Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Hostname or Useragent Registration Ban Details »
Hostname or Useragent Registration Ban
Mod Version: 1.0.3, by nhawk (Member) nhawk is offline
Developer Last Online: May 2020 I like it Show Printable Version Email this Page

This thread is in the Modification Graveyard.
vB Version: 4.1.5 Rating: (10 votes - 5.00 average) Installs: 72
Released: 24 Feb 2012 Last Update: 12 Dec 2013 Downloads: 286
Not Supported  

THIS ADD-ON IS NO LONGER AVAILABLE AND IS NOT SUPPORTED

This is an add-on that is designed with vBulletin 4.1.5. It may not work on earlier versions of vBulletin. It is known to be working on vB versions 3.8.7, 4.0.7 and 4.1.5 through 4.2.0. I don't know if it is compatable with all versions of vB or not.

On my site, I receive quite a few PMs asking me how I prevent spam from being posted there. While I can't release everything I use because some of it is server based (external from vBulletin), I can release one of the lines of defense that I use.

This mod allows you to ban Hostnames and Useragents from registering on your site.

If a hostname or useragent contains any of the words you specify and they are trying to register, they are presented with an error telling them they are forbidden from registering on your site. And no registration screen ever appears.

In the event the hostname is blank, a WHOIS can be performed to establish the identity of the system being used to register.

The 'External Content' pulled by this mod is only the WHOIS information when that is enabled.

WARNING: This mod has the potential of banning humans from registering. Choose what words you use carefully.

Personally, I am not very concerned about banning an occasional human from registering. So, from time to time my system may ban a human that uses an anonymous proxy.

NOTE: This mod has a 'Don't Ask, Don't Tell' clause. Please don't post telling people what words to ban. We don't need spammers getting around this mod by reading posts telling them what is being filtered.

REQUIREMENTS: In order for the WHOIS function used in this mod to work properly, your server must have OPENSSL installed.


* INSTALLATION *
---------------------
1) Upload the contents of the 'upload' folder to your forum's root.
(If your forum's location is http://www.example.com/forums/, the root is /forums/)

2) Import the product XML file (product-hostusercheck.xml) into the Product Manager in AdminCP.

3) Take some time to set the options in ACP->Settings->Options->Prevent Hostname or Useragent from Registering.

4) Be sure to turn on the mod when setting options in ACP->Settings->Options->Prevent Hostname or Useragent from Registering.



* History (Changelog) *
-----------------------------
1.0.3 (December 12, 2013)
- Fix hostname not being checked under certain circumstances.

1.0.2 (March 1, 2012)
- Fix error on registration page when Useragent or Hostname to ban is blank.

1.0.1 (February 24, 2012)
- Wrong hook being used for one of the plugins.

1.0.0 (January 22, 2012)
- Public Release

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
IP ban from registration only Hoth vBulletin 3.0 Full Releases 8 16 Sep 2005 22:42

  #76  
Old 21 Mar 2014, 20:52
nhawk nhawk is offline
 
Join Date: Jan 2011
As Max said, this add-on only triggers when someone tries to register. It doesn't prevent access to the site. It prevents registration.

So if securi attempted to register and either the hostname or useragent for the securi bot contained blocked information then the add-on did it's job. It blocked a registration, that's all. It didn't prevent access to the site.
Reply With Quote
  #77  
Old 21 Mar 2014, 20:53
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by ozzy47 View Post
That is a legit sucuri IP address.
Right, which means they are very likely infected and have some botnet zombie computers on their system. It's not at all unusual to see.

Point is, it has no business at all loading the register page or trying to register. This mod did its job.

And his site monitoring service is not blocked from the site. Just the register page, where it doesn't need to be.

I'd leave it.
Reply With Quote
  #78  
Old 21 Mar 2014, 20:56
nhawk nhawk is offline
 
Join Date: Jan 2011
Max I wish I could like your posts multiple times, but C'est la vie
Reply With Quote
  #79  
Old 21 Mar 2014, 20:57
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by nhawk View Post
Max I wish I could like your posts multiple times, but C'est la vie
Me too, Just tried liking another of yours haha.
Reply With Quote
  #80  
Old 21 Mar 2014, 21:55
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Real name: Doug
Originally Posted by nhawk View Post
Without seeing your list (please DON'T post that in public), I don't know why it would have banned them. If you want, send me your list via PM and I'll have a look.

The other thing that could be in your list that is associated with that IP is 'LINODE'.

And check your hostname list too. Something might be in there.
PM's you with list, which is the one Ozz recommended...

Regards,
Doug
Reply With Quote
  #81  
Old 21 Mar 2014, 22:13
nhawk nhawk is offline
 
Join Date: Jan 2011
Originally Posted by BadgerDog View Post
PM's you with list, which is the one Ozz recommended...

