DNSBL/Open Proxy-Blocking

History

I've had some problems with abuse via open proxies for a time ago, and when we were banning abusers, they always found a new proxy to use and register new accounts with. Since this forum was a large type we could'nt just ban e-mails etc just like that, because this was leading to a very large amount of other banned users too.

At IRC, in the other hand, we had Open Proxy Monitors, that was banning everything that was blacklisted in some DNSBL-databases. No spammers had a chance to get in there as long they were listed in such database.

This is a plugin that blocks blacklisted hosts from some different DNSBL's. It uses the global_start-hook, a very simple handler for blocking proxies, and a vBphrase called OPM_Deny.


April 2006

The source has been rewritten a bit. The proxychecker is now using a cache that, by default, stores all ip's in a database for 6 hours. It scans some DNSBL's and can be configured to block proxies from bitmasks (defined in the plugin) which makes it a little bit more reliable, because it does'nt block everything it see).

Configuration is made from the plugin (hopefully there will be a nice admin interface in the future). Exceptions (ip's that can pass through this system even if it is a proxy) are also handled differently now.

// CHANGES
//
// 2008-09-20 (2.0.8)
//
// * Changed the routines for how to handle inclusion/exclusions
// * Splitted up plugins for 3.5/3.6 and 3.7
//
// 2007-08-05
//
// * Fixed reported bug, based on resolved hosts ending with 127
// * Changed database-tables to get rid of (hopefully) duplicate keys
// * Added resolver-function
// * Added two new block-methods available at the efnet-rbl
//
// 2006-06-28 (2.0.6/Another fix)
//
// * Proxyinclusions/exclusions didn't work properly
//
// 2006-06-28 (2.0.5/Fix only)
//
// * Fixed a bug in the $block-array that affected some of the blocking results
//
// 2006-06-28 (2.0.4)
//
// * opm.tornevall.org has a new entry for anonymizers, added support for this
// * Default value on "block everything detected" in plugin changed to "no"
//
// 2006-06-26 (2.0.3)
//
// * Created options for admincp (removed plugin-configuration)
// * Fixed a bit-bug for njabl
// * Plugin is now a function (rbl_livecheck) for external lookups
// * Added options for "only block on newuser-registrations"
//
// 2006-06-22 (2.0.3 RC)
//
// * The monitor is now a function
// * Added small compatibility with other plugins (with return)
//
// 2006-05-13
//
// * sorbs zones added (no bitmasking)
// * opm.blitzed.org removed
// * time() changed to TIMENOW
//
// 2006-04-21
// ==========
//
// * proxyinclusions
// quickly add own hosts that should be treated as a proxy
//


How does it work with other vBulletins?

This filter actually works with both 3.5 and 3.6, but for now, they will be separate versions, but for 3.5 and 3.6 you should look here and for 3.7 you should look here.


How to use the compatibility thing

If you have a plugin that you want to use together with the proxy monitor (only returns a value if a an ip-address is registered as a proxy or not) you can call the function rbl_livecheck like this (example):

PHP Code:

global $rblInstalled;

if ($rblInstalled) {
$remoteIsProxy = rbl_livecheck(1, $_SERVER['REMOTE_ADDR']);

//
// .. your code here ..
//

} 


Report bugs if you find them...



Don't forget to install it

[bulbasnore]

Quote:

Originally Posted by TMM-TT

The ip I got from that site when I tried to use it, was added to Tornevall DNSBL at 2007-11-02. Maybe you have the wrong settings for the plugin?

You should enable the option "opm.tornevall.org: Block anonymizers".

I was saying it worked! Its good!

Thanks for your response. If I want to whitelist a network, can I do it with a CIDR mask?

8.7.68.0/22

Like that?

[TMM-TT]

Quote:

Originally Posted by bulbasnore

I was saying it worked! Its good!

Thanks for your response. If I want to whitelist a network, can I do it with a CIDR mask?

8.7.68.0/22

Like that?

I have been thinking of that before, so that may be released in the next version if I can make it work


Edit:

Quote:

Originally Posted by bulbasnore

worked on http://hidemyass.com

Quote:

Originally Posted by bulbasnore

I was saying it worked! Its good!

NOW I saw that...!

[aleclee]

I'm having a false positive problem on my forum where a lot of the blocked IPs only turn up as open relays on http://dnsbl.tornevall.org/scan.php

I'd like to allow them to access my site. I have checked all the "no" boxes involving relays and have also limited my blacklist hosts to opm.tornevall.org. Finally, I've added their Class B subnet (e.g., 123.231.*) to the "Exclude from monitor" list.

What else do I need to do to get these folks back up on my board?

thanks!

[TMM-TT]

I'll make the exclusion-system more sensitive. I haven't fixed the subnetting/CIDR-checking yet, but at least I will do something about the wildcarding. There will be a 2.0.8-release in a moment

[TMM-TT]

Done!

And there's a specific version for 3.7 now, since I don't like changing the xml-content for every release.

[bulbasnore]

Would love a log feature for this... the timestamp, ip and if present, the screenname.

[TMM-TT]

Got it and added to my planlist!

http://forum.tornevall.net/project.php?issueid=992

[Zaraki]

sorry the stupid question, but do we just install this addon on vBulletin?

do we need to configure anything?

[Zaraki]

oh and on which category do I install this?

admin_index_main1?

Or somewhere else?

[TMM-TT]

FYI: Time to change the blitzed bitmask, perhaps?

http://www.stopforumspam.com/forum/v...ic.php?id=2224

The DNS Blacklist has also been updated:

• Live reporting from scrapers
• DNS runs on MySQL so everything reported goes live immediately
• Daily statistics about added and removed hosts