Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.5 > vBulletin 3.5 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
DNSBL/Open Proxy-Blocking Details »»
DNSBL/Open Proxy-Blocking
Version: 2.0.8, by TMM-TT TMM-TT is offline
Developer Last Online: May 2019 Show Printable Version Email this Page

Version: 3.5.x Rating:
Released: 09-14-2005 Last Update: 09-19-2008 Installs: 279
DB Changes Uses Plugins
 
No support by the author.

History

I've had some problems with abuse via open proxies for a time ago, and when we were banning abusers, they always found a new proxy to use and register new accounts with. Since this forum was a large type we could'nt just ban e-mails etc just like that, because this was leading to a very large amount of other banned users too.

At IRC, in the other hand, we had Open Proxy Monitors, that was banning everything that was blacklisted in some DNSBL-databases. No spammers had a chance to get in there as long they were listed in such database.

This is a plugin that blocks blacklisted hosts from some different DNSBL's. It uses the global_start-hook, a very simple handler for blocking proxies, and a vBphrase called OPM_Deny.


April 2006

The source has been rewritten a bit. The proxychecker is now using a cache that, by default, stores all ip's in a database for 6 hours. It scans some DNSBL's and can be configured to block proxies from bitmasks (defined in the plugin) which makes it a little bit more reliable, because it does'nt block everything it see).

Configuration is made from the plugin (hopefully there will be a nice admin interface in the future). Exceptions (ip's that can pass through this system even if it is a proxy) are also handled differently now.

// CHANGES
//
// 2008-09-20 (2.0.8)
//
// * Changed the routines for how to handle inclusion/exclusions
// * Splitted up plugins for 3.5/3.6 and 3.7
//
// 2007-08-05
//
// * Fixed reported bug, based on resolved hosts ending with 127
// * Changed database-tables to get rid of (hopefully) duplicate keys
// * Added resolver-function
// * Added two new block-methods available at the efnet-rbl
//
// 2006-06-28 (2.0.6/Another fix)
//
// * Proxyinclusions/exclusions didn't work properly
//
// 2006-06-28 (2.0.5/Fix only)
//
// * Fixed a bug in the $block-array that affected some of the blocking results
//
// 2006-06-28 (2.0.4)
//
// * opm.tornevall.org has a new entry for anonymizers, added support for this
// * Default value on "block everything detected" in plugin changed to "no"
//
// 2006-06-26 (2.0.3)
//
// * Created options for admincp (removed plugin-configuration)
// * Fixed a bit-bug for njabl
// * Plugin is now a function (rbl_livecheck) for external lookups
// * Added options for "only block on newuser-registrations"
//
// 2006-06-22 (2.0.3 RC)
//
// * The monitor is now a function
// * Added small compatibility with other plugins (with return)
//
// 2006-05-13
//
// * sorbs zones added (no bitmasking)
// * opm.blitzed.org removed
// * time() changed to TIMENOW
//
// 2006-04-21
// ==========
//
// * proxyinclusions
// quickly add own hosts that should be treated as a proxy
//


How does it work with other vBulletins?

This filter actually works with both 3.5 and 3.6, but for now, they will be separate versions, but for 3.5 and 3.6 you should look here and for 3.7 you should look here.


How to use the compatibility thing

If you have a plugin that you want to use together with the proxy monitor (only returns a value if a an ip-address is registered as a proxy or not) you can call the function rbl_livecheck like this (example):

PHP Code:
global $rblInstalled;

if (
$rblInstalled) {
$remoteIsProxy rbl_livecheck(1$_SERVER['REMOTE_ADDR']);

//
// .. your code here ..
//


Report bugs if you find them...



Don't forget to install it

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #62  
Old 11-07-2005, 05:59 PM
ximcix ximcix is offline
 
Join Date: Mar 2005
Location: NYC
Posts: 61
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by eoc_Jason
Each list is maintained by a separate group of people. Most are automatic testing scripts that look for certain ports and test to see if they can connect properly. I've noticed that the CBL list seems to generate a lot of false positives, and also contains a lot of stale data. (i.e. I had one IP that was last checked over 6 months ago and it was listed!)

Sites like the one you posted above is not considered an exploited proxy since they are offering the service. If you don't want users using that service than simply block their IPs as usual.

I modified my script slightly to help people that were experiencing errors. Basically I changed the line in the code to add the IP address as such:

PHP Code:
eval(standard_error(fetch_error('OPM_Deny',IPADDRESS))); 
Then modified my phrase as such:

Code:
<p><b>Sorry, but you do not have access to this forum!</b>
<p>The reason is you are trying to access this site via a <b>Blacklisted Open Proxy</b>! If you are using a dynamic IP you probably just got dumped with one that a person abused before you.
<p>Fear not! You can find out more info about where your IP is blacklised (and removal) via the <a href="http://www.spamhaus.org/query/bl?ip={1}">Spamhaus Website</a>.
<p>The IP in question is: <b>{1}</b>
<p><b>DO NOT</b> contact us about being removed, <u>we do not control the lists</u>! Please follow the link above, once you go to the site that has your IP listed, removal is usually a 1-click process. After submitting your IP for removal, the DNS is usually refreshed within the hour.
Thanks. I am using your script with that line intact.
Reply With Quote
  #63  
Old 11-14-2005, 09:26 PM
Robert Basil's Avatar
Robert Basil Robert Basil is offline
 
Join Date: Oct 2001
Location: Chandler, Arizona
Posts: 181
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by eoc_Jason
Which list were the false positives coming from? I usualy found most were coming from CBL, which I disabled that code in mine. There were IPs that were last checked / listed many, many months ago. Which you would *think* would get de-listed over time, but they wern't.
Do I just comment out the line below to disable CBL?