Regards,
Doug
LOL, this one was simple.

It's blocked because 'tor' is in the list (monitor5.securi.net). So it did it's job.

In either case, securi.net has no business accessing register.php, so the add-on did it's job.

It didn't ban securi from accessing the site, it just stopped it from registering.

So, re-enable the add-on.
Reply With Quote
  #82  
Old 21 Mar 2014, 22:16
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by nhawk View Post
LOL, this one was simple.

It's blocked because 'tor' is in the list (monitor5.securi.net). So it did it's job.

In either case, securi.net has no business accessing register.php, so the add-on did it's job.

It didn't ban securi from accessing the site, it just stopped it from registering.

So, re-enable the add-on.
And that is a oversight on my own part, since I compiled most of that list.

I'll be recommending "tor" be removed post haste. I think we have it covered with another definition anyway.
Reply With Quote
  #83  
Old 21 Mar 2014, 22:23
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Real name: Doug
Originally Posted by nhawk View Post
LOL, this one was simple.

It's blocked because 'tor' is in the list (monitor5.securi.net). So it did it's job.

In either case, securi.net has no business accessing register.php, so the add-on did it's job.

It didn't ban securi from accessing the site, it just stopped it from registering.

So, re-enable the add-on.
Unfortunately, Sucuri needs to access out site as it's a primary security monitor and does complete server scans every 1/2 hour...

Regards,
Doug
Reply With Quote
  #84  
Old 21 Mar 2014, 22:26
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Real name: Doug
Originally Posted by Max Taxable View Post
And that is a oversight on my own part, since I compiled most of that list.

I'll be recommending "tor" be removed post haste. I think we have it covered with another definition anyway.
Ok, I removed tor and have saved the mod and restarted it..

Thanks for all the help guys...

Regards,
Doug
Reply With Quote
  #85  
Old 21 Mar 2014, 22:30
nhawk nhawk is offline
 
Join Date: Jan 2011
Originally Posted by BadgerDog View Post
Unfortunately, Sucuri needs to access out site as it's a primary security monitor and does complete server scans every 1/2 hour...

Regards,
Doug
It can access the site. The add-on doesn't stop that. It just threw an error to it saying it can't register.
Reply With Quote
  #86  
Old 21 Mar 2014, 22:42
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by BadgerDog View Post
Unfortunately, Sucuri needs to access out site as it's a primary security monitor and does complete server scans every 1/2 hour...

Regards,
Doug
Once again... It does not and should not be trying to register. That is not part of its normal behavior.
Reply With Quote
  #87  
Old 21 Mar 2014, 22:42
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Real name: Doug
Originally Posted by nhawk View Post
It can access the site. The add-on doesn't stop that. It just threw an error to it saying it can't register.
Roger that ...

Thanks again...

Regards,
Doug
Reply With Quote
  #88  
Old 22 Mar 2014, 19:35
lazytown lazytown is offline
 
Join Date: Feb 2004
Originally Posted by ozzy47 View Post
TBH, I would just turn off the PM's, once you know the mod is working after sending you some PM's, there is no need for them, you know it is working, so turn them off.
I prefer to keep logs, but a log with dozens of PMS a day is unmanageable. See ask the recent posts above for an example of why you'd would to keep a record so that you can search if later (sucuri being blocked).
Reply With Quote
  #89  
Old 22 Mar 2014, 21:36
nhawk nhawk is offline
 
Join Date: Jan 2011
Originally Posted by lazytown View Post
I prefer to keep logs, but a log with dozens of PMS a day is unmanageable. See ask the recent posts above for an example of why you'd would to keep a record so that you can search if later (sucuri being blocked).
Securi was not blocked from the site. Nobody is blocked from the site with this mod. Securi was blocked from registering. There's a big difference.

http://www.vbulletin.org/forum/showp...7&postcount=86
Reply With Quote
  #90  
Old 23 Mar 2014, 16:39
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Ok just a follow up on the Sucuri situation.

Sucuri will scan your site with several different user-agents (including the one you mentioned).
During this scan, the bot will crawl through all links found in the site, and looks like it's hitting the registration link.

Sucuri will not follow the robots.txt directives. Since it tries to behave as a "real user" it'll ignore that file. The only way to do it would be creating a .htaccess file to redirect SiteCheck to a 404 or a different page when hitting those forms.

So you can add tor back to the list if you wish, and add this to your htaccess file.


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

That will stop Sucuri from hitting the registration trigger, and it is what they recommended to me.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.

Last edited by ozzy47; 23 Mar 2014 at 17:05.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 09:49.

Layout Options | Width: Wide Color: