Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Check Proxy RBL on New User Registration. Details »»
Check Proxy RBL on New User Registration.
Version: 4.1, by DaNIEL MeNTED DaNIEL MeNTED is offline
Developer Last Online: Jul 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.2 Rating:
Released: 11-17-2006 Last Update: 12-21-2007 Installs: 282
Uses Plugins
 
No support by the author.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
  1. Nothing, the registration continues as normal.
  2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
  3. Registration continues as normal, but the user is automatically permanently banned.
  4. Registration is blocked, an error message is displayed to the user.
Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?
  1. Create a user from which PMs, Posts, etc. will be generated.
  2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
  3. Install the attached product.
IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #222  
Old 06-06-2008, 02:16 AM
dapoling dapoling is offline
 
Join Date: Jul 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dapoling View Post
After doing a little testing I found that banning does not occur unless the second notification window appears to the person logging in.
It would be nice to have this banning action occur on the first message of notifying the register of using a proxy server.

To test this I used this and was caught http://www.freeproxyserver.net/

and this one got through do to it not getting the second notice http://www.cantbustme.com/

I still like the hack but just wanted to pass this along as I am really getting hit hard by an idiot.
It seems I have my own answer here.
The reason I found why the new registrations is not being banned is because I have the Spam Hack so I can make up my own question and answer. The ones that are not being banned must be spam bots and are unable to answer the question.

The one that can answer the question but caught by the RBL Checker is banning them.
Reply With Quote
  #223  
Old 06-11-2008, 04:20 AM
kylek kylek is offline
 
Join Date: Oct 2003
Location: British Columbia, Canada
Posts: 798
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Running 3.7.1 and am also getting two pms. Also have it set to move the person into a certain usergroup how ever it seems that is not happening.
Reply With Quote
  #224  
Old 06-11-2008, 08:14 PM
dapoling dapoling is offline
 
Join Date: Jul 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kylek View Post
Running 3.7.1 and am also getting two pms. Also have it set to move the person into a certain usergroup how ever it seems that is not happening.
Kylek I am not sure if the same thing is occuring with mine but I found that through trail and error if they are able to registered and then banned they will be banned.

If you are unsuccessful in registering then it will not ban as the are not a member yet.

Dave
Reply With Quote
  #225  
Old 06-17-2008, 12:19 PM
counterpoint counterpoint is offline
 
Join Date: Jun 2008
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry, I'm not clear, is this hack compatible with VB 3.7?
Reply With Quote
  #226  
Old 06-17-2008, 12:37 PM
webspider webspider is offline
 
Join Date: Jun 2003
Location: Canada
Posts: 175
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by counterpoint View Post
Sorry, I'm not clear, is this hack compatible with VB 3.7?
As far as I can tell no not completely. It does part of the job but fails on the auto banning. I'm using it anyways on 3.7 as one more deterrent.
Reply With Quote
  #227  
Old 06-20-2008, 01:53 PM
thestaton thestaton is offline
 
Join Date: Mar 2008
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Any chance of this getting a proper port to 3.7?
Reply With Quote
  #228  
Old 06-25-2008, 02:00 PM
counterpoint counterpoint is offline
 
Join Date: Jun 2008
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by webspider View Post
As far as I can tell no not completely. It does part of the job but fails on the auto banning. I'm using it anyways on 3.7 as one more deterrent.
Thanks, on that basis I've implemented it.

A couple of other questions. The introduction gives reasons for banning proxies, but does not make it clear whether this product implements a ban, or whether the author is recommending that something else should be used to block proxies. If the latter, is there a reliable, supported proxy blocker?

With RBL implemented, it seems to be blocking only a minority of spammers. Is there anything else that can be done?
Reply With Quote
  #229  
Old 06-25-2008, 09:58 PM
skippybosco skippybosco is offline
 
Join Date: Sep 2007
Posts: 117
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I personally use a three tier approach that catches 99% of the attempts:

Registration Attempt -> Stop Forum Spam Check -> Proxy RBL Check
Post Attempt -> Akismet Check

For RBL I'm a little more aggressive on the IPCONFIG checks that the default setting:
  • dnsbl.ahbl.org
  • list.dsbl.org
  • sbl-xbl.spamhaus.org
  • cbl.abuseat.org
  • bl.spamcop.net
  • dnsbl-1.uceprotect.net
  • dnsbl-2.uceprotect.net
  • dnsbl-3.uceprotect.net
  • zen.spamhaus.org
Reply With Quote
  #230  
Old 07-22-2008, 01:08 PM
Raptor Raptor is offline
 
Join Date: Nov 2001
Posts: 499
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

works on 3.7.2 inc auto banning

however it makes a post twice when it catches an offender
Reply With Quote
  #231  
Old 08-21-2008, 12:16 PM
King Justice King Justice is offline
 
Join Date: Apr 2006
Posts: 222
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Is there any way someone can make this script also check/block registrations from proxy IPs? Here are three big sites containing lists of proxy site IP addresses:
http://www.samair.ru/proxy/
http://www.publicproxyservers.com/page1.html (Page 1 through 5)
http://www.proxy.org/tor.shtml

Will pay a coder to make this available to everyone somehow.

Edit: Proxy.org has a blacklist of Proxy IPs that you can add to your .htaccess file here. Would still like to use the above IP addresses to be blocked by a script automatically - would be very useful if the script could auto-update itself as the sites do. The sites contain such a massive index of proxy IPs that are freshly updated it would really prevent problematic users.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:10 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06193 seconds
  • Memory Usage 2,312KB
  • Queries Executed 28 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete