Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Check Proxy RBL on New User Registration. Details »»
Check Proxy RBL on New User Registration.
Version: 4.1, by DaNIEL MeNTED DaNIEL MeNTED is offline
Developer Last Online: Jul 2014 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.6.2 Rating:
Released: 11-17-2006 Last Update: 12-21-2007 Installs: 282
Uses Plugins
 
No support by the author.

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
  1. Nothing, the registration continues as normal.
  2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
  3. Registration continues as normal, but the user is automatically permanently banned.
  4. Registration is blocked, an error message is displayed to the user.
Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?
  1. Create a user from which PMs, Posts, etc. will be generated.
  2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
  3. Install the attached product.
IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #72  
Old 12-19-2006, 06:51 PM
falter falter is offline
 
Join Date: Oct 2004
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DementedMindz View Post
yeah im looking at opm.tornevall.org now as they have a few on there too im reading about it here http://opm.tornevall.org/ cause say you go to http://anonymouse.org you can get right by all these things.
There might be political reasons why Anonymouse.org isn't listed in either of the ones that I use...I can't say for certain. opm.tornevall.org looks pretty good, actually. I think I might be adding it to my list, since it only deals with open proxies.

Also, ircbl.ahbl.org (http://www.ahbl.org/docs/ircbl.php) might work. Here's how AHBL describes it:
Quote:
This list contains only the proxy and DDoS drone data from our main list, without extras such as the Spam Sources list and Shoot On Sight.
My only concern is the inclusion of "DDoS drone data" ... this data is outside of the scope of an Open Proxy, so I'm a bit hesitant to make use of it.
Reply With Quote
  #73  
Old 12-19-2006, 07:01 PM
DementedMindz DementedMindz is offline
 
Join Date: Jan 2006
Posts: 1,474
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

yeah im going to try out opm.tornevall.org and see how it works out. yeah Anonymouse.org had me puzzled cause it gets right by everything. But ill be looking around today to see what I can come up with. as for ircbl.ahbl.org im going to look more info up on that one now also.
Reply With Quote
  #74  
Old 12-19-2006, 08:46 PM
sinisterpain's Avatar
sinisterpain sinisterpain is offline
 
Join Date: Feb 2006
Location: New Hampshire
Posts: 571
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I obviously do not wish to block out legit people, but as of the last few days we have had more than our usual registrations and most from third world countries.
These people would register than make a post pointing to either a trojan or some advertisement or both. We never had these issues till recent and as of right now most people who were refused registration from the RBL checker program were listed as big time spammers.
Reply With Quote
  #75  
Old 12-19-2006, 08:55 PM
falter falter is offline
 
Join Date: Oct 2004
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by sinisterpain View Post
I obviously do not wish to block out legit people, but as of the last few days we have had more than our usual registrations and most from third world countries.
These people would register than make a post pointing to either a trojan or some advertisement or both. We never had these issues till recent and as of right now most people who were refused registration from the RBL checker program were listed as big time spammers.
I'm confused, were the people who posted these things coming from the IPs that were listed as "big time spammers"? Or did you get several of these attacks, and then enabled this add-on and observed that people were registering from IPs of "big time spammers" ?

What were the IPs of the people who posted the ads/trojans?
What were the IPs of the spammers?
What BL's are you using?

My point in my earlier post was that people should be aware of what they are getting into when using the blacklists like they are.
Reply With Quote
  #76  
Old 12-19-2006, 09:08 PM
sinisterpain's Avatar
sinisterpain sinisterpain is offline
 
Join Date: Feb 2006
Location: New Hampshire
Posts: 571
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have been inundated recently with guest registering on our forum and the only purpose is to place spam on our board. I personally used spamhaus.org in the checker. But have reviewed the ips through dnsstuff.com and all the ip that were caught were listed as spammers and not small time either. I had one guy trying to register with a bogus email. One person registered and placed a link to trojan file which my antivirius flaged immediately and prompted me to remove the link from the board. Obviously I can not post IPs here but I will say that the person was comming out of Germany.

I will not just refuse people but to date the ones who have been caught are known spammers and I do check to make sure.
Reply With Quote
  #77  
Old 12-26-2006, 07:13 PM
Tom1234 Tom1234 is offline
 
Join Date: Sep 2003
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Forum post made by this mod says "This registration attempt has been allowed." even when it is set to not allow the registration.

I think you missed an "s":

if ($DM_rblcheck_allowreg == "0") {

should be:

if ($DM_rblcheck_allowregs == "0") {
Reply With Quote
  #78  
Old 12-29-2006, 01:18 AM
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Posts: 152
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

dang... you're right. Will upload a new file.
Reply With Quote
  #79  
Old 12-29-2006, 02:53 AM
Brew's Avatar
Brew Brew is offline
 
Join Date: Sep 2002
Posts: 359
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm not really sure this mod is working or not...but...

There is one thing I would like to see.

A way to add a warning on the registration page that users using a proxy will not be allowed to finish registration.

Thanks!

Brew
Reply With Quote
  #80  
Old 01-02-2007, 08:24 PM
sinisterpain's Avatar
sinisterpain sinisterpain is offline
 
Join Date: Feb 2006
Location: New Hampshire
Posts: 571
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the update on this, I was being overun with spamers and this hack caught about 95% of the problems before registration.
Reply With Quote
  #81  
Old 01-03-2007, 12:50 PM
Tom1234 Tom1234 is offline
 
Join Date: Sep 2003
Posts: 90
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I seem to be getting about 5 new threads created on each RBL match. I can't tell if the person registering is somehow looping through the registration process multiple times (like maybe they didn't enter all the required information and had to re-enter the form) or if it's a bug. They really shouldn't keep registering since I have it set to allow the registration attempt on RBL match. Since the timestamp of the posts often span a few minutes time, I suspect it is not a bug with this product.

Anyone else seeing this?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:56 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07969 seconds
  • Memory Usage 2,321KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete