Miscellaneous Hacks - Check Proxy RBL on New User Registration.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:

1. Nothing, the registration continues as normal.
2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
3. Registration continues as normal, but the user is automatically permanently banned.
4. Registration is blocked, an error message is displayed to the user.

Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?

1. Create a user from which PMs, Posts, etc. will be generated.
2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
3. Install the attached product.

IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

[DMeNTED [ff]]

Hey Guys...

I'm about 40% complete on the rewrite, just hard finding time with some work related projects on the go. I've registered a new domain/vb license in support of this and some other projects I've got going on...

If anyone needs to get a hold of me PM/email me at this account as the other account I use ('Daniel Mented') is for the forum I admin...

Thanks and happy new year (a little late I know) to everyone!

[gsk8]

Thanks for the update! Looking forward to the new hack:up:

[gsk8]

HI,

I think you mentioned this before, but wanted a bit more info when you have time. Currently, default setting for RBLS that you have are:

dnsbl.ahbl.org
proxies.dnsbl.sorbs.net
list.dsbl.org

Does the "proxies.dnsbl.sorbs.net" also encompass the spam? It appears not to, but I could be wrong. I was trying to research it, but I'm techy enough to "get it". Here's the URL I'm referring to: http://www.us.sorbs.net/using.shtml

Paula

[DMeNTED [ff]]

It depends on the context. All RBLs are really designed to stop email spammers. What we're interested in is preventing vb spammers that are taking advantage of the same 'compromised servers' to pump spam into forums...

Most spammers try to use proxies to obfuscate their IP/location/etc. So blocking proxies is helpful in that regard.

[gsk8]

I think you misunderstood BTW, I LOVE the proxie blocker! My question is:

Does the "proxies.dnsbl.sorbs.net" also encompass the spam addy (spam.dnsbl.sorbs.net) for Sorbs?

They have a huge list, and I just wanted to make sure I was covered, so to speak

[EricGT]

Hello. This might be a stupid question, but I am new to this plugin and I am not sure how it works. When I try to view in a browser the urls for the RBLs listed in the config for this plugin, I get 'Server Not Found' errors for all three of them. Does this mean those pages are not working, or is a protocol other than HTTP being utilized to communicate with those sites? Thanks for a great plugin, BTW. Eric

[TheInsaneManiac]

I just went to fbiproxy.com and registered on my website and nothing happened, no error message no awaiting moderation. I also configured everything correctly.

[DaNIEL MeNTED]

Quote:

Originally Posted by EricGT

Hello. This might be a stupid question, but I am new to this plugin and I am not sure how it works. When I try to view in a browser the urls for the RBLs listed in the config for this plugin, I get 'Server Not Found' errors for all three of them. Does this mean those pages are not working, or is a protocol other than HTTP being utilized to communicate with those sites? Thanks for a great plugin, BTW. Eric

Those are DNS server addresses - the RBL checker performs a dns query against those servers and if it receives a match (typically 127.0.0.x) it blocks registration... If the ip isn't listed with the RBL specified then it doesn't return a 127. response...

Quote:

Originally Posted by TheInsaneManiac

I just went to fbiproxy.com and registered on my website and nothing happened, no error message no awaiting moderation. I also configured everything correctly.

Anon- web surfing sites do not get added to RBLs... the next version of the product will include a solution to that particular 'hole'.

Cheers.

[gsk8]

Quote:

Anon- web surfing sites do not get added to RBLs... the next version of the product will include a solution to that particular 'hole'.

How are you coming along with that? Any projected release date?

[rinkrat]

This catches people every single day on my site. I google their email address and sure enough I find spam on several other VBulletin sites that they have left.

This is one of the best hacks available for a popular site or one with a good Google ranking.