|
Check Proxy RBL on New User Registration.
Check Proxy RBL on New User Registration Version 4.1
Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code. What does this hack do? Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
These options are configurable in AdminCP > Options > DM-RBL Check on Registration. Why Block Proxies? Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy. How do you Install?
What is the default config? By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls. You can modify the settings in the AdminCP to Ban or Block as you like. Hack History: Version 4.1 - Fixed SQL Injection security hole. - Fixed some minor typos in automatically generated messages. Version 4.0 - Added ability to specify error reported on blocks. - Added ability to specify ban reason and custom title. - Added ability to move users to "pending moderation" group if registration is allowed. - Updated list of RBLs checked based on testing with lists of "anonymous" proxies. - Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4) Version 3.2 - Fixed typo causing blocked registrations to be reported as allowed. Version 3.1 - change in variable name in v3.0 broke RBL checking. Corrected error. - match notification now includes the name of the RBL that matches the IP. Version 3.0 - plugin now fires at "register_addmember_process" allowing the user to completely fill in the form. - Added the ability to specify more than one RBL. - Added option to specify whether registration is blocked or allowed to complete. - Added option to automatically ban registrations that are allowed to complete but have a positive IP match. - Added option to specify user who is "notifier". - Added option to specify a forum where a notification thread will be created. - Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list. - Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers. - Reworded Phrases. - Removed 10.x.x.x IP from known proxy/anonymizer list. version 2.0 - Added configuration options under vboptions > DM-RBL Check on Registration. - Added PM on Block. - Added option to select RBL. - Added Custom Whitelist. - Added Custom Blacklist. - Added list of free proxies. - Changed default RBL to sbl-xbl.spamhaus.org - Added option to enable/disable checking. version 1.0 - added plugin to check against opm.tornevall.org - added custom phrase to be reported as error on registration start. Using this Hack? If you install this hack please click "Installed" to receive updates. If you find this hack useful you can always hit that paypal button too... |
Reserved.
|
Thnx, for your first hack....:) First install! :up: Oops..mean first reply.
|
Quote:
|
where are options?
have options? More information please ;) |
Hey guys... thanks for the feedback.
I had written this hack quickly but I agree there was room for improvement. I have uploaded a new version - much improved. Quote:
Quote:
There is a custom whitelist / blacklist to which you can add IPs. There is also a "known proxy" list that contains the IPs of sites like "the cloak" or "proxify". I will add to that list with each update. Also, I've been having some issues getting opm.tornevall.org to resolve addresses so I've replaced the default with sbl-xbl.spamhaus.org which is a much more well known RBL. Quote:
DL and install the new product and check in your ACP > VB Options. There should be an entry. I've also added the ability to PM user(s) when an IP gets blocked. Thx Guys! |
I like the new options, thanks! :)
|
I installed this and then fired up Hide IP Platinum and with various IP's ranging from Slovakia to Saudi Arabia was still able to register successfully on my forum with fake id's.
I don't know much about what, who or how Hide IP works, but whatever it is doing, it's getting past this - any ideas how to circumvent it too? Great idea though, thanks. |
Quote:
I guess its debatable on whether or not they should... I'm looking into different RBLs to see if I can find one that hits those ranges. |
maybe this product can expand to also allow multiple ip checking sites.. not just 1.. also Custom msg explaining why the registration was denied with admin option to enable or disable it. The msg would show in format of vbulletin error msg instead being PM one..
my 2cents.. otherwise this is great idea for a product. Looking very promising.. maybe it could evolve into some front-end security suite for vbulletin, but who knows.. its me just dreamin. |
Quote:
There is an error message that is displayed to the user in the standard vb error display format. You can edit exactly what it says by editing the phrase DM_found_in_rbl. The PM option allows you, as an admin, to receive a PM with the IP when its blocked. I will look at adding multiple RBLs in the next version. |
oh sweet.. just got confused by what the options were for.. since there was no clear explanation.. :)
can the PM options have drop down menu and let you chose PM or EMAIL? You can solve that by making one line option with multiple boxes.. example "Notify Following UserID's [enter userid# here] by [drop down box with options EMAIL/PM] about failed registrations" and user id "0" would disable that whole option. |
Isn't the sbl-xbl.spamhaus.org blacklist a list of IP's that are used by email spammers? I'd expect that to be successful for blocking email spam, but that is not the same as blocking anonymous http proxy sites like Proxify.
countrycheck.com used to try to keep track of anonymous http proxy servers, but they seem to have gone out of business. Their site has contained just an error message for a few weeks now. |
Quote:
spamhaus.org rolls up a number of other RBLs. You can also specify whatever RBL you want to use. |
Which Spamhaus (or other source) RBL contains anonymous http proxy servers?
|
When you say open proxy, does that mean aol is not blocked?
|
Quote:
Quote:
Obviously many of those open proxy IPs reflect mailservers but I have had some success with IPs found googling "anonymous HTTP proxy" getting blocked. I'm still looking for a proper list of anonymous web proxies. Quote:
That is correct - AOL is not blocked because it is proxying for its customers. |
I have been doing some testing with different RBL's and google'd lists of open proxy servers... so far list.dsbl.org seems to return the most "hits" for known proxy IPs.
I will be testing it out to see if I get any false positives and may update the product to use it as a default... more info: http://dsbl.org/main |
Wow, this has actually been really effective sinced I installed it a couple of days ago.:up:
My only recommendation would be maybe an option that let you designate a post notification in the forum choice of the Admin (such as a Private Forum for mods and/or admins), instead of the PM notifiications. The AE multiple account detector does that. Other than that, good job! :up: I've combined this with other proxy hacks (such as Paul M's Proxy to Real IP hack) with some good success. :) |
Quote:
|
Quote:
Thank you to both you and Paul M for your mods! :cool: |
Hi Daniel, hope this is as awesome as it sounds. It looks great as it stands, and should solve my recurring proxy issues... I don't think my members are too creative with their proxy choices, but I guess I am about to find out :p
I too would really like to see a blocked-ip-to-post feature, if another signature on the list helps any. Ed; Knowing nothing about proxy RBLs, I have to ask - why not make it possible to list multiple RBLs, so we don't have to rely on just spamhaus or just another one, when we could just stick multiple servers up? I don't claim to be a pro, but I would expect that blocking the same IP twice because of duplicate entries would not have any effect. |
Quote:
Hey there... I will be adding a "post a thread" option when I update the hack (probably after the holidays as I'm insanely busy with real work (tm) and life in general). I will also be adding an "email" option as well for those that want it. I haven't considered multiple RBLs but can... It shouldn't be that much effort to code. The main reason I haven't is that most of the larger RBLs amalgamate the data from smaller ones... so listing 3 or 4 RBLs will get you the result of listing the biggest, most inclusive one. |
Hi Daniel! No rush ;) vB modding is a hobby after all. I might see if I can cobble something together myself, because my PM box is cramping up a lot.
For people curious about the efficiency of this mod, I have had a reasonable amount of trouble with people from obscure ISP's, particularly one large one in Italy, getting blocked. However, it is very easy to ask them their ISP when they complain, then google the ISP and find out that it is not a proxy. Then I manually create their account via the adminCP, making sure to set the "IP on Registration" as well so it is no trouble to ban them if they act up. It takes about 5 minutes of my time, and it has happened 3 times since I installed. Of those three times, two of the new users bought subscriptions to my site because they were so impressed with the care I took to help them out ;) If you have an Italian board, I don't recommend this mod. There is a big Italian ISP that is marked by spamhaus because its dynamic IP system can be used by spammers (or something like that. Don't ask me, I'm an English teacher, not an IP person.) |
Hey Daniel,
Thought you users might get a chuckle out of the way I set it up. I created a user called "Troll Stomper" and he's set up as the chosen "informant" member for both your Proxy RBL Checker and the Multiple account login detector (AE Detector). Now whenever your Proxy RBL Checker detects either someone using a proxy, or a spam bot trying to register...our Mods get this PM. https://vborg.vbsupport.ru/external/2009/02/1.gif http://www.ronaldreagan.com/current_...stomper_pm.gif He also shows up in the Private Forum if the Multiple Account (AE) Detector gets tripped and posts the alert as a thread. My Mods also had a suggestion that doesn't seem that relevant to me, but they said they would like to know what username the person or bot tries to use. I don't see how that info would be very relevant, but they indicated they would like it as it would help them recognize a problem user if they do manage to switch their IP into one that was not listed (basically recognizing them if they try using the same username). Anyway, it's been great as it is not only stopping trolls trying to use proxies to bypass bans, but it's also stopping the spam bots right at the door as well. https://vborg.vbsupport.ru/external/2011/01/19.gif |
I really want the username and email the blocked IP tried to register from to be included in the PM. Actually, the way I want it to work is for a new thread to be created in a specified forum. In the first post of the thread would be the IP as well as the hostname the IP resolves to, the username and email address the IP tried to register with, and the blacklist that pegged the IP.
Subsequent registration attempts from the same IP would appear as replies in the thread and would only list the username and email the IP tried to use. Some of this is within my abilities so if I ever get time (hahahahahaahaha) I will try to set it up myself, but I am at best a no-talent hack at this stuff. I'm not even sure I can get it to detect the name and email :p |
Quote:
That would be awesome! https://vborg.vbsupport.ru/external/2011/01/19.gif I think that was what my Mods were asking for...they just didn't state it as clearly as you just did. ;) |
Hi Guys --
I can look into adding that as a feature for the next run - right now the hack hooks in to register_start which means for anyone who is registering from a blocked IP they don't get to enter ANY information before being blocked. Now that you mention it... it might be a good idea to let them get far enough to enter a username/email so they can be tracked. Also - I love the Troll Stomper thing, can you shoot me a link to that avatar? |
This is just what I was looking for, thanks so much and I hope it helps me a bit..
|
Quote:
|
Quote:
|
Can you consider adding an option that when you add an IP address to the Blacklist, you are no longer notified about that IP as attempting to register.
I'm getting bombarded by a few persistant and consistant IP's and since they're now in my Blacklist, I don't care to know about their registration attempts via the PM notifications. One of them is 216.145.49.15 which resolves to 'snv-global1.corp.yahoo.com' - anyone know if that is a legit one - if so I can add it to my Whitelist. I'm suspicious that it's a bot or something tripping up on it, but I'm not sure. Thanks in both cases! |
Feature Request: The ability to do the checking for DNS BL upon registration, but in a non-blocking mode. That is, give the option for what to do to the admin. I would very much like to do a dry run to see how things lie for me, prior to enabling this in full blocking mode. I had the plugin installed, and it was rejecting some users at login. Yes, they were using proxies, and I can easily add them to the white list, however I'd like to get a baseline without blocking out a lot of users right off the bat.
Until then, I've had to uninstall the plugin. |
It shouldn't block people at login as it only fires at register_start.
I'll look at adding a report/block option. |
I couldn't reproduce my users' problem. It might be useful to include the URL that the user was getting blocked on, that way if there is a user who is having a problem, we can better help them.
Also, in the default list of "Known Proxies" is "10.237.44.144", which is an RFC1918 Non-routable ip address (as are 192.168.x.x addresses). It'll never trip, but it's also probably not a good idea to include ip addresses that often exist in corporate private networks. One more thing (sorry sorry, i know that you do this in your free time, but I want to help you make it the best it can be), The "RBL Match Mask" only allows to match against the first octet (I haven't tested this, but it's what it says). It would be useful if we could provide a list of things to match against. Different DNSBL's return different 127.0.0.x addresses, which indicate the type of host that is matching. From http://www.spamhaus.org/sbl/howtouse.html, Quote:
http://www.njabl.org/use.html Quote:
I think it's dangerous just to blindly use a DNSBL without making sure that you want to block everything it has to offer. In the context of a bulletin board system, you might not want to block the same hosts that you'd block in the context of an anti-spam system. |
I have removed the 10. IP from the list of "known proxies" .. I suspect that was a typo on my part. The RBL mask currently only matched the first octet because various RBLs have various return codes - all varieties of 127.0.0.x
If you want to be granular to the point of the last octet then the benefit of using more than one RBL - which was requested by several people - goes out the window as no 2 RBLs tend to use the same definitions. I - for one - am looking at a more "inclusive" matching pattern. That being I would rather block people that shouldn't be than allow trolls in... the function of a whitelist allows you to specify IPs that are erroneously getting blocked. |
Quote:
Quote:
Quote:
Quote:
Quote:
Thanks for all the positive feedback guys... what started as a quick and dirty hack for my own forum is actually getting to be a decent hack. |
Quote:
How about this idea: It could come, preconfigured, with a good number of common SBLs. For each of these, the admin has the ability to choose open proxies, spammy servers, dial-up networks, etc etc. Additionally, give the ability to add their own SBLs with their own options for matching against there. I think it might give many admins a false-sense of accomplishment once they install this and start blocking lord knows what, but believe that they're only bad things (The plugin name says block proxies, but in reality it is blocking far more than just proxies). It's widely known that large American broadband networks are responsible for a great deal of spam, and a good number of these block-lists include those subnets. I'm afraid of doing a disservice to the users if we choose to just blindly block everything. I think that for this plugin to truly be successful, the admin should be able to finely tune what is and isn't blocked. If you've got a forum with tens of thousands of users, with hundreds of signups a day, whitelisting things would be almost certainly unmaintainable. As for trolls and whitelisting, how are you going to know if someone is a troll or not before they've even posted anything? What indicators should be used to go ahead and whitelist one IP over another? I think that in order for our individual communities to grow, it's like dealing with spam in that it's important that we make sure that all the good guys can get in, even if that means some cruft gets in on occasion. I'd rather ban 2 or 3 trolls a month, than waste my time trying to figure out if 233.44.23.XX is going to be a troll or not, over and over and over again. |
Quote:
Thanks Daniel! https://vborg.vbsupport.ru/ |
Quote:
|
| All times are GMT. The time now is 12:48 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|