The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Check Proxy RBL on New User Registration. Details »» | |||||||||||||||||||||||||||
Check Proxy RBL on New User Registration.
Developer Last Online: Jul 2014
Check Proxy RBL on New User Registration Version 4.1
Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code. What does this hack do? Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
These options are configurable in AdminCP > Options > DM-RBL Check on Registration. Why Block Proxies? Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy. How do you Install?
What is the default config? By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls. You can modify the settings in the AdminCP to Ban or Block as you like. Hack History: Version 4.1 - Fixed SQL Injection security hole. - Fixed some minor typos in automatically generated messages. Version 4.0 - Added ability to specify error reported on blocks. - Added ability to specify ban reason and custom title. - Added ability to move users to "pending moderation" group if registration is allowed. - Updated list of RBLs checked based on testing with lists of "anonymous" proxies. - Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4) Version 3.2 - Fixed typo causing blocked registrations to be reported as allowed. Version 3.1 - change in variable name in v3.0 broke RBL checking. Corrected error. - match notification now includes the name of the RBL that matches the IP. Version 3.0 - plugin now fires at "register_addmember_process" allowing the user to completely fill in the form. - Added the ability to specify more than one RBL. - Added option to specify whether registration is blocked or allowed to complete. - Added option to automatically ban registrations that are allowed to complete but have a positive IP match. - Added option to specify user who is "notifier". - Added option to specify a forum where a notification thread will be created. - Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list. - Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers. - Reworded Phrases. - Removed 10.x.x.x IP from known proxy/anonymizer list. version 2.0 - Added configuration options under vboptions > DM-RBL Check on Registration. - Added PM on Block. - Added option to select RBL. - Added Custom Whitelist. - Added Custom Blacklist. - Added list of free proxies. - Changed default RBL to sbl-xbl.spamhaus.org - Added option to enable/disable checking. version 1.0 - added plugin to check against opm.tornevall.org - added custom phrase to be reported as error on registration start. Using this Hack? If you install this hack please click "Installed" to receive updates. If you find this hack useful you can always hit that paypal button too... Supporters / CoAuthors Show Your Support
|
Comments |
#62
|
||||
|
||||
Installed....thanks for sharing this code with us. :up:
|
#63
|
|||
|
|||
Quote:
My pleasure. Anything to keep the trolls at bay... Incidentally, I recommend checking out www.ahbl.org - they seem to have resolved the issues they were having with their site and from my tests on dnsstuff.com with various google'd lists of proxy servers they have ALL the ones I tested listed... I've setup my production server to use ahbl.org and assuming I get no false positives between now and the next update (what? no new requests for features?) then I may make that the default rather than spamhaus.org which is less targetted to web proxies. |
#64
|
||||
|
||||
Quote:
|
#65
|
|||
|
|||
For sure... I've put it first for testing.
|
#66
|
||||
|
||||
Are you using this addy for check dnsbl.ahbl.org
|
#67
|
|||
|
|||
Yes..
My list is as follows: sbl-xbl.spamhaus.org proxies.dnsbl.sorbs.net dnsbl.ahbl.org Originally I had ahbl.org at the top - since the RBL Checker stops after a positive match I've moved it to the bottom. This way when I see a report with ahbl.org I know the IP was missed by spamhaus.org and sorbs.net. If anyone else is willing to setup their forum the same way and report back on whether or not spamhaus, sorbs, or ahbl does the majority of the blocking it will help me decide on a default for the next release. I don't really want to do too many checks... so I'd like to have 1-2 RBLs as the default. |
#68
|
|||
|
|||
Guys, I'd recommend against using dnsbl.ahbl.org or sbl-xbl.spamhaus.org. Their primary function is to provide a list of Open Mail Relays and email spamming sources, which are an ENTIRE different world than Open Proxies. I don't think that fact is illustrated enough in this thread.
AHBL is particularly aggressive in that they are willing to list blocks of ip addresses. That is, if you have users on a Seattle Area DSL network, and an open mail relay shows up on their network, both that mail relay and your users (or potential users) will be blocked by AHBL. You guys really need to read and understand the purpose and the usage of these blacklists before slapping them in. Many of these blocklists prohibit the usage of their services in this way. You're unnecessarily hitting services that have finite resources. Don't be so eager to block IPs willy nilly and think you're making a difference. You're not. If your goal is to block users coming through anonymizers, proxies, or even the TOR network, then use blacklists whose function is to only report anonymizers, proxies, and TOR networks. The fact of the matter is that you're not going to see a lot of hits with a blacklist like this simply because not many people are going to register with your site who are actually using proxies. Here's what I'm using currently: proxies.dnsbl.sorbs.net tor.ahbl.org I don't get many hits, but that's because I don't expect many hits (that's the reality of things). Again, I like this add-on, I think it's very useful. I'm not criticizing it's usage. All I'm trying to do is help people understand what they're doing a little bit better. |
#69
|
|||
|
|||
Quote:
proxies.dnsbl.sorbs.net tor.ahbl.org |
#70
|
|||
|
|||
Quote:
Now, If this add-on had the ability to interpret the response from various blacklists, you could get more coverage. For example, spamhaus will return indicators as to why a particular IP has matched in their database, and these indicators might include an option saying that it is an open proxy. However, this interpretation doesn't occur, so you will end up matching ips against things like Dial up networks, dynamic ip hosts, and ip netblocks that *might* include spammers. DementedMindz, and anyone else, if it is your intention to block just Open Proxies, then use the following two hosts, as I do: proxies.dnsbl.sorbs.net tor.ahbl.org |
#71
|
|||
|
|||
yeah im looking at opm.tornevall.org now as they have a few on there too im reading about it here http://opm.tornevall.org/ cause say you go to http://anonymouse.org you can get right by all these things.
|
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|