PHP Code:
    127.0.0.4 CBL   Composite Block List @ cbl.abuseat.org 
Also, does anyone have a test online proxy I can run through to make sure it's working correctly?
Reply With Quote
  #64  
Old 11-16-2005, 02:34 AM
TJFweb TJFweb is offline
 
Join Date: Dec 2001
Posts: 191
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't get this... For eoc_Jason's hack, do you just install the XML and that's it?

Is there any need to configure anything?

Thanks.
Reply With Quote
  #65  
Old 11-17-2005, 12:38 PM
clearchannel clearchannel is offline
 
Join Date: Nov 2001
Location: Ft Lauderdale, Florida
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by eoc_Jason
Or... Just use it for the test...

PHP Code:
if (THIS_SCRIPT=='register') { 
    
OPM_proxy_check(IPADDRESS); 

I have added this snippet of code right after

*********************************************/

and before:

if ($vbulletin->session->vars['OPM'] == 0) {

Would someone be so kind as to explain where I went wrong?

I only want to check for proxies during registration.

I also have a problem with a very reliable member, they can not access the forums with this hacked installed as a stock plugin. They sent me the following:

My IP address from home is blacklisted. It is my earthlink account.
Thanks in advance
Reply With Quote
  #66  
Old 11-20-2005, 09:59 AM
thalamus's Avatar
thalamus thalamus is offline
 
Join Date: Sep 2005
Location: UK
Posts: 66
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry if this has already been asked, but where can you put your own list of IPs? For instance, if I find IP addresses that are being used as open proxies but have not been listed at spamhaus, can I put these into my own file somewhere as a '2' value and, if so, does this go straight into the DB?
Reply With Quote
  #67  
Old 11-24-2005, 12:15 AM
TJFweb TJFweb is offline
 
Join Date: Dec 2001
Posts: 191
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by thalamus
Sorry if this has already been asked, but where can you put your own list of IPs? For instance, if I find IP addresses that are being used as open proxies but have not been listed at spamhaus, can I put these into my own file somewhere as a '2' value and, if so, does this go straight into the DB?
Please don't tell me that this hack has been abandoned already...

This could have been really big.
Reply With Quote
  #68  
Old 11-24-2005, 03:19 PM
clearchannel clearchannel is offline
 
Join Date: Nov 2001
Location: Ft Lauderdale, Florida
Posts: 100
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It appears it has. That's a shame, when security is more needed then ever.
Reply With Quote
  #69  
Old 11-25-2005, 07:28 AM
thalamus's Avatar
thalamus thalamus is offline
 
Join Date: Sep 2005
Location: UK
Posts: 66
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so I guess it means a little reverse engineering for this - has anyone else found a solution to adding unlisted IPs before I start to reinvent the wheel?
Reply With Quote
  #70  
Old 11-28-2005, 08:15 PM
eoc_Jason's Avatar
eoc_Jason eoc_Jason is offline
 
Join Date: Dec 2001
Location: Houston, TX
Posts: 493
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can blacklist IPs in the vB Options...

Otherwise to have it work smooth with the current RBL checks you could install a DNS server locally that can be used as a local RBL.

Or you could fudge it and create an array with the list of IPs, then do a second check to see if it's in_array() and if so set the flag to block them.

I would love to develop it further, but I just don't have the time with other projects. Some things you might want to consider changing is have the check run as a shutdown query or something, so that the user doesn't have to sit and wait and get impatient if the check doesn't run quickly.
Reply With Quote
  #71  
Old 12-12-2005, 06:11 PM
jayhawk785 jayhawk785 is offline
 
Join Date: Feb 2005
Location: Orlando
Posts: 27
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I know some people warned that on large sites this may cause problems. I'm here to say that is VERY true. My server loads were, on average, 1.00 across the board or less. After the board started picking up more and more members, and averaging more than 20 online at a time--the load was up to 4-8 (average). I couldn't think of what the problem was, i started blaming PHP and apache lol... but that wasn't it. Just keep this in the back of your mind if you use it. I removed it, and my load on the server and page load time - is back to normal:

Page generated in 0.28239 seconds with 17 queries [Server Loads: 0.37 0.40 : 0.76]
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:49 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.14888 seconds
  • Memory Usage 2,329KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (4)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete