The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Check Proxy RBL on New User Registration. Details »» | |||||||||||||||||||||||||||
Check Proxy RBL on New User Registration.
Developer Last Online: Jul 2014
Check Proxy RBL on New User Registration Version 4.1
Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code. What does this hack do? Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
These options are configurable in AdminCP > Options > DM-RBL Check on Registration. Why Block Proxies? Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy. How do you Install?
What is the default config? By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls. You can modify the settings in the AdminCP to Ban or Block as you like. Hack History: Version 4.1 - Fixed SQL Injection security hole. - Fixed some minor typos in automatically generated messages. Version 4.0 - Added ability to specify error reported on blocks. - Added ability to specify ban reason and custom title. - Added ability to move users to "pending moderation" group if registration is allowed. - Updated list of RBLs checked based on testing with lists of "anonymous" proxies. - Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4) Version 3.2 - Fixed typo causing blocked registrations to be reported as allowed. Version 3.1 - change in variable name in v3.0 broke RBL checking. Corrected error. - match notification now includes the name of the RBL that matches the IP. Version 3.0 - plugin now fires at "register_addmember_process" allowing the user to completely fill in the form. - Added the ability to specify more than one RBL. - Added option to specify whether registration is blocked or allowed to complete. - Added option to automatically ban registrations that are allowed to complete but have a positive IP match. - Added option to specify user who is "notifier". - Added option to specify a forum where a notification thread will be created. - Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list. - Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers. - Reworded Phrases. - Removed 10.x.x.x IP from known proxy/anonymizer list. version 2.0 - Added configuration options under vboptions > DM-RBL Check on Registration. - Added PM on Block. - Added option to select RBL. - Added Custom Whitelist. - Added Custom Blacklist. - Added list of free proxies. - Changed default RBL to sbl-xbl.spamhaus.org - Added option to enable/disable checking. version 1.0 - added plugin to check against opm.tornevall.org - added custom phrase to be reported as error on registration start. Using this Hack? If you install this hack please click "Installed" to receive updates. If you find this hack useful you can always hit that paypal button too... Supporters / CoAuthors Show Your Support
|
Comments |
#12
|
|||
|
|||
Quote:
There is an error message that is displayed to the user in the standard vb error display format. You can edit exactly what it says by editing the phrase DM_found_in_rbl. The PM option allows you, as an admin, to receive a PM with the IP when its blocked. I will look at adding multiple RBLs in the next version. |
#13
|
|||
|
|||
oh sweet.. just got confused by what the options were for.. since there was no clear explanation..
can the PM options have drop down menu and let you chose PM or EMAIL? You can solve that by making one line option with multiple boxes.. example "Notify Following UserID's [enter userid# here] by [drop down box with options EMAIL/PM] about failed registrations" and user id "0" would disable that whole option. |
#14
|
|||
|
|||
Isn't the sbl-xbl.spamhaus.org blacklist a list of IP's that are used by email spammers? I'd expect that to be successful for blocking email spam, but that is not the same as blocking anonymous http proxy sites like Proxify.
countrycheck.com used to try to keep track of anonymous http proxy servers, but they seem to have gone out of business. Their site has contained just an error message for a few weeks now. |
#15
|
|||
|
|||
Quote:
spamhaus.org rolls up a number of other RBLs. You can also specify whatever RBL you want to use. |
#16
|
|||
|
|||
Which Spamhaus (or other source) RBL contains anonymous http proxy servers?
|
#17
|
|||
|
|||
When you say open proxy, does that mean aol is not blocked?
|
#18
|
|||
|
|||
Quote:
Quote:
Obviously many of those open proxy IPs reflect mailservers but I have had some success with IPs found googling "anonymous HTTP proxy" getting blocked. I'm still looking for a proper list of anonymous web proxies. Quote:
That is correct - AOL is not blocked because it is proxying for its customers. |
#19
|
|||
|
|||
I have been doing some testing with different RBL's and google'd lists of open proxy servers... so far list.dsbl.org seems to return the most "hits" for known proxy IPs.
I will be testing it out to see if I get any false positives and may update the product to use it as a default... more info: http://dsbl.org/main |
#20
|
||||
|
||||
Wow, this has actually been really effective sinced I installed it a couple of days ago.:up:
My only recommendation would be maybe an option that let you designate a post notification in the forum choice of the Admin (such as a Private Forum for mods and/or admins), instead of the PM notifiications. The AE multiple account detector does that. Other than that, good job! :up: I've combined this with other proxy hacks (such as Paul M's Proxy to Real IP hack) with some good success. |
#21
|
|||
|
|||
Quote:
|
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|