it's working. Are there things to do after the install such as update a blacklist somewhere?

ImportPassion 10-12-2005 09:47 PM
i had to disable this. It was causing major lag on my site.

webspider 10-12-2005 09:59 PM
I was not having a lag at all but I did find a high ratio of false positives.

C_P 10-13-2005 01:20 AM
Quote:
Originally Posted by webspider
I was not having a lag at all but I did find a high ratio of false positives.
DITTO here.

eoc_Jason 10-13-2005 02:46 PM
Which list were the false positives coming from? I usualy found most were coming from CBL, which I disabled that code in mine. There were IPs that were last checked / listed many, many months ago. Which you would *think* would get de-listed over time, but they wern't.

Perhaps the actual checking code should be a shutdown query, as to not lag the end-user. Then the regular check against the session table can be where it currently is.

ImportPassion 10-13-2005 02:52 PM
is there a way to just do this for new users registering?

C_P 10-13-2005 03:44 PM
Quote:
Originally Posted by eoc_Jason
Which list were the false positives coming from? I usualy found most were coming from CBL, which I disabled that code in mine. There were IPs that were last checked / listed many, many months ago. Which you would *think* would get de-listed over time, but they wern't.

Perhaps the actual checking code should be a shutdown query, as to not lag the end-user. Then the regular check against the session table can be where it currently is.
eoc_Jason I used your plug in and not the one in first thread.
It rejected connections from "GoBigWest" and "Dialup.cc". Both ISPs use Level3 numbers.

Rejected IPs were

IP Address: 4.250.177.131
Hostname: dialup-4.250.177.131.Dial1.Weehawken1.Level3.net

IP Address: 4.250.138.133
Hostname: dialup-4.250.138.133.Dial1.Weehawken1.Level3.net

The Spamhaus website said that the IP's weren't listed, but other whois sites were able to correctly identify them as Level3.

skydancer 10-16-2005 11:07 PM
Quote:
Originally Posted by 7thgenCivic.Com
is there a way to just do this for new users registering?
Yes, just edit the plugin and add at the top:

if (THIS_SCRIPT=='register') {

and at the bottom:

}

cnutter 10-17-2005 01:27 AM
Quote:
Originally Posted by skydancer
Yes, just edit the plugin and add at the top:

if (THIS_SCRIPT=='register') {

and at the bottom:

}

Skydance so it should look like this if we only one it to check users as they register on a site?
Code:
if (THIS_SCRIPT=='register') {

if ($vbulletin->session->vars['OPM'] == 0) {
    OPM_proxy_check(IPADDRESS);
}

if ($vbulletin->session->vars['OPM'] == 2) {
    // parse some global templates
    eval('$gobutton = "' . fetch_template('gobutton') . '";');
    eval('$spacer_open = "' . fetch_template('spacer_open') . '";');
    eval('$spacer_close = "' . fetch_template('spacer_close') . '";');
    eval('$headinclude = "' . fetch_template('headinclude') . '";');
    eval('$header = "' . fetch_template('header') . '";');
    eval('$footer = "' . fetch_template('footer') . '";');

    eval(standard_error(fetch_error('OPM_Deny',IPADDRESS)));
}


function OPM_proxy_check($OPMremote) {
    global $vbulletin, $db;

    $cleaned['sessionhash'] = "'" . $db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'";

    $OPMlist = array(
        "xbl.spamhaus.org" => array(4,5,6)
        );


    $OPMreverse = implode('.',array_reverse(explode('.',$OPMremote)));

    foreach ($OPMlist as $OPMhost => $OPMcodes) {
        $OPMresult = explode('.',gethostbyname($OPMreverse.".".$OPMhost));

        if($OPMresult[0] = 127 && in_array($OPMresult[3],$OPMcodes)) {
            $db->query_write("
                UPDATE " . TABLE_PREFIX . "session
                SET OPM = 2
                WHERE " . TABLE_PREFIX . "sessionhash = $cleaned[sessionhash]
                LIMIT 1
            ");
            $vbulletin->session->vars['OPM'] = 2;
            break;
        }
    }

    if ($vbulletin->session->vars['OPM'] == 0) {
        // This IP is okay for this session
        $db->query_write("
            UPDATE " . TABLE_PREFIX . "session
            SET OPM = 1
            WHERE " . TABLE_PREFIX . "sessionhash = $cleaned[sessionhash]
            LIMIT 1
        ");
    }

    return;
}
}

eoc_Jason 10-17-2005 02:27 PM
Or... Just use it for the test...

PHP Code:
if (THIS_SCRIPT=='register') { 
    OPM_proxy_check(IPADDRESS); 


TMM-TT 10-17-2005 03:46 PM
I'm just curious - has anyone tested opm.tornevall.org-resolver, and got false positives?

thedvs 10-18-2005 05:53 PM
Hey check this out today... which is better?

https://vborg.vbsupport.ru/showthrea...threadid=98705

eoc_Jason 10-19-2005 03:50 PM
Different methodology with his. He's basically doing a check for guests only, every time when they post.

There's a million different ways you can implement a DNSBL for a forum, it all just depends on what you are trying to prevent.

thedvs 10-19-2005 08:35 PM
im trying to prevent any ba****d spammer trouble maker :)

cnutter 10-20-2005 08:06 AM
Quote:
Originally Posted by skydancer
Yes, just edit the plugin and add at the top:

if (THIS_SCRIPT=='register') {

and at the bottom:

}

FYI -- This seems to have buggered up ANYONE from joining my forum. I have gotten at least 50 email in the past 3 days from people who say they just get a blank page when they try to join the site. This is was confirmed by myself when I tried to create a test account and couldnt. After I removed skydancers code change everything went back to being fine. Though I am getting around 15 to 20 of my normal users reporting blacklist issues. So I have hence uninstalled this plugin. Thanx guys but the high number of false postives and lack or whitelist option precluded me from using this any longer...

MikeGK 10-24-2005 01:47 PM
how do you know which ip is blocked or banned from the admin control panel? I been looking around ..sorry I'm a noobie . :)

eoc_Jason 10-24-2005 03:44 PM
There is no recording of that data (in any of the code that I've seen posted). Though you could probably output the IP & time to one of the various logs if you wanted to.

ximcix 11-07-2005 01:32 PM
Quote:
Originally Posted by eoc_Jason
There is no recording of that data (in any of the code that I've seen posted). Though you could probably output the IP & time to one of the various logs if you wanted to.
Question: I installed this plugin over the weekend (eoc_Jason's version) & a friend of mine told me to test it with http://anonymouse.org/ and it went right through. later that same day a friend of mine who uses T-Mobile service on his PDA said he get a message about blacklisted proxy when he tried to log in. So my question is, who updates these lists & how does one get an IP added?

http://anonymouse.org/ only uses 2 IP Addresses:
82.96.100.100
85.195.119.22

eoc_Jason 11-07-2005 04:14 PM
Each list is maintained by a separate group of people. Most are automatic testing scripts that look for certain ports and test to see if they can connect properly. I've noticed that the CBL list seems to generate a lot of false positives, and also contains a lot of stale data. (i.e. I had one IP that was last checked over 6 months ago and it was listed!)

Sites like the one you posted above is not considered an exploited proxy since they are offering the service. If you don't want users using that service than simply block their IPs as usual.

I modified my script slightly to help people that were experiencing errors. Basically I changed the line in the code to add the IP address as such:

PHP Code:
eval(standard_error(fetch_error('OPM_Deny',IPADDRESS))); 
Then modified my phrase as such:

Code:
<p><b>Sorry, but you do not have access to this forum!</b>
<p>The reason is you are trying to access this site via a <b>Blacklisted Open Proxy</b>! If you are using a dynamic IP you probably just got dumped with one that a person abused before you.
<p>Fear not! You can find out more info about where your IP is blacklised (and removal) via the <a href="http://www.spamhaus.org/query/bl?ip={1}">Spamhaus Website</a>.
<p>The IP in question is: <b>{1}</b>
<p><b>DO NOT</b> contact us about being removed, <u>we do not control the lists</u>! Please follow the link above, once you go to the site that has your IP listed, removal is usually a 1-click process. After submitting your IP for removal, the DNS is usually refreshed within the hour.

ximcix 11-07-2005 05:59 PM
Quote:
Originally Posted by eoc_Jason
Each list is maintained by a separate group of people. Most are automatic testing scripts that look for certain ports and test to see if they can connect properly. I've noticed that the CBL list seems to generate a lot of false positives, and also contains a lot of stale data. (i.e. I had one IP that was last checked over 6 months ago and it was listed!)

Sites like the one you posted above is not considered an exploited proxy since they are offering the service. If you don't want users using that service than simply block their IPs as usual.

I modified my script slightly to help people that were experiencing errors. Basically I changed the line in the code to add the IP address as such:

PHP Code:
eval(standard_error(fetch_error('OPM_Deny',IPADDRESS))); 
Then modified my phrase as such:

Code:
<p><b>Sorry, but you do not have access to this forum!</b>
<p>The reason is you are trying to access this site via a <b>Blacklisted Open Proxy</b>! If you are using a dynamic IP you probably just got dumped with one that a person abused before you.
<p>Fear not! You can find out more info about where your IP is blacklised (and removal) via the <a href="http://www.spamhaus.org/query/bl?ip={1}">Spamhaus Website</a>.
<p>The IP in question is: <b>{1}</b>
<p><b>DO NOT</b> contact us about being removed, <u>we do not control the lists</u>! Please follow the link above, once you go to the site that has your IP listed, removal is usually a 1-click process. After submitting your IP for removal, the DNS is usually refreshed within the hour.
Thanks. I am using your script with that line intact. ;)

Robert Basil 11-14-2005 09:26 PM
Quote:
Originally Posted by eoc_Jason
Which list were the false positives coming from? I usualy found most were coming from CBL, which I disabled that code in mine. There were IPs that were last checked / listed many, many months ago. Which you would *think* would get de-listed over time, but they wern't.
Do I just comment out the line below to disable CBL?

PHP Code:
    127.0.0.4 CBL   Composite Block List @ cbl.abuseat.org 
Also, does anyone have a test online proxy I can run through to make sure it's working correctly?

TJFweb 11-16-2005 02:34 AM
I don't get this... For eoc_Jason's hack, do you just install the XML and that's it?

Is there any need to configure anything?

Thanks.

clearchannel 11-17-2005 12:38 PM
Quote:
Originally Posted by eoc_Jason
Or... Just use it for the test...

PHP Code:
if (THIS_SCRIPT=='register') { 
    OPM_proxy_check(IPADDRESS); 

I have added this snippet of code right after

*********************************************/

and before:

if ($vbulletin->session->vars['OPM'] == 0) {

Would someone be so kind as to explain where I went wrong?

I only want to check for proxies during registration.

I also have a problem with a very reliable member, they can not access the forums with this hacked installed as a stock plugin. They sent me the following:

My IP address from home is blacklisted. It is my earthlink account.
Thanks in advance

thalamus 11-20-2005 09:59 AM
Sorry if this has already been asked, but where can you put your own list of IPs? For instance, if I find IP addresses that are being used as open proxies but have not been listed at spamhaus, can I put these into my own file somewhere as a '2' value and, if so, does this go straight into the DB?

TJFweb 11-24-2005 12:15 AM
Quote:
Originally Posted by thalamus
Sorry if this has already been asked, but where can you put your own list of IPs? For instance, if I find IP addresses that are being used as open proxies but have not been listed at spamhaus, can I put these into my own file somewhere as a '2' value and, if so, does this go straight into the DB?
Please don't tell me that this hack has been abandoned already...

This could have been really big.

clearchannel 11-24-2005 03:19 PM
It appears it has. That's a shame, when security is more needed then ever.

thalamus 11-25-2005 07:28 AM
:( so I guess it means a little reverse engineering for this - has anyone else found a solution to adding unlisted IPs before I start to reinvent the wheel?

eoc_Jason 11-28-2005 08:15 PM
You can blacklist IPs in the vB Options...

Otherwise to have it work smooth with the current RBL checks you could install a DNS server locally that can be used as a local RBL.

Or you could fudge it and create an array with the list of IPs, then do a second check to see if it's in_array() and if so set the flag to block them.

I would love to develop it further, but I just don't have the time with other projects. Some things you might want to consider changing is have the check run as a shutdown query or something, so that the user doesn't have to sit and wait and get impatient if the check doesn't run quickly.

jayhawk785 12-12-2005 06:11 PM
I know some people warned that on large sites this may cause problems. I'm here to say that is VERY true. My server loads were, on average, 1.00 across the board or less. After the board started picking up more and more members, and averaging more than 20 online at a time--the load was up to 4-8 (average). I couldn't think of what the problem was, i started blaming PHP and apache lol... but that wasn't it. Just keep this in the back of your mind if you use it. I removed it, and my load on the server and page load time - is back to normal:

Page generated in 0.28239 seconds with 17 queries [Server Loads: 0.37 0.40 : 0.76]

eoc_Jason 12-19-2005 02:03 PM
If you switch the code to a shutdown query, then it shouldn't affect load as much.

Smiry Kin's 12-20-2005 02:20 AM
not sure if its just me. but when i install it, it messes up my index. and won't view it.. i disable - and perfect? :s any way to block any type of proxys?

XFSImperial 12-24-2005 03:42 AM
I experienced similar problems, completely crippled the index.php with a could not locate OPM_Deny message I believe it was. Index works fine with it disabled...

Smiry Kin's 12-24-2005 05:24 AM
maybe a offical release/fix for 3.5.2?

TMM-TT 01-02-2006 05:49 PM
I've been playing around with this code a bit and I'm not sure if this works, so I want to check with you before I say something about the code. If it works, maybe someone can help me with a product update? :)

First, I created a new table for the database (dumped with mysqlcc :)):

Code:

CREATE TABLE `proxycache` (
  `ip` varchar(15) NOT NULL default '',
  `dateline` int(11) NOT NULL default '0',
  `listed` int(11) NOT NULL default '0'
) ENGINE=HEAP DEFAULT CHARSET=latin1 COMMENT='proxycache';

And the code, for caching resolved hosts (this is a replacement for my first code actually):

PHP Code:

// #######################################################
// DNSBL/OPM Proxy Blocker for VB 3.5.2
// Based on an old script added to global.php
// Version 1.0.1 - Written by Tomas Tornevall (TMM-TT)

$timestamp time();
$cleanafter 21600;
$timediff $timestamp $cleanafter;

// Clean up old entries
$db->query_write("DELETE FROM " TABLE_PREFIX "proxycache WHERE dateline < $timediff");


// OPM Databases to use
$opmlist = array(
        "opm.blitzed.org",
        "opm.tornevall.org",
        "dnsbl.njabl.org"
        );

// Pick the data we need
$OPMremote $_SERVER['REMOTE_ADDR'];

// Make the data reversed for DNSBL
$OPMReverseRemote explode("."$OPMremote);

$reverseip "$OPMReverseRemote[3].$OPMReverseRemote[2].$OPMReverseRemote[1].$OPMReverseRemote[0]";

$proxydb $db->query_first("SELECT ip,listed FROM " TABLE_PREFIX "proxycache WHERE ip = '$OPMremote' LIMIT 1");

$proxyexist $proxydb['ip'];
$proxylisted $proxydb['listed'];

// If nothing has been added, act normal
if (!$proxyexist) {

foreach ($opmlist as $OPM) {
  $OPMResolved gethostbyname($reverseip "." $OPM);
  $OPMAnswer =  explode("."$OPMResolved);
  // Block all hosts that has been resolved to 127.0.0.xxx
  if ($OPMAnswer[0] == "127") {$opmfound 1;}
  }

}


// Manually added OPM's goes here, just in case of problems (You might want to let someone in?)
// Dont forget the $proxylisted = 0 here
//if ($OPMremote == "whatever.you.want.to.protect.here") {$OPMfound = 0;$proxylisted = 0;}

if ($opmfound == 1) {
     $db->query_write("INSERT INTO " TABLE_PREFIX "proxycache (ip, listed, dateline) VALUES ('$OPMremote', 1, $timestamp)");
     $proxylisted 1;
     } else {
     // 127.* was'nt found, so this one is'nt listed. Also check if it was found in the db. If not - add
     if (!$proxyexist) {$db->query_write("INSERT INTO " TABLE_PREFIX "proxycache (ip, listed, dateline) VALUES ('$OPMremote', 0, $timestamp)");}
  }

// If found in db, send error
if ($proxylisted == 1) {
          eval(standard_error(fetch_error('OPM_Deny')));


Any comments? Can this work? :)




Edit/050103: Just found a human-bug, that was fixed from now :)
$query_write should be $db->query_write, very sorry for that.

DementedMindz 01-13-2006 01:49 AM
seems like these are all using Front-End Error Messages if im correct... and this is no longer in vbulletin 3.5.3 can someone update these?

thedvs 01-19-2006 02:51 PM
works fine in 3.5.3 for me

Kacela 03-15-2006 12:11 PM
I would love for this to come back to life. I had been using it, and it was wonderful! The only drawback was from the "false positives", and sadly, I had to disable it - if someone could step up and code in a conditional statement that checks against a admin-entered .txt or .xml whitelist, put your PayPal link in. and I'll send some "thanks" your way... ;)

pantec 03-18-2006 04:32 PM
I am having problems changing the OPM Phrase that appears to people...

Any IDeas?

TMM-TT 04-19-2006 11:07 PM
I've just uploaded a new version...


All times are GMT. The time now is 01:15 AM.
Page 2 of 5 1 2 34 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01534 seconds
  • Memory Usage 1,880KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (6)bbcode_php_printable
  • (10)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete