vb.org Archive
Page 5 of 7 « First 34 5 67
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Miscellaneous Hacks - Check Proxy RBL on New User Registration. (https://vborg.vbsupport.ru/showthread.php?t=131852)

meissenation 05-25-2007 12:23 AM
Ok, I had to entirely uninstall this script. It said that it had a positive match on a user's IP address that attempted to register. WROOOOOOOOONG... the IP address resolves to a local ISP here in Detroit, MI. Crazy!

venomx 05-25-2007 12:27 AM
So?
Could that user be an open proxy or maybe one has been run before at that IP?
Did you goto Sh and look up the IP and seen what it said?

meissenation 05-25-2007 12:28 AM
I went to ws.arin.net and it resolves to WideOpenWest's IP address range.

DaNIEL MeNTED 06-01-2007 12:12 PM
Quote:
Originally Posted by meissenation (Post 1254161)
I went to ws.arin.net and it resolves to WideOpenWest's IP address range.
What's the IP?

meissenation 06-02-2007 11:33 AM
69.14.74.25

Seiyaboy 06-27-2007 11:58 PM
Can the IP Black list block a range of IPs such as 120.45.*.*?

mfyvie 07-05-2007 03:27 PM
Quote:
Originally Posted by Seiyaboy (Post 1278106)
Can the IP Black list block a range of IPs such as 120.45.*.*?
Good question, I was about to ask the same thing. Most of my registrations are inside Switzerland, and I was getting a couple of addresses inside dynamic ranges blocked by list.dsbl.org

Quote:
Originally Posted by DaNIEL MeNTED (Post 1226143)
Remeber the more IPs you add to the "blacklist" the longer it takes to process a registration... I'm not sure what list length will = a performance degredation.
Actually, since you are only doing a simple match here, I can't imagine that it will make TOO much off a difference. Remember this plugin in only firing on new user registrations, it's not as if it is firing on every single page. Therefore, probably not that much reason to stress :-)

Top marks on a excellent mod by the way!

mfyvie 07-12-2007 08:20 PM
Here's some unsupported and untested code that can be used to modify the current version of Proxy RBL mod (4.0) to work together with GLA (Geographic Location Awareness). This allows you to specify an additional whitelist or blacklist based on the country where the user has registered from. In my case I seem to have quite a few Swiss IP addresses listed, but most of my registrations are from Switzerland. Therefore I simply whitelist Switzerland. You can also use this so users from a certain country are always matched, regardless of whether their IP address is listed in a certain blacklist.

I haven't made a fancy user interface for this, because this is not my mod. My code is posted freely here for Daniel to consider implementing as standard. Please remember that unless you have installed and tested GLA first and it is working (details on the GLA thread), then this code won't work. Right let's get started:

Go into the AdminCP -> Plugins and Products -> Plugin Manager -> DMeNTED's RBL Checker -> Check IP against RBLs/IPs. Click the large edit box and locate this code:

Code:
      if ($DM_rblcheck_result == $DM_rblcheck_srvmask) {

            // ********************** NOTIFICATIONS **********************
Above this section insert:
Code:
// Modification to incorporate country checks into RBL checker. This will only work if GLA is already installed, tested and working
// Obtain GLA here: https://vborg.vbsupport.ru/showthread.php?t=151601
if (isset($vbulletin->session->vars['country']))
{
    // Country blacklist - enter a list of countries which are exempted from the RBL checker (use valid *lower case* ISO 2 letter codes only!)
    // See http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 for list of codes
    // example: $whitelist = array('gb', 'fr', 'it');
    $whitelist = array();
    if (in_array($vbulletin->session->vars['country_iso2'], $whitelist))
    {
        // We have a match on the whitelist, bail out of the entire plugin, but reset the variables first.
        $DM_rblcheck_result = null;
        return;
    }
    // Same as above example for whitelist. People from these countries will be flagged as positive matches, regardless of the RBL status.
    // Think carefully before using the blacklist - it is generally not recommended to ban entire countries
    $blacklist = array();
    if (in_array($vbulletin->session->vars['country_iso2'], $blacklist))
    {
        // We have a match on the blacklist, set the variables and continue
        $DM_rblcheck_result = $DM_rblcheck_srvmask;
        $DM_rblcheck_errcode = "Matched a blacklisted country: " . $vbulletin->session->vars['country'];
    }
}
This modification is untested (though it is running on my system, but I haven't had any alerts yet so I can't say 100% whether it is working). If it works for you - maybe say so. Don't forget that you have to insert the correct country codes into the code (see the comments in the code itself), and don't get to use 'quotation' marks and commas to separate multiple entries.

Now to add the country name into your reports find this line:

Code:
$DM_rblcheck_errcode = "MATCHED IN THE RBL DATABASE of the " . $DM_rblcheck_rblserv . " RBL.";
And replace with:

Code:
$DM_rblcheck_errcode = "USER FROM: $vbulletin->session->vars['country'] MATCHED IN THE RBL DATABASE of the " . $DM_rblcheck_rblserv . " RBL.";
Also, further to this post, I recommend moving the hook used for Check IP against RBLs/IPs to register_addmember_complete (and change to execution order 4 if you do this), due to the fact that multiple notifications get sent for every bot that turns up.

It might be useful to duplicate sections of code in both plugins so that blocking is done in the Check IP against RBLs/IPs plugin and notifications are done in Auto-Ban or Flag for Moderation plugin. This would avoid all the unnecessary notifications for bots that never succeed in registering anyway.

Remember, just to repeat myself again (I know some people have trouble reading instructions sometimes). Do not ask for support for GLA on this thread - install it and if it doesn't work go through every post on the GLA thread as there are steps for verifying it on that thread.

lazytown 07-13-2007 05:41 AM
Quote:
Originally Posted by DaJoker (Post 1185514)
Need to change the hook the plugin is using. It is currently using register_addmember_process, but should be using register_addmember_complete. What is happening is when it hits process, and say the user puts in the wrong captcha, doesn't match their passwords, doesn't put in a required field, etc. When you use the _complete hook it fires once the user has properly filled out the registration form. Only use this hook however if you want the registration to complete, but not get multiple notifications. If you are blocking registrations, then leave it using the process hook.
Has anyone confirmed that this works? I use the NoSpam! mod, and because of that, I get bots trying to register 6 times with their accounts banned (which is good). However, if this mod allowed NoSpam! to run first, they wouldn't even get to the point of registering an account most of the time. I believe I tried the above several months ago and it didn't work. Any suggestions at getting this to run after NoSpam! verification/etc?

Thanks
-vissa

DaNIEL MeNTED 12-24-2007 12:26 PM
Hey everyone - I apologize for the extended absence. I am back and plan on redesigning the hack with even more features.

Right now the list includes:

- Ability for blocked registrations to send a message to admins in case they feel there is an error.
- Ability for admins to whitelist IPs from the automatic posts/PMs.
- Ability to blacklist or whitelist using a mask - #.*.*.*
- Ability to ban + blacklist IP from any post for spammers that sneak through.

I'm also toying with the idea of keeping a central RBL that the RBL checker reports to on positive or manual hits...

powerbook 12-24-2007 01:28 PM
Glad to see I can once again enable this plugin on my site after the upgrade to 4.1 :up:

sinisterpain 12-25-2007 10:40 AM
recieved this error multiple times when user tryed to register
set to allow registration and ban the user if know proxy
highlighted problem

[CODE][Database error in vBulletin 3.6.8:

Invalid SQL:
INSERT INTO userban (userid, usergroupid, displaygroupid, usertitle, customtitle,
adminid, bandate, liftdate, reason)
VALUES
(2977, 8, 8, 'Banned by DM-RBLCheck', 1, ,1198585277, 0, 'Automatically
Banned. The registration IP address matched a proxy/blacklisted IP.');

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '1198585277, 0, 'Automatically
Banned. The registration IP address matched a prox' at line 3
Error Number : 1064/CODE]

Guess I should have read the above install note.
I believe I sorted this thanks

DaNIEL MeNTED 12-25-2007 12:27 PM
uhuh... the error trapping in the next version will be a little more thorough...

gsk8 12-25-2007 12:33 PM
Hi and Merry Christmas Daniel!

Somone posted the below back in May. I tried to register through youhide.com and I was able to register with no problem.

Quote:
I was just able to register perfectly fine with xroxyx.com and youhide.com and it didn't block me at all?
Is there a way to manually add these sites? I just wanted to test the system and I can't find a web-proxy that will "ban" me.... In two cases, a web-proxy site prompted me for payment before I could register. That's good news...

gsk8 12-25-2007 12:38 PM
Oh yeah, I forgot. Is there also any way to test against "existing" members to see if I have current "registered" trolls before I installed the hack? Wishful thinking, I know...but hey, it's Christmas!

DaNIEL MeNTED 12-25-2007 02:05 PM
Well... the problem is that a lot of the 'free' or 'pay' proxies out there are not listed in RBLs/SBLs... that's why I'm thinking of setting up an additional check in the next version to a custom online list of proxies. For that to work I will also be looking at adding 'reporting' features so you can submit IPs of proxies used by spammers/trolls that are not in the list...

Freezerator 12-27-2007 06:42 AM
Quote:
Originally Posted by DaNIEL MeNTED (Post 1408353)
Hey everyone - I apologize for the extended absence. I am back and plan on redesigning the hack with even more features.


Right now the list includes:

- Ability for blocked registrations to send a message to admins in case they feel there is an error.
- Ability for admins to whitelist IPs from the automatic posts/PMs.
- Ability to blacklist or whitelist using a mask - #.*.*.*
- Ability to ban + blacklist IP from any post for spammers that sneak through.

I'm also toying with the idea of keeping a central RBL that the RBL checker reports to on positive or manual hits...
Many thanks!! Your mod still rocks!

gsk8 12-27-2007 02:32 PM
Quote:
Well... the problem is that a lot of the 'free' or 'pay' proxies out there are not listed in RBLs/SBLs... that's why I'm thinking of setting up an additional check in the next version to a custom online list of proxies. For that to work I will also be looking at adding 'reporting' features so you can submit IPs of proxies used by spammers/trolls that are not in the list...
Totally understood. This is a great hack, but I can see where there is no way you could update web anonimizers without help. Check out the LONG list here!

I tested the first one (Anonymouse) twice and it appears that when someone registers in a forum through this proxy, they get an IP of 193.200.150.167. It would be good to see if several other people could test to see if the IP stays consistent. If so, it's one we could add to the list.

DaNIEL MeNTED 12-27-2007 08:58 PM
Quote:
Originally Posted by gsk8 (Post 1410142)
Totally understood. This is a great hack, but I can see where there is no way you could update web anonimizers without help. Check out the LONG list here!

I tested the first one (Anonymouse) twice and it appears that when someone registers in a forum through this proxy, they get an IP of 193.200.150.167. It would be good to see if several other people could test to see if the IP stays consistent. If so, it's one we could add to the list.
Well... I was debating how big a rewrite I wanted to do of this mod and I've decided to do a MAJOR rewrite. Looking at adding a custom RBL for those specific 'anonymous' surfing sites that don't get blocked by RBLs... I'm in the process of setting up a new site just to support this mod.

Cheers.

gsk8 12-28-2007 02:31 PM
Awesome! I'll be donating once it's in place and working :up:

DMeNTED [ff] 01-11-2008 03:04 PM
Hey Guys...

I'm about 40% complete on the rewrite, just hard finding time with some work related projects on the go. I've registered a new domain/vb license in support of this and some other projects I've got going on...

If anyone needs to get a hold of me PM/email me at this account as the other account I use ('Daniel Mented') is for the forum I admin...

Thanks and happy new year (a little late I know) to everyone!

gsk8 01-12-2008 08:49 PM
Thanks for the update! Looking forward to the new hack:up:

gsk8 01-18-2008 07:14 AM
HI,

I think you mentioned this before, but wanted a bit more info when you have time. Currently, default setting for RBLS that you have are:

dnsbl.ahbl.org
proxies.dnsbl.sorbs.net
list.dsbl.org

Does the "proxies.dnsbl.sorbs.net" also encompass the spam? It appears not to, but I could be wrong. I was trying to research it, but I'm techy enough to "get it". Here's the URL I'm referring to: http://www.us.sorbs.net/using.shtml

Paula

DMeNTED [ff] 01-18-2008 09:51 AM
It depends on the context. All RBLs are really designed to stop email spammers. What we're interested in is preventing vb spammers that are taking advantage of the same 'compromised servers' to pump spam into forums...

Most spammers try to use proxies to obfuscate their IP/location/etc. So blocking proxies is helpful in that regard.

gsk8 01-19-2008 08:23 PM
I think you misunderstood :) BTW, I LOVE the proxie blocker! My question is:

Does the "proxies.dnsbl.sorbs.net" also encompass the spam addy (spam.dnsbl.sorbs.net) for Sorbs?

They have a huge list, and I just wanted to make sure I was covered, so to speak :)

EricGT 01-20-2008 05:48 PM
Hello. This might be a stupid question, but I am new to this plugin and I am not sure how it works. When I try to view in a browser the urls for the RBLs listed in the config for this plugin, I get 'Server Not Found' errors for all three of them. Does this mean those pages are not working, or is a protocol other than HTTP being utilized to communicate with those sites? Thanks for a great plugin, BTW. Eric

TheInsaneManiac 02-04-2008 02:51 PM
I just went to fbiproxy.com and registered on my website and nothing happened, no error message no awaiting moderation. I also configured everything correctly.

DaNIEL MeNTED 02-09-2008 10:39 PM
Quote:
Originally Posted by EricGT (Post 1425315)
Hello. This might be a stupid question, but I am new to this plugin and I am not sure how it works. When I try to view in a browser the urls for the RBLs listed in the config for this plugin, I get 'Server Not Found' errors for all three of them. Does this mean those pages are not working, or is a protocol other than HTTP being utilized to communicate with those sites? Thanks for a great plugin, BTW. Eric
Those are DNS server addresses - the RBL checker performs a dns query against those servers and if it receives a match (typically 127.0.0.x) it blocks registration... If the ip isn't listed with the RBL specified then it doesn't return a 127. response...

Quote:
Originally Posted by TheInsaneManiac (Post 1436128)
I just went to fbiproxy.com and registered on my website and nothing happened, no error message no awaiting moderation. I also configured everything correctly.
Anon- web surfing sites do not get added to RBLs... the next version of the product will include a solution to that particular 'hole'.

Cheers.

gsk8 03-06-2008 12:55 PM
Quote:
Anon- web surfing sites do not get added to RBLs... the next version of the product will include a solution to that particular 'hole'.
How are you coming along with that? Any projected release date? :D

rinkrat 04-03-2008 05:52 PM
This catches people every single day on my site. I google their email address and sure enough I find spam on several other VBulletin sites that they have left.

This is one of the best hacks available for a popular site or one with a good Google ranking.

Hendrizius 04-08-2008 11:29 PM
Thanks for this mod.

I have those RBLS:
dnsbl.ahbl.org
proxies.dnsbl.sorbs.net
list.dsbl.org
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
dnsbl.njabl.org

I just checked and tried to register using a proxy (hidemyass.com). A very popular one. I was able to complete registration. Does that mean my RBLs are wrong ? ^^

edit: I got a lot of PMs today. So it seems to be blocking users. However I really wonder why hidemyass.com is not blocked ><

StevenTN 04-25-2008 02:36 AM
You can add it manually to the known proxies list.

pedigree 04-25-2008 04:09 PM
not trying to thread steal but I just finished working on a RBL of known forum spammers. vbStopForumSpam, which does lookups (at registration) from www.stopforumspam.com

I run a small forum and its stopped all the new registrations since I installed it :)

StevenTN 04-25-2008 06:33 PM
Well, it's all cool and stuff. But, I like the RBL method used here, considering I have a larger forum, and it catches about 8-10 a day with a 99% accuracy rate. There are some false positives, which is due to some of them coming from spam zombies, but you're going to have that anyway. In those cases, we give an alternate method of registration that involves human intervention. New members that are legit do go for that option.

Also, this addon does handle proxies.

webspider 04-30-2008 02:50 PM
I'm hoping we'll see a version for 3.7

rinkrat 04-30-2008 02:56 PM
This version works on my 3.7

webspider 04-30-2008 03:18 PM
Thanks that good to know.

Does anyone have a good list of RBL's and Known Proxies IP's?

Tom1234 04-30-2008 03:50 PM
Quote:
Originally Posted by mfyvie (Post 1289436)
Also, further to this post, I recommend moving the hook used for Check IP against RBLs/IPs to register_addmember_complete (and change to execution order 4 if you do this), due to the fact that multiple notifications get sent for every bot that turns up.

It might be useful to duplicate sections of code in both plugins so that blocking is done in the Check IP against RBLs/IPs plugin and notifications are done in Auto-Ban or Flag for Moderation plugin. This would avoid all the unnecessary notifications for bots that never succeed in registering anyway.
Was this idea implemented in the latest version?

DaNIEL MeNTED 04-30-2008 04:31 PM
Quote:
Originally Posted by gsk8 (Post 1458482)
How are you coming along with that? Any projected release date? :D
None as of yet... I'm in the process of selling my house so time is at a bit of a premium. I hope to have a beta for testing by the end of may... I've built it so its fully customizable.

IP black list/white list...
country blacklist/whitelist...
configure as many RBLs as you want...
configure specific response codes to the RBLs...

Everything is based on weighting... so you set a score you want to block at and then set 'confidence' levels for SCLs... if an IP's score > your threshold then a block/ban/etc. gets fired.

I'm also working on a system where when a forum blocks an IP it get added to a central DB, so everyone can benefit from a site's positive blocks...

Also built in a user-context menu 'ban as spammer' and 'ban as troll'...


Quote:
Originally Posted by webspider (Post 1503466)
I'm hoping we'll see a version for 3.7
The next version will be tested on both 3.6/3.7

DaNIEL MeNTED 04-30-2008 04:34 PM
Again... sorry for the delay in responding. I admin one forum, volunteer code for a couple of organizations, and lately have been traveling to trade shows for work.

I don't really like coding in dribs and drabs... I'm hoping I can dedicate a week to finishing up a beta for testing this month.

Cheers.


All times are GMT. The time now is 12:45 PM.
Page 5 of 7 « First 34 5 67
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01506 seconds
  • Memory Usage 1,857KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (14)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete