Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Check Proxy RBL on New User Registration. Details »»
Check Proxy RBL on New User Registration.
Version: 4.1, by DaNIEL MeNTED DaNIEL MeNTED is offline
Developer Last Online: Jul 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.2 Rating:
Released: 11-17-2006 Last Update: 12-21-2007 Installs: 282
Uses Plugins
 
No support by the author.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
  1. Nothing, the registration continues as normal.
  2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
  3. Registration continues as normal, but the user is automatically permanently banned.
  4. Registration is blocked, an error message is displayed to the user.
Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?
  1. Create a user from which PMs, Posts, etc. will be generated.
  2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
  3. Install the attached product.
IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #92  
Old 02-03-2007, 09:54 AM
sinisterpain's Avatar
sinisterpain sinisterpain is offline
 
Join Date: Feb 2006
Location: New Hampshire
Posts: 571
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Stanley Steamer View Post
This is my first kill.



I have a question. I received the PM from the program with this alert, but it was also supposed to post it in a hidden forum for the moderators.
Can this send the message to PM's and a forum, or just one or the other?
Do I use the full url of the forum or do I just write in the forum name and the ID number?
It will do both thats how I currently have it set up.
"ForumID For RBL reports
The forum you want RBL reports to be posted into. " In this option field put your forum id where you would like the post to go.
Reply With Quote
  #93  
Old 02-03-2007, 05:47 PM
Stanley Steamer Stanley Steamer is offline
 
Join Date: Mar 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just recieved four of these identical PMs at the same time (2:25 pm), but it still hasn't posted anything in the special forum.
I copied and pasted the forum url from the browzer bar into the forum ID box.
I have all the permissions set so that it can access the hidden forum and make posts and threads.
I will have to re-check everything to see if I missed something.
Quote:
ALERT!

Someone has tried to register using the IP Address 193.193.193.153 which is MATCHED IN THE RBL DATABASE of the dnsbl.ahbl.org RBL.

This registration attempt has been allowed.

Registration Details: abossakon ( abossbsd@pelotka.info )
Reply With Quote
  #94  
Old 02-03-2007, 07:46 PM
The Finman's Avatar
The Finman The Finman is offline
 
Join Date: Jun 2006
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Stanley Steamer View Post
This is my first kill.

I have a question. I received the PM from the program with this alert, but it was also supposed to post it in a hidden forum for the moderators.
Can this send the message to PM's and a forum, or just one or the other?
Do I use the full url of the forum or do I just write in the forum name and the ID number?
Hmmmmm...I usually don't post images of my Admin CP, but in this case it may help.

I have mine setup to post in the moderator's private forum (24), as well as send me (The Finman) a PM.

I would check yours against mine, as that would probably be the easiest way to find the problem.



Let me know if that helps.
Reply With Quote
  #95  
Old 02-03-2007, 09:54 PM
Stanley Steamer Stanley Steamer is offline
 
Join Date: Mar 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I see it.
You have the forum number (24) where I pasted the entire url into the box.
I'le just put in the forum number and see if it works.
By the way, it just killed another spammer a few minutes ago.
This program is great!
Reply With Quote
  #96  
Old 02-04-2007, 01:27 PM
Stanley Steamer Stanley Steamer is offline
 
Join Date: Mar 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It works now, thanks Finman.
It blocked this spammer this morning.

Quote:
ALERT!

Someone has tried to register using the IP Address 125.252.11.214 which is MATCHED IN THE RBL DATABASE of the sbl-xbl.spamhaus.org RBL.

This registration attempt has been allowed.

Registration Details: Sazanas ( sazanas@cardsphonesites.com )
It blocked it four times in a row with each registration attempt being one minute apart.
I assume this was an automated spam bot?
Reply With Quote
  #97  
Old 02-06-2007, 01:28 AM
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Posts: 152
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you're getting multiple hits that close together I'm going to assume you're getting hit by a spam bot as I haven't had too many other reports of multiple hits like that... I've looked through the code and can't see anything that would cause it.

Glad to hear its helping out!!!
Reply With Quote
  #98  
Old 02-06-2007, 02:44 AM
The Finman's Avatar
The Finman The Finman is offline
 
Join Date: Jun 2006
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Stanley Steamer View Post
It works now, thanks Finman.
It blocked this spammer this morning.

It blocked it four times in a row with each registration attempt being one minute apart.
I assume this was an automated spam bot?
Yes, that is what it was.

I don't get too many of those, but I have had a couple try three times in under a minute.

This hack addresses the unique ability of bots to try and register using abilities beyond that of an ordinary human.

Quote:
This mod calculates the time it takes to go between these two pages:

The point is to try and prevent bots from registering at your forum when the time between the two pages is humanly impossible, assuming that humans actually take the time to complete the registration page.

Should a user be blocked from registering at your forum, an email will be sent to your vB webmasteremail address and the user will see the vB noregister phrase message, so no screenshot is necessary.

https://vborg.vbsupport.ru/showthrea...istration+time
I've downloaded it, but I haven't had a chance to install it. If any of you try it before I do. I would very much like some feedback on it.

Sincerely

~Fin
Reply With Quote
  #99  
Old 02-06-2007, 07:57 AM
thumbsucker thumbsucker is offline
 
Join Date: Dec 2005
Posts: 31
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm using

proxies.dnsbl.sorbs.net
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org
sbl-xbl.spamhaus.org

Is this overkill?

I'm primarily concerned with people who use fake IPs and such.
Reply With Quote
  #100  
Old 02-06-2007, 04:54 PM
Stanley Steamer Stanley Steamer is offline
 
Join Date: Mar 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by thumbsucker View Post
I'm using

proxies.dnsbl.sorbs.net
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org
sbl-xbl.spamhaus.org

Is this overkill?

I'm primarily concerned with people who use fake IPs and such.
I have all of these on my list.

sbl-xbl.spamhaus.org
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net
http://www.ahbl.org
dnsbl.ahbl.org
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org

So far the only one that has blocked them is sbl-xbl.spamhaus.org.
Whether or not it is over kill to have this many on the list, it doesn't hurt to have a big arsenel.
Quote:
I'm primarily concerned with people who use fake IPs and such.
Block this IP number ---> IP# 209.67.219.98

Blocking this IP blocks all of these proxy servers.

http://www.proxypanther.com/
http://www.doggyproxy.com/
http://www.elephantproxy.com/
http://www.monkeyproxy.net/
http://www.rainbowproxy.com/
http://www.thruzilla.com/
http://www.anonymizator.com/
http://www.anonymitor.com/
http://www.passthem.com/
http://www.sneakover.com/

I completly ruined a forum invasion with this one.
Reply With Quote
  #101  
Old 02-06-2007, 05:40 PM
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Posts: 152
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Stanley Steamer View Post
So far the only one that has blocked them is sbl-xbl.spamhaus.org.
Whether or not it is over kill to have this many on the list, it doesn't hurt to have a big arsenel
That's because as soon as it matches one it stops processing ... if you move another one to the top of the list you'll see it show up in the reports.

Quote:
Originally Posted by Stanley Steamer View Post
Block this IP number ---> IP# 209.67.219.98

I completly ruined a forum invasion with this one.
I'll add that to the next release.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:28 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04758 seconds
  • Memory Usage 2,333KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete