The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Check Proxy RBL on New User Registration. Details »» | |||||||||||||||||||||||||||
Check Proxy RBL on New User Registration.
Developer Last Online: Jul 2014
Check Proxy RBL on New User Registration Version 4.1
Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code. What does this hack do? Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
These options are configurable in AdminCP > Options > DM-RBL Check on Registration. Why Block Proxies? Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy. How do you Install?
What is the default config? By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls. You can modify the settings in the AdminCP to Ban or Block as you like. Hack History: Version 4.1 - Fixed SQL Injection security hole. - Fixed some minor typos in automatically generated messages. Version 4.0 - Added ability to specify error reported on blocks. - Added ability to specify ban reason and custom title. - Added ability to move users to "pending moderation" group if registration is allowed. - Updated list of RBLs checked based on testing with lists of "anonymous" proxies. - Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4) Version 3.2 - Fixed typo causing blocked registrations to be reported as allowed. Version 3.1 - change in variable name in v3.0 broke RBL checking. Corrected error. - match notification now includes the name of the RBL that matches the IP. Version 3.0 - plugin now fires at "register_addmember_process" allowing the user to completely fill in the form. - Added the ability to specify more than one RBL. - Added option to specify whether registration is blocked or allowed to complete. - Added option to automatically ban registrations that are allowed to complete but have a positive IP match. - Added option to specify user who is "notifier". - Added option to specify a forum where a notification thread will be created. - Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list. - Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers. - Reworded Phrases. - Removed 10.x.x.x IP from known proxy/anonymizer list. version 2.0 - Added configuration options under vboptions > DM-RBL Check on Registration. - Added PM on Block. - Added option to select RBL. - Added Custom Whitelist. - Added Custom Blacklist. - Added list of free proxies. - Changed default RBL to sbl-xbl.spamhaus.org - Added option to enable/disable checking. version 1.0 - added plugin to check against opm.tornevall.org - added custom phrase to be reported as error on registration start. Using this Hack? If you install this hack please click "Installed" to receive updates. If you find this hack useful you can always hit that paypal button too... Supporters / CoAuthors Show Your Support
|
Comments |
#32
|
||||
|
||||
|
#33
|
|||
|
|||
Can you consider adding an option that when you add an IP address to the Blacklist, you are no longer notified about that IP as attempting to register.
I'm getting bombarded by a few persistant and consistant IP's and since they're now in my Blacklist, I don't care to know about their registration attempts via the PM notifications. One of them is 216.145.49.15 which resolves to 'snv-global1.corp.yahoo.com' - anyone know if that is a legit one - if so I can add it to my Whitelist. I'm suspicious that it's a bot or something tripping up on it, but I'm not sure. Thanks in both cases! |
#34
|
|||
|
|||
Feature Request: The ability to do the checking for DNS BL upon registration, but in a non-blocking mode. That is, give the option for what to do to the admin. I would very much like to do a dry run to see how things lie for me, prior to enabling this in full blocking mode. I had the plugin installed, and it was rejecting some users at login. Yes, they were using proxies, and I can easily add them to the white list, however I'd like to get a baseline without blocking out a lot of users right off the bat.
Until then, I've had to uninstall the plugin. |
#35
|
|||
|
|||
It shouldn't block people at login as it only fires at register_start.
I'll look at adding a report/block option. |
#36
|
|||
|
|||
I couldn't reproduce my users' problem. It might be useful to include the URL that the user was getting blocked on, that way if there is a user who is having a problem, we can better help them.
Also, in the default list of "Known Proxies" is "10.237.44.144", which is an RFC1918 Non-routable ip address (as are 192.168.x.x addresses). It'll never trip, but it's also probably not a good idea to include ip addresses that often exist in corporate private networks. One more thing (sorry sorry, i know that you do this in your free time, but I want to help you make it the best it can be), The "RBL Match Mask" only allows to match against the first octet (I haven't tested this, but it's what it says). It would be useful if we could provide a list of things to match against. Different DNSBL's return different 127.0.0.x addresses, which indicate the type of host that is matching. From http://www.spamhaus.org/sbl/howtouse.html, Quote:
http://www.njabl.org/use.html Quote:
I think it's dangerous just to blindly use a DNSBL without making sure that you want to block everything it has to offer. In the context of a bulletin board system, you might not want to block the same hosts that you'd block in the context of an anti-spam system. |
#37
|
|||
|
|||
I have removed the 10. IP from the list of "known proxies" .. I suspect that was a typo on my part. The RBL mask currently only matched the first octet because various RBLs have various return codes - all varieties of 127.0.0.x
If you want to be granular to the point of the last octet then the benefit of using more than one RBL - which was requested by several people - goes out the window as no 2 RBLs tend to use the same definitions. I - for one - am looking at a more "inclusive" matching pattern. That being I would rather block people that shouldn't be than allow trolls in... the function of a whitelist allows you to specify IPs that are erroneously getting blocked. |
#38
|
|||||
|
|||||
Quote:
Quote:
Quote:
Quote:
Quote:
Thanks for all the positive feedback guys... what started as a quick and dirty hack for my own forum is actually getting to be a decent hack. |
#39
|
|||
|
|||
Quote:
How about this idea: It could come, preconfigured, with a good number of common SBLs. For each of these, the admin has the ability to choose open proxies, spammy servers, dial-up networks, etc etc. Additionally, give the ability to add their own SBLs with their own options for matching against there. I think it might give many admins a false-sense of accomplishment once they install this and start blocking lord knows what, but believe that they're only bad things (The plugin name says block proxies, but in reality it is blocking far more than just proxies). It's widely known that large American broadband networks are responsible for a great deal of spam, and a good number of these block-lists include those subnets. I'm afraid of doing a disservice to the users if we choose to just blindly block everything. I think that for this plugin to truly be successful, the admin should be able to finely tune what is and isn't blocked. If you've got a forum with tens of thousands of users, with hundreds of signups a day, whitelisting things would be almost certainly unmaintainable. As for trolls and whitelisting, how are you going to know if someone is a troll or not before they've even posted anything? What indicators should be used to go ahead and whitelist one IP over another? I think that in order for our individual communities to grow, it's like dealing with spam in that it's important that we make sure that all the good guys can get in, even if that means some cruft gets in on occasion. I'd rather ban 2 or 3 trolls a month, than waste my time trying to figure out if 233.44.23.XX is going to be a troll or not, over and over and over again. |
#40
|
||||
|
||||
Quote:
Thanks Daniel! |
#41
|
|||
|
|||
Thanks for adding my requested feature. Installing now!
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|