Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons

Reply
 
Thread Tools
Check Proxy RBL on New User Registration. Details »»
Check Proxy RBL on New User Registration.
Version: 4.1, by DaNIEL MeNTED DaNIEL MeNTED is offline
Developer Last Online: Jul 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.2 Rating:
Released: 11-17-2006 Last Update: 12-21-2007 Installs: 282
Uses Plugins
 
No support by the author.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
  1. Nothing, the registration continues as normal.
  2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
  3. Registration continues as normal, but the user is automatically permanently banned.
  4. Registration is blocked, an error message is displayed to the user.
Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?
  1. Create a user from which PMs, Posts, etc. will be generated.
  2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
  3. Install the attached product.
IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #232  
Old 09-03-2008, 05:33 AM
AtoZ AtoZ is offline
 
Join Date: Jul 2002
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Never mind... Just read post:
https://vborg.vbsupport.ru/showpost....&postcount=203

Problem is that anonymous surfing sites are not blocked. Will anxiously wait for update.

Quote:
For RBL I'm a little more aggressive on the IPCONFIG checks that the default setting:
  • dnsbl.ahbl.org
  • list.dsbl.org
  • sbl-xbl.spamhaus.org
  • cbl.abuseat.org
  • bl.spamcop.net
  • dnsbl-1.uceprotect.net
  • dnsbl-2.uceprotect.net
  • dnsbl-3.uceprotect.net
  • zen.spamhaus.org
Thanks for this list... 2 of the 3 defaults are not working and the remaining one didn't list the IPs of a recent offender I've been battling with.
Reply With Quote
  #233  
Old 09-07-2008, 08:32 AM
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Location: Sweden
Posts: 212
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by StevenTN View Post
Hey Daniel... thanks for all the work you've done. I don't think we've mentioned that You've helped make our forums quieter.

Here's all the BLs I use...

dnsbl.ahbl.org
list.dsbl.org
sbl-xbl.spamhaus.org
cbl.abuseat.org
bl.spamcop.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
zen.spamhaus.org
Also try opm.tornevall.org. That server also looks for webspamming/abuse (and updates TOR-nodes hourly). You can read about it here.
Reply With Quote
  #234  
Old 09-12-2008, 10:12 PM
King Justice King Justice is offline
 
Join Date: Apr 2006
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TMM-TT View Post
Also try opm.tornevall.org. That server also looks for webspamming/abuse (and updates TOR-nodes hourly). You can read about it here.
Thank you for that list!
Reply With Quote
  #235  
Old 09-13-2008, 04:09 AM
King Justice King Justice is offline
 
Join Date: Apr 2006
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What is the best list to use? I am using this now:

Quote:
proxies.dnsbl.sorbs.net
dnsbl.ahbl.org
opm.tornevall.org
But there's also this one?

Quote:
dnsbl.ahbl.org
list.dsbl.org
sbl-xbl.spamhaus.org
cbl.abuseat.org
bl.spamcop.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
zen.spamhaus.org
Should I use a combination of both?
Reply With Quote
  #236  
Old 09-13-2008, 06:10 AM
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Location: Sweden
Posts: 212
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by King Justice View Post
What is the best list to use? I am using this now:



But there's also this one?



Should I use a combination of both?
That may be a good idea. Some of the listed rbls (tornevall.org is one of them) also support bitmasked detection, which mean you can choose what to block of the returned answers from DNS (which this plugin also supports :P).

The biggest problem with a lot of diffrent blocklists is that it may slow down the forum if resolving takes too much time. There may also be a lot of false alarms, depending on how updated the RBL is.
Reply With Quote
  #237  
Old 10-02-2008, 04:05 AM
webcosmo's Avatar
webcosmo webcosmo is offline
 
Join Date: Apr 2008
Posts: 79
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't know why today my forum http://www.webcosmoForums.com got hit by spammers all day long. They been registering one after another posting porns and links. Apparently they been using a proxy for registration. I been getting tired of deleting and banning.

So now that I have installed this, hopefully it will stop the spam flood. Great work.
Reply With Quote
  #238  
Old 10-16-2008, 04:20 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I got hit today too and I have a lot of custom code added that really make it tough for the spammers to get through but I had one today really testing the site by adjusting the words and phrases in the spam.

My problem was their IP kept changing with each new post/account. I hope this fixes that issue...
Reply With Quote
  #239  
Old 10-16-2008, 06:34 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Wow, worked like a charm and my spamer decided to go somewhere else! I had a real person on the site trying to get in with his bots and I could tell as they were getting some tricky spam blocks mastered but once their IPs couldn't be faked they were not getting through and gave up.

Simply awsome tool!
Reply With Quote
  #240  
Old 12-01-2008, 05:30 AM
ShackMaster ShackMaster is offline
 
Join Date: Apr 2006
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am getting double posts in my reporting forum. Any ideas?
Reply With Quote
  #241  
Old 12-01-2008, 07:01 PM
ShackMaster ShackMaster is offline
 
Join Date: Apr 2006
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Uninstalled... it is causing me loads of unnecessary work. Since last night it has sent almost 20 legitimate users to moderation queue.

Either the program is faulty or the black lists are incorrect... either way it gets a big thumbs down from me.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:04 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07011 seconds
  • Memory Usage 2,305KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete