Miscellaneous Hacks - Check Proxy RBL on New User Registration.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:

1. Nothing, the registration continues as normal.
2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
3. Registration continues as normal, but the user is automatically permanently banned.
4. Registration is blocked, an error message is displayed to the user.

Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?

1. Create a user from which PMs, Posts, etc. will be generated.
2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
3. Install the attached product.

IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

[The Finman]

Actually, I only use sbl-xbl.spamhaus.org

I get 4-5 a day.

My original intent was simply to block people from using proxies, and as I stated in my earlier posts, I had one nut case that had been using rotating proxies and this stopped him cold. He spent two days trying to get back in, and by judging the E-mails I got from him...he was hoping mad.

But yeah, the pleasant side effect has been stopping the spam bots. I never realized I had so many. I rarely got them when we used UBB, and I don't know if was the CGI versus PHP thing, but I suspect it's just the difference in the popularity of vBulletin.

[Freezerator]

Nice hack, works as it should!

Saves my mod's some work deleting those spammers.
Thanks!

[Steeler Nation]

This hack is a god send

THANK YOU

[PinkDaisy]

Sounds like a great hack!!

I have a question tho, if theres a site that we know that 'anonyminizes your IPs' does that count as this ?? And do I just add the webstite url to the list in the admincp??

[Eagle Creek]

So : When somebody tries to register, and he is using a proxyserver, registration is denied? Am I right?

[Tom1234]

Quote:

Originally Posted by DaNIEL MeNTED

If you're getting multiple hits that close together I'm going to assume you're getting hit by a spam bot as I haven't had too many other reports of multiple hits like that... I've looked through the code and can't see anything that would cause it.

I am still seeing this problem also on most RBL matches - 4 or 5 tries usually within a minute or two of each other. I have it set to allow the registration upon an RBL match, so I don't see how it can be a spam bot. As far as they can tell, the registration is successful so further registrations using the same user name and email address should be denied, but also unnecessary.

I moderate all new registrations also. Maybe that gives a clue into the problem.

[DaJoker]

Need to change the hook the plugin is using. It is currently using register_addmember_process, but should be using register_addmember_complete. What is happening is when it hits process, and say the user puts in the wrong captcha, doesn't match their passwords, doesn't put in a required field, etc. When you use the _complete hook it fires once the user has properly filled out the registration form. Only use this hook however if you want the registration to complete, but not get multiple notifications. If you are blocking registrations, then leave it using the process hook.

[berayiwu5]

I've installed this hack on our board for about a month now. It has successfully identified and blocked all 3 malicious registrations we've had so far. (We are not a large community.) It's not perfect, since it has blocked a nonmalicious one as well. But it comes in handy for us webmasters, since we no longer need to use rather subjective criteria for determining which ones are malicious. Nice mod overall. :up:

[lazytown]

Is there any way we can get this to work for user LOGINS and not just new registrations? The problem I have is users can easily guess other's passwords and essentially hack their way in that way (sometimes with just 1 or 2 tries because VB does not enforce safe passwords). Even if it didn't ban them but just blocked them from logging in with a proxy IP that would be great.

I would be willing to donate $$$ for such a modification in the next couple days.

-vissa

[Damien001]

Based on your configuration the RBL Checker will then perform one of these three actions:

1. Nothing, the registration continues as normal.
2. Registration is blocked, an error message is displayed to the user.
3. Registration continues as normal, but the user is automatically permanently banned.

could there be a forth option where the user is registered but the account lays dormant until and admin has aproved it?