Miscellaneous Hacks - Check Proxy RBL on New User Registration.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:

1. Nothing, the registration continues as normal.
2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
3. Registration continues as normal, but the user is automatically permanently banned.
4. Registration is blocked, an error message is displayed to the user.

Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?

1. Create a user from which PMs, Posts, etc. will be generated.
2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
3. Install the attached product.

IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

[powerbook]

Glad to see I can once again enable this plugin on my site after the upgrade to 4.1 :up:

[sinisterpain]

recieved this error multiple times when user tryed to register
set to allow registration and ban the user if know proxy
highlighted problem

[CODE][Database error in vBulletin 3.6.8:

Invalid SQL:
INSERT INTO userban (userid, usergroupid, displaygroupid, usertitle, customtitle,
adminid, bandate, liftdate, reason)
VALUES
(2977, 8, 8, 'Banned by DM-RBLCheck', 1, ,1198585277, 0, 'Automatically
Banned. The registration IP address matched a proxy/blacklisted IP.');

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '1198585277, 0, 'Automatically
Banned. The registration IP address matched a prox' at line 3
Error Number : 1064/CODE]

Guess I should have read the above install note.
I believe I sorted this thanks

[DaNIEL MeNTED]

uhuh... the error trapping in the next version will be a little more thorough...

[gsk8]

Hi and Merry Christmas Daniel!

Somone posted the below back in May. I tried to register through youhide.com and I was able to register with no problem.

Quote:

I was just able to register perfectly fine with xroxyx.com and youhide.com and it didn't block me at all?

Is there a way to manually add these sites? I just wanted to test the system and I can't find a web-proxy that will "ban" me.... In two cases, a web-proxy site prompted me for payment before I could register. That's good news...

[gsk8]

Oh yeah, I forgot. Is there also any way to test against "existing" members to see if I have current "registered" trolls before I installed the hack? Wishful thinking, I know...but hey, it's Christmas!

[DaNIEL MeNTED]

Well... the problem is that a lot of the 'free' or 'pay' proxies out there are not listed in RBLs/SBLs... that's why I'm thinking of setting up an additional check in the next version to a custom online list of proxies. For that to work I will also be looking at adding 'reporting' features so you can submit IPs of proxies used by spammers/trolls that are not in the list...

[Freezerator]

Quote:

Originally Posted by DaNIEL MeNTED

Hey everyone - I apologize for the extended absence. I am back and plan on redesigning the hack with even more features.


Right now the list includes:

- Ability for blocked registrations to send a message to admins in case they feel there is an error.
- Ability for admins to whitelist IPs from the automatic posts/PMs.
- Ability to blacklist or whitelist using a mask - #.*.*.*
- Ability to ban + blacklist IP from any post for spammers that sneak through.

I'm also toying with the idea of keeping a central RBL that the RBL checker reports to on positive or manual hits...

Many thanks!! Your mod still rocks!

[gsk8]

Quote:

Well... the problem is that a lot of the 'free' or 'pay' proxies out there are not listed in RBLs/SBLs... that's why I'm thinking of setting up an additional check in the next version to a custom online list of proxies. For that to work I will also be looking at adding 'reporting' features so you can submit IPs of proxies used by spammers/trolls that are not in the list...

Totally understood. This is a great hack, but I can see where there is no way you could update web anonimizers without help. Check out the LONG list here!

I tested the first one (Anonymouse) twice and it appears that when someone registers in a forum through this proxy, they get an IP of 193.200.150.167. It would be good to see if several other people could test to see if the IP stays consistent. If so, it's one we could add to the list.

[DaNIEL MeNTED]

Quote:

Originally Posted by gsk8

Totally understood. This is a great hack, but I can see where there is no way you could update web anonimizers without help. Check out the LONG list here!

I tested the first one (Anonymouse) twice and it appears that when someone registers in a forum through this proxy, they get an IP of 193.200.150.167. It would be good to see if several other people could test to see if the IP stays consistent. If so, it's one we could add to the list.

Well... I was debating how big a rewrite I wanted to do of this mod and I've decided to do a MAJOR rewrite. Looking at adding a custom RBL for those specific 'anonymous' surfing sites that don't get blocked by RBLs... I'm in the process of setting up a new site just to support this mod.

Cheers.

[gsk8]

Awesome! I'll be donating once it's in place and working :up: