Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Check Proxy RBL on New User Registration. Details »»
Check Proxy RBL on New User Registration.
Version: 4.1, by DaNIEL MeNTED DaNIEL MeNTED is offline
Developer Last Online: Jul 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.2 Rating:
Released: 11-17-2006 Last Update: 12-21-2007 Installs: 282
Uses Plugins
 
No support by the author.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
  1. Nothing, the registration continues as normal.
  2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
  3. Registration continues as normal, but the user is automatically permanently banned.
  4. Registration is blocked, an error message is displayed to the user.
Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?
  1. Create a user from which PMs, Posts, etc. will be generated.
  2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
  3. Install the attached product.
IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #162  
Old 05-25-2007, 12:23 AM
meissenation meissenation is offline
 
Join Date: Apr 2005
Posts: 476
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok, I had to entirely uninstall this script. It said that it had a positive match on a user's IP address that attempted to register. WROOOOOOOOONG... the IP address resolves to a local ISP here in Detroit, MI. Crazy!
Reply With Quote
  #163  
Old 05-25-2007, 12:27 AM
venomx's Avatar
venomx venomx is offline
 
Join Date: Apr 2002
Location: Pennsylvania USA
Posts: 441
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So?
Could that user be an open proxy or maybe one has been run before at that IP?
Did you goto Sh and look up the IP and seen what it said?
Reply With Quote
  #164  
Old 05-25-2007, 12:28 AM
meissenation meissenation is offline
 
Join Date: Apr 2005
Posts: 476
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I went to ws.arin.net and it resolves to WideOpenWest's IP address range.
Reply With Quote
  #165  
Old 06-01-2007, 12:12 PM
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Posts: 152
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by meissenation View Post
I went to ws.arin.net and it resolves to WideOpenWest's IP address range.
What's the IP?
Reply With Quote
  #166  
Old 06-02-2007, 11:33 AM
meissenation meissenation is offline
 
Join Date: Apr 2005
Posts: 476
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

69.14.74.25
Reply With Quote
  #167  
Old 06-27-2007, 11:58 PM
Seiyaboy Seiyaboy is offline
 
Join Date: May 2006
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can the IP Black list block a range of IPs such as 120.45.*.*?
Reply With Quote
  #168  
Old 07-05-2007, 03:27 PM
mfyvie mfyvie is offline
 
Join Date: Mar 2007
Location: Zurich, Switzerland
Posts: 336
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Seiyaboy View Post
Can the IP Black list block a range of IPs such as 120.45.*.*?
Good question, I was about to ask the same thing. Most of my registrations are inside Switzerland, and I was getting a couple of addresses inside dynamic ranges blocked by list.dsbl.org

Quote:
Originally Posted by DaNIEL MeNTED View Post
Remeber the more IPs you add to the "blacklist" the longer it takes to process a registration... I'm not sure what list length will = a performance degredation.
Actually, since you are only doing a simple match here, I can't imagine that it will make TOO much off a difference. Remember this plugin in only firing on new user registrations, it's not as if it is firing on every single page. Therefore, probably not that much reason to stress :-)

Top marks on a excellent mod by the way!
Reply With Quote
  #169  
Old 07-12-2007, 08:20 PM
mfyvie mfyvie is offline
 
Join Date: Mar 2007
Location: Zurich, Switzerland
Posts: 336
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here's some unsupported and untested code that can be used to modify the current version of Proxy RBL mod (4.0) to work together with GLA (Geographic Location Awareness). This allows you to specify an additional whitelist or blacklist based on the country where the user has registered from. In my case I seem to have quite a few Swiss IP addresses listed, but most of my registrations are from Switzerland. Therefore I simply whitelist Switzerland. You can also use this so users from a certain country are always matched, regardless of whether their IP address is listed in a certain blacklist.

I haven't made a fancy user interface for this, because this is not my mod. My code is posted freely here for Daniel to consider implementing as standard. Please remember that unless you have installed and tested GLA first and it is working (details on the GLA thread), then this code won't work. Right let's get started:

Go into the AdminCP -> Plugins and Products -> Plugin Manager -> DMeNTED's RBL Checker -> Check IP against RBLs/IPs. Click the large edit box and locate this code:

Code:
      if ($DM_rblcheck_result == $DM_rblcheck_srvmask) {

            // ********************** NOTIFICATIONS **********************
Above this section insert:
Code:
// Modification to incorporate country checks into RBL checker. This will only work if GLA is already installed, tested and working
// Obtain GLA here: https://vborg.vbsupport.ru/showthread.php?t=151601
if (isset($vbulletin->session->vars['country']))
{
    // Country blacklist - enter a list of countries which are exempted from the RBL checker (use valid *lower case* ISO 2 letter codes only!)
    // See http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 for list of codes
    // example: $whitelist = array('gb', 'fr', 'it');
    $whitelist = array();
    if (in_array($vbulletin->session->vars['country_iso2'], $whitelist)) 
    {
        // We have a match on the whitelist, bail out of the entire plugin, but reset the variables first.
        $DM_rblcheck_result = null;
        return;
    }
    // Same as above example for whitelist. People from these countries will be flagged as positive matches, regardless of the RBL status.
    // Think carefully before using the blacklist - it is generally not recommended to ban entire countries 
    $blacklist = array();
    if (in_array($vbulletin->session->vars['country_iso2'], $blacklist)) 
    {
        // We have a match on the blacklist, set the variables and continue
        $DM_rblcheck_result = $DM_rblcheck_srvmask;
        $DM_rblcheck_errcode = "Matched a blacklisted country: " . $vbulletin->session->vars['country'];
    }
}
This modification is untested (though it is running on my system, but I haven't had any alerts yet so I can't say 100% whether it is working). If it works for you - maybe say so. Don't forget that you have to insert the correct country codes into the code (see the comments in the code itself), and don't get to use 'quotation' marks and commas to separate multiple entries.

Now to add the country name into your reports find this line:

Code:
$DM_rblcheck_errcode = "MATCHED IN THE RBL DATABASE of the " . $DM_rblcheck_rblserv . " RBL.";
And replace with:

Code:
$DM_rblcheck_errcode = "USER FROM: $vbulletin->session->vars['country'] MATCHED IN THE RBL DATABASE of the " . $DM_rblcheck_rblserv . " RBL.";
Also, further to this post, I recommend moving the hook used for Check IP against RBLs/IPs to register_addmember_complete (and change to execution order 4 if you do this), due to the fact that multiple notifications get sent for every bot that turns up.

It might be useful to duplicate sections of code in both plugins so that blocking is done in the Check IP against RBLs/IPs plugin and notifications are done in Auto-Ban or Flag for Moderation plugin. This would avoid all the unnecessary notifications for bots that never succeed in registering anyway.

Remember, just to repeat myself again (I know some people have trouble reading instructions sometimes). Do not ask for support for GLA on this thread - install it and if it doesn't work go through every post on the GLA thread as there are steps for verifying it on that thread.
Reply With Quote
  #170  
Old 07-13-2007, 05:41 AM
lazytown lazytown is offline
 
Join Date: Feb 2004
Posts: 503
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DaJoker View Post
Need to change the hook the plugin is using. It is currently using register_addmember_process, but should be using register_addmember_complete. What is happening is when it hits process, and say the user puts in the wrong captcha, doesn't match their passwords, doesn't put in a required field, etc. When you use the _complete hook it fires once the user has properly filled out the registration form. Only use this hook however if you want the registration to complete, but not get multiple notifications. If you are blocking registrations, then leave it using the process hook.
Has anyone confirmed that this works? I use the NoSpam! mod, and because of that, I get bots trying to register 6 times with their accounts banned (which is good). However, if this mod allowed NoSpam! to run first, they wouldn't even get to the point of registering an account most of the time. I believe I tried the above several months ago and it didn't work. Any suggestions at getting this to run after NoSpam! verification/etc?

Thanks
-vissa
Reply With Quote
  #171  
Old 12-24-2007, 12:26 PM
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Posts: 152
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hey everyone - I apologize for the extended absence. I am back and plan on redesigning the hack with even more features.

Right now the list includes:

- Ability for blocked registrations to send a message to admins in case they feel there is an error.
- Ability for admins to whitelist IPs from the automatic posts/PMs.
- Ability to blacklist or whitelist using a mask - #.*.*.*
- Ability to ban + blacklist IP from any post for spammers that sneak through.

I'm also toying with the idea of keeping a central RBL that the RBL checker reports to on positive or manual hits...
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:08 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09940 seconds
  • Memory Usage 2,329KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_code
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete