The Arcive of Official vBulletin Modifications Site.

Proxy Hack v1.0 · **Released**: 05-06-2002

Ooook,

Well, this hack is a little thing to give you vB admins and moderators some more information about the users using proxys on your board (mainly, thier IP address).

The following version is upto date and works with vb 2.2.8 and whatever else. This version was updated by Stadler to work with 2.2.8. I cannot provide support personally for ANY versions here. And I do not know what support Stadler can give you.

So, download the 2.2.8 update here

----------------

Everything below has to do with super old versions that don't matter.. because they are super old! You don't want them, so don't even read it!

STOP READING! hehe, anyway. I repeat:

VERSION 2.2.8 ABOVE ^
VERSION 2.2.5 BELOW

enjoy

--------------

Screenshots are in the posts to follow.

Let me know how you like it, or ways I could improve it. ^_^ :bunny:

Edit: Non intrusive version
This little edit simply adds the proxy info to the getip template. So when mods/admins click the "IP Logged" button/graphic if there is any proxy info, it will tell them instead of in postbit.

Get it

here

Attachment: Non Intrusive Version Screenshot

Normal, version:

Stadler · #92 11-15-2002, 08:15 PM

Well, you need to run this query in order to add this field to your 'post'-Table.

If you're not able to add this field through the query I can't help you, sorry.

Asendin · #93 11-15-2002, 09:05 PM

can the query be done threw ssh?

maybe there is a bug in my Cpanel version i have never had a problem with running a query before.

Stadler · #94 11-15-2002, 11:16 PM

I don't know. I'm doing all Database Maintenance and all querys through phpMyAdmin, but I think you should be able to execute the query, if you're logged in into your forums database. Well ... I prefer phpMyAdmin for this.

Just an idea, but maybe you should upgrade to phpMyAdmin 2.3.2 and then retry to apply the query again through phpMyAdmin?

Asendin · #95 11-15-2002, 11:32 PM

it is version 2.3.2

MySQL 3.23.53

thanks

350Chevy · #96 11-26-2002, 06:57 AM

I installed this hack but it barely works..

To test it I used 5 well known proxy web based cgi engines and it only detected one. On top of that, the one that it DID detect said my IP was someone WAY off from what it really is.

Great idea, great concept and it does sort of work but I'm just letting you know this needs much more work and should probably still be in the BETA forum.

Takara · #97 11-26-2002, 07:39 AM

Its dependant on the proxy and such. Normal ISP proxys and non anon proxys give your IP, but not all. So the code is not beta.

Paul · #98 12-10-2002, 03:25 AM

A Bugtraq subscriber released a XSS vulnerability today involving Ikonboard and a similar feature to this hack in that forum. Preventative measures should probably be taken with this hack:

Quote:

2. Via X-Forwarded-For: header.

User's IPs are available for admin. If user accesses Ikonboard via
Proxy, X-Forwarded-For: header is shown instead of proxy IP without
filtering. Length is limited to 16 characters, but it's still possible
do something interesting with 2 requests <script>/* and */<script>.

Best wishes,
Paul

Stadler · #99 12-10-2002, 10:21 AM

Well ... why reinvent the wheel? Just use the XSS-Fix from vB2.2.9:

IN newthread.php AND newreply.php FIND

Code:

    } else {
      $proxyip="";
    }

ADD AFTER THAT

Code:

    $proxyip=xss_clean($proxyip);

Be aware, that this fix needs vB2.2.9 and above.

Stadler

Bison · #**100** 12-10-2002, 04:25 PM

Are there any more methods to checking proxies than this:

Code:

        
if ($HTTP_SERVER_VARS['HTTP_FORWARDED']!="") {
      $proxyip=$HTTP_SERVER_VARS['HTTP_FORWARDED'];
    } elseif ($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']!="") {
      $proxyip=$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
    } elseif ($HTTP_SERVER_VARS['HTTP_CLIENT_IP']!="") {
      $proxyip=$HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
    } else {
      $proxyip="";
    }
    $proxyip=xss_clean($proxyip);

All this seems to do is match similarities in the actual IP address ... doesn't do a good job at detecting proxies. I have tested this code with all types of proxies and I aint getting nothing!

Talisman · #**101** 12-11-2002, 04:50 AM

We're getting odd results, too. It's noting people with proxies who don't use them. Not quite sure what to think now.

BlackDeath · #**102** 12-17-2002, 06:19 AM

i'm trying to install this hack but i do not have a functions.php????? LOL, did someone eat it?

BlackDeath · #**103** 12-17-2002, 06:23 AM

Quote:

Originally posted by BlackDeath
i'm trying to install this hack but i do not have a functions.php????? LOL, did someone eat it?

nm, i found it.

BlackDeath · #**104** 12-17-2002, 06:26 AM

not to be a smartass but why can't someone just make this hack or any hack an easy install. you click set up and it does it itself. what's up w/ all the copy and pasting and running sql queries. this needs to be made easier to use. just my opinion, i could be wrong.

BlackDeath · #**105** 12-17-2002, 06:58 AM

i got this thing installed and it appears to work fine, however has anyone noticed that if you have the board turned off and you try and post, you get a sql error?

350Chevy · #**106** 12-17-2002, 07:01 AM

nope.. no SQL errors here when the board is off...

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05647 seconds Memory Usage 2,358KB Queries Executed 30 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (3)bbcode_code (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (16)post_thanks_box (16)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (16)post_thanks_postbit_info (15)postbit (16)postbit_onlinestatus (16)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!