For those that are interested there is a nice php script that can be added to VB to block proxies. It will write to a mysql table and check the table first for banned addresses. For you coders maybe this script here can be reworked to add these features.

http://phprbl.init1.nl/

That's the way the resolver for opm.tornevall.org works. The only problem is the cache-part for me. Does the url help in a similar way?

It's still a question of querying that data only on session (1 time) instead of global (every page load)

There's no longer a session.php. It's in class_core.php I think
I browsed the new code and came away muttering to myself...but ima noob :ermm:

I would think the best thing to do would add an extra column in the session table to do a hash of the "host" column, so you know when it changes that you need to re-check the IP.

Then add another (bool) column to store if it's an open proxy or not.

Find a hook in the session management to add in the necessary check / storing code, and you should be good to go.

Then each time a page is requested all it has to do is a quick MD5 of the current IP against the stored IP, if it's the same and it's okay, then nothing new, if it changes then make a new RBL request and go from there.

Session is a HEAP table, so it will go fast, and also clear out over time.

I could knock this out in an afternoon (assuming there are hooks in place, otherwise it would require a couple lines of manual file editing).

Easy as pie.

Well TMM I install it just to try. The idea is super, but my knowhow is a little to low for helping you out.

This option should be standard in the boardsoft a lot of us have problems with abusers who are changing proxy's within the hour.

I aplaud you TMM

Ad

Well, since there has been no reply about my concept, I'll go ahead and code a session based one like I stated above.

Your concept is good. For my purposes though I found a better solution. I hacked a couple scripts to 1) check the IP against a banned table first if not found then check the rbl servers 2) if found in the rbl servers write the blocked IP's into my .htaccess file blocking the user completely 3) customized my 403 page to display the service they are blacklisted on and provide removal instructions.

Anyone wanting the script can PM me. It would be nice if someone that was a good coder (not me) went through it refined and optimized it.

Thank you for that... I have not much knowhow about this, so if you can do it then it's great.

Ad

I'm about 99% done. All I had to do actually was add a single column to the session table labeled "OPM".

The code is flexible enough that you can add more RBL's and choose the reponse code(s) you want to blacklist. (Since not all return the same 127.0.0.x code, or the last number can have different meanings).

Yes, I could of added an additional blacklist table, however I wanted to do this quick and easy, and also this is just a realtime blackhole, not a permanent one. Though your hack (webspider) does sound worthwhile. I actually have only had to block a couple users via my firewall that were severly abusing the forum.

Anyhow, once I get that last little kink worked out, I'll post the code in this thread.

Alright, I've finished the code... My last problem was that the templates were not showing up, the issue came because the global_start hook occurs before the header & footer templates are fetched, so I had to add them in manually.

There's 3 simple steps to implementing this.

1 DB addition
1 Phrase addition
1 XML file to import

I guess this could of been a "product" or whatever to automate the DB & Phrase, but I haven't had a chance to mess with that yet, and I don't plan on supporting this, so please don't ask.

The code is simple enough, I think a person could figure out how to add additional RBLs.

Anyhow, I'm not trying to step on the original author's toes with this hack, this is just a slightly different alternative that only checks (and saves) once per session (instead of every request).