|
Quote:
It's blocked because 'tor' is in the list (monitor5.securi.net). So it did it's job. In either case, securi.net has no business accessing register.php, so the add-on did it's job. It didn't ban securi from accessing the site, it just stopped it from registering. So, re-enable the add-on. |
Quote:
I'll be recommending "tor" be removed post haste. I think we have it covered with another definition anyway. |
Quote:
Regards, Doug |
Quote:
Thanks for all the help guys... :up: Regards, Doug |
Quote:
|
Quote:
|
Quote:
Thanks again... :) Regards, Doug |
Quote:
|
Quote:
https://vborg.vbsupport.ru/showpost....7&postcount=86 |
Ok just a follow up on the Sucuri situation.
Sucuri will scan your site with several different user-agents (including the one you mentioned). During this scan, the bot will crawl through all links found in the site, and looks like it's hitting the registration link. Sucuri will not follow the robots.txt directives. Since it tries to behave as a "real user" it'll ignore that file. The only way to do it would be creating a .htaccess file to redirect SiteCheck to a 404 or a different page when hitting those forms. So you can add tor back to the list if you wish, and add this to your htaccess file. Code:
<Filesmatch "^(register)\.php$"> |
I am still curious what difference it makes if Securi is sent to the error page when it hits register.php or not?
It seems Securi is scanning pages for malware and the error page shouldn't have any malware. Or, does Securi know exactly what register.php is suppose to contain and they throw an error on their end if it contains anything else? |
I believe they just check it for malware.
|
Hey Snog... Any plans to make the filter list one per line, so it has to be exact match to get caught? Example - just had a spammer register from "Biznet" but adding this to the filter is going to catch everything that has 'biz' or 'net' in the name.
|
Yeah that would be a optimal way to do it. :)
|
Quote:
The entire word has to be matched. The word isn't broken down into smaller sections for detection. So bizmarknet would NOT be caught. But badbiznet would. |
Quote:
|
Quote:
See the difference.. BIZNET bizmarknet would NOT be caught. but somethingbiznetelse would be. |
Quote:
With "Ban Spiders by User Agent" we don't get such matches, I assume because the definitions are line by line instead of separated by commas? |
Quote:
I've found that doing it the way I do gives better protection overall. Mainly because if you decide you don't want any servers registering you just have to enter 'server'. That kills a good number of bots right off the bat. Another example would be rackcentre. Anything with that in the host name is a server. Listing each server from rackcentre would be a list 10 miles long. So with the way I do it, just entering it once kills them all. |
Let me ask you this, can it be made to have each one on it's own line without a performance issue? It would be much easier to maintain the list that way.
|
Quote:
I'll put it on the wish list for the mod. |
Cool, I would really like to see that. ;)
|
Quote:
I had problem with banning string MSIE 1, with which I tried to block old MSIE 1 users. But, today there are MSIE 10 and MSIE 11, both browsers also were blocked, as they contain "MSIE 1" in their UA. As I remember, to block only MSIE 1 we should use this string: MSIE 1. (dot at the end), as it is identified with MSIE 1.0. I wrote about it Ban Spiders thread. We need to be very careful what string we block, unless we get blocking innocent users. |
Yeah it is best to be cautious when adding things to these types of mods. :)
|
Quote:
|
So how do i collect hostnames and useragents to ban? I saw post 29 but being a newbie it means nothing to me.
Lets start with an example. I just had a spammer try to register. Their IP is 137.175.68.84 and looking at stopforumspam confirms there is a lot of spamming going on from this IP. What would be my next step (in newbie talk)? When i tried to do a hostname search using whatismyip.com, it just threw up the IP address i just posted. |
If you don't understand what's in post 29, it really can't be explained in any simpler terms.
Look up the IP at ARIN as described in post 29. In the case of that IP, you would want to ban 199-180-100-0-1 |
Got it
|
This great mod should be a built-in vb as a security and protection tool ...
|
Installed on VB4.2.2 PL2
|
You will find this is a invaluable tool on your site. :)
|
Quick question: If netzip is entered as a useragent to be blocked, will that also block NetZIP and NetZip?(i.e. Are the useragent names case sensitive in order to work for all occurrences?)
Also, what about Mata Hari vs. Mata.Hari ? If only Mata Hari is entered as the useragent, will that catch Mata.Hari as well? |
Quote:
Mata Hari will only catch Mata Hari, not Mata.Hari. |
Quote:
too me I have the same problem? What I can do to fix it. I have installed the 3.0.1 version of the mod. |
Quote:
But try putting something in both the Useragent field and the Hostname field to see if your problem stops. |
Hi Nhawk and thanks for your reply.
In the Hostname box is just full of host names. The Useragent box is empy. What I can add? Have you a list of useragents please? |
Quote:
|
Inside the Mod?
Is a new release? |
Quote:
You asked what to add to the Useragent box and I answered that. |
Ahhh sorry...
I thought you have added something in the mod. sorry... :) I go to try. |
| All times are GMT. The time now is 01:01 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|