Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Check Proxy RBL on New User Registration. Details »»
Check Proxy RBL on New User Registration.
Version: 4.1, by DaNIEL MeNTED DaNIEL MeNTED is offline
Developer Last Online: Jul 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.2 Rating:
Released: 11-17-2006 Last Update: 12-21-2007 Installs: 282
Uses Plugins
 
No support by the author.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
  1. Nothing, the registration continues as normal.
  2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
  3. Registration continues as normal, but the user is automatically permanently banned.
  4. Registration is blocked, an error message is displayed to the user.
Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?
  1. Create a user from which PMs, Posts, etc. will be generated.
  2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
  3. Install the attached product.
IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #132  
Old 04-12-2007, 03:20 PM
The Finman's Avatar
The Finman The Finman is offline
 
Join Date: Jun 2006
Posts: 78
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by bitdefuser View Post
Thanks for the update!
Edit: Is there a way so that it will completely block them out? Even from the home page? So, that they have no access whatsoever? (Like, as soon as the user comes on the website, it will check the IP) Or is that just too many queries?
You really need to do that at the server itself.

If you are running Apache, I recommend using an .htaccess file to bounce them anywhere on the internet you want to, as well as any troll boards or websites linking to you (you can combine both features into one .htaccess file).

Blocking users by IP at the server using .htaccess

Blocking users/ sites by referrer using .htaccess

Although, technically any time a server has to check and verify a query, it is taking additional time and the more queries it has to check & verify, it does increase the time involved. However, on any given day I have about 30 banned IPs & sites in our .htaccess files on various VPS accounts, but I can't notice any appreciable time difference. However, the servers these VPS accounts are located on are very fast...so I suspect, any noticeable time lag will vary on how big your .htaccess list is, and how fast your server itself is.
Reply With Quote
  #133  
Old 04-12-2007, 03:34 PM
bitdefuser bitdefuser is offline
 
Join Date: Mar 2007
Location: C:\WINDOWS
Posts: 149
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by The Finman View Post
You really need to do that at the server itself.

If you are running Apache, I recommend using an .htaccess file to bounce them anywhere on the internet you want to, as well as any troll boards or websites linking to you (you can combine both features into one .htaccess file).

Blocking users by IP at the server using .htaccess

Blocking users/ sites by referrer using .htaccess

Although, technically any time a server has to check and verify a query, it is taking additional time and the more queries it has to check & verify, it does increase the time involved. However, on any given day I have about 30 banned IPs & sites in our .htaccess files on various VPS accounts, but I can't notice any appreciable time difference. However, the servers these VPS accounts are located on are very fast...so I suspect, any noticeable time lag will vary on how big your .htaccess list is, and how fast your server itself is.
Oh, thank you very much but, I'll stick with the Vbulletin IP banning system for now. I have bookmarked those links though in case if I need them in the future. Thanks!
Reply With Quote
  #134  
Old 04-12-2007, 06:11 PM
|Jordan|'s Avatar
|Jordan| |Jordan| is offline
 
Join Date: Nov 2004
Posts: 479
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here's a list of proxy ip's i took from proxy4free.com (the first site thats listed when you type "free proxy list"). Keep in mind the list always changes, but here it is anyways:

Code:
216.75.2.22
63.118.235.195
218.94.80.6
66.98.238.8
66.150.105.20
61.166.68.74
218.16.245.54
80.80.12.125
222.175.129.85
203.116.61.164
218.111.110.57
165.228.129.10
84.19.177.62
219.255.135.8
71.237.166.6
198.151.39.94
64.34.113.120
203.113.130.59
219.207.176.130
216.133.248.226
200.174.68.28
195.175.37.6
200.87.6.19
210.212.95.103
200.253.116.3
210.245.197.217
202.194.194.246
202.58.71.30
201.57.111.132
201.57.66.2
219.93.182.98
72.252.22.186
213.172.62.58
61.135.204.121
165.228.130.10
222.83.228.34
216.133.248.228
86.35.121.75
200.171.232.21
213.5.161.51
202.155.4.114
200.118.112.202
200.171.57.149
203.158.215.2
218.7.48.22
221.13.66.161
200.67.30.248
203.130.150.221
86.124.33.235
210.102.52.15
202.188.111.50
200.31.42.3
201.216.218.73
202.82.116.26
202.108.119.227
200.206.165.40
210.176.2.27
125.244.26.4
212.80.89.130
200.107.11.20
202.157.76.70
201.45.178.130
80.80.12.124
201.0.175.100
209.88.89.183
201.21.68.208
195.175.37.71
203.200.187.170
87.120.162.65
222.124.11.218
195.58.111.152
219.87.129.186
195.175.37.8
201.136.159.129
202.94.214.194
203.187.205.32
195.224.154.232
216.133.248.227
222.39.13.42
202.28.186.3
200.174.85.195
218.248.22.100
165.228.128.11
61.19.23.226
61.8.251.92
202.63.233.8
61.47.19.211
201.38.74.70
80.58.205.61
200.78.117.240
59.87.19.236
222.223.173.76
198.151.39.114
89.167.37.146
203.113.130.49
203.146.102.24
58.216.235.242
195.175.37.70
202.141.117.188
165.228.128.10
199.203.55.3
210.56.29.10
201.28.123.98
218.140.138.174
125.244.26.2
219.96.46.219
211.231.187.4
212.122.243.2
220.56.244.231
211.67.66.171
200.174.68.23
210.187.119.244
200.59.162.83
200.174.68.20
165.228.133.10
220.227.77.186
84.19.176.62
200.174.68.29
61.17.191.13
216.133.248.229
159.148.29.62
210.212.95.100
220.181.39.121
202.175.58.10
84.234.106.186
220.227.171.147
200.21.168.45
62.128.166.194
200.174.68.22
200.174.68.27
200.174.68.25
83.151.14.167
222.89.67.78
86.122.0.40
200.174.85.193
211.74.200.203
125.244.70.130
81.7.87.242
165.228.131.10
208.9.62.65
165.228.131.12
200.238.102.170
125.99.121.201
221.11.92.46
222.235.3.43
Reply With Quote
  #135  
Old 04-12-2007, 06:45 PM
bitdefuser bitdefuser is offline
 
Join Date: Mar 2007
Location: C:\WINDOWS
Posts: 149
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by |Jordan| View Post
Here's a list of proxy ip's i took from proxy4free.com (the first site thats listed when you type "free proxy list"). Keep in mind the list always changes, but here it is anyways:
Here is every IP listed on their site:
Code:
200.174.85.195 
200.31.42.3 
202.194.194.246 
200.174.68.27 
64.34.113.120 
199.203.55.3 
202.175.58.10 
210.212.95.103 
198.151.39.94 
61.17.191.13 
210.245.197.217 
203.130.150.221 
63.118.235.195 
210.102.52.15 
159.148.29.62 
212.80.89.130 
61.166.68.74 
222.124.11.218 
219.207.176.130 
125.244.26.4 
200.174.68.28 
62.128.166.194 
222.235.3.43 
86.124.33.235 
222.89.67.78 
203.200.187.170 
203.116.61.164 
61.47.19.211 
198.151.39.114 
165.228.130.10 
165.228.133.10 
218.248.22.100 
89.167.37.146 
195.175.37.6 
203.158.215.2 
80.58.205.61 
86.122.0.40 
201.0.175.100 
213.172.62.58 
80.80.12.125 
203.187.205.32 
221.13.66.161 
200.107.11.20 
125.244.70.130 
84.234.106.186 
200.238.102.170 
200.59.162.83 
200.78.117.240 
200.206.165.40 
203.113.130.59 
165.228.128.11 
201.28.123.98 
81.7.87.242 
61.19.23.226 
216.133.248.229 
83.151.14.167 
200.21.168.45 
222.223.173.76 
66.98.238.8 
209.88.89.183 
195.175.37.71 
195.224.154.232 
202.141.117.188 
202.94.214.194 
211.231.187.4 
213.5.161.51 
202.28.186.3 
201.136.159.129 
211.67.66.171 
61.135.204.121 
211.74.200.203 
212.122.243.2 
216.133.248.227 
200.118.112.202 
86.35.121.75 
210.176.2.27 
200.171.57.149 
201.216.218.73 
84.19.177.62 
222.39.13.42 
201.57.66.2 
218.140.138.174 
218.16.245.54 
59.87.19.236 
222.175.129.85 
222.83.228.34 
208.9.62.65 
80.80.12.124 
66.150.105.20 
201.21.68.208 
220.227.77.186 
200.87.6.19 
218.111.110.57 
200.174.68.29 
221.11.92.46 
202.155.4.114 
61.8.251.92 
87.120.162.65 
203.146.102.24 
216.75.2.22 
200.174.85.193 
125.244.26.2 
219.87.129.186 
202.157.76.70 
216.133.248.226 
165.228.131.12 
201.38.74.70 
220.56.244.231 
72.252.22.186 
202.82.116.26 
200.174.68.25 
219.255.135.8 
210.56.29.10 
216.133.248.228 
125.99.121.201 
200.171.232.21 
71.237.166.6 
201.57.111.132 
195.175.37.8 
165.228.129.10 
210.212.95.100 
202.58.71.30 
195.58.111.152 
58.216.235.242 
219.93.182.98 
218.94.80.6 
200.253.116.3 
200.174.68.22 
202.188.111.50 
219.96.46.219 
201.45.178.130 
218.7.48.22 
220.227.171.147 
200.174.68.20 
200.67.30.248 
165.228.131.10 
84.19.176.62 
210.187.119.244 
202.108.119.227 
220.181.39.121 
203.113.130.49 
200.174.68.23 
195.175.37.70 
202.63.233.8 
165.228.128.10
Enjoy!
Reply With Quote
  #136  
Old 04-12-2007, 07:15 PM
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Posts: 152
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Remeber the more IPs you add to the "blacklist" the longer it takes to process a registration... I'm not sure what list length will = a performance degredation.
Reply With Quote
  #137  
Old 04-12-2007, 09:00 PM
Damien001 Damien001 is offline
 
Join Date: Mar 2007
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The new version is amazing thankyou.

Just one thought (not too worried about it) but would be intresrtead in you view and view of other peoples.

Current user, is it worth checking to see if current user and using proxies. Maybe only doing it once or maybe one a wekk or something.

What do people think
Reply With Quote
  #138  
Old 04-13-2007, 12:17 AM
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Posts: 152
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Damien001 View Post
The new version is amazing thankyou.
Thank you.

Quote:
Originally Posted by Damien001 View Post
Just one thought (not too worried about it) but would be intresrtead in you view and view of other peoples.

Current user, is it worth checking to see if current user and using proxies. Maybe only doing it once or maybe one a wekk or something.

What do people think
Personally I think once they're registered it doesn't matter ... I originally wrote this hack to deal with trolls more than with spammers, the fact that it blocks spammers is a bonus as far as I'm concerned. We've been lucky - at 1500 members we have only had 1 troll. I've been on other boards where the same trolls keep re-registering after getting banned, in 99% of cases they're using a proxy to get around the IP ban.

This kills alot of their options...

The next thing I'm going to do is look at updating the "known proxies" list... not with the IPs from those open proxy sites - most of those IPs get on the RBLs pretty quick - but with sites that are specific for anon-web surfing. They don't tend to get on RBLs as much...
Reply With Quote
  #139  
Old 04-13-2007, 04:15 AM
|Jordan|'s Avatar
|Jordan| |Jordan| is offline
 
Join Date: Nov 2004
Posts: 479
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What about web based proxies? Like anonymouse.org
Reply With Quote
  #140  
Old 04-13-2007, 06:24 AM
Damien001 Damien001 is offline
 
Join Date: Mar 2007
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by |Jordan| View Post
What about web based proxies? Like anonymouse.org
just tested that and unfortunately it got pass the protection


how ever it does transmit its host name there for could itbe blcoked with htaccess based on hostname????
Reply With Quote
  #141  
Old 04-13-2007, 06:27 AM
Damien001 Damien001 is offline
 
Join Date: Mar 2007
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

this is the details of that site

IP 85.195.123.29
Host anonymouse.org
Browser & OS http://Anonymouse.org/ (Unix)
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04853 seconds
  • Memory Usage 2,332KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_code
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete