Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Check Proxy RBL on New User Registration. Details »
Check Proxy RBL on New User Registration.
Mod Version: 4.1, by DaNIEL MeNTED (Member) DaNIEL MeNTED is offline
Developer Last Online: Jul 2014 I like it Show Printable Version Email this Page

This modification is in the archives.
vB Version: 3.6.2 Rating: (23 votes - 4.65 average) Installs: 280
Released: 18 Nov 2006 Last Update: 22 Dec 2007 Downloads: 1231
Not Supported Uses Plugins  

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
  1. Nothing, the registration continues as normal.
  2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
  3. Registration continues as normal, but the user is automatically permanently banned.
  4. Registration is blocked, an error message is displayed to the user.
Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?
  1. Create a user from which PMs, Posts, etc. will be generated.
  2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
  3. Install the attached product.
IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

Download Now

Only licensed members can download files, Click Here for more information.

Supporters / CoAuthors

Screenshots

Click image for larger version

Name:	dm_rblcheck_setting1.jpg
Views:	1256
Size:	104.6 KB
ID:	63002   Click image for larger version

Name:	dm_rblcheck_setting2.jpg
Views:	812
Size:	80.1 KB
ID:	63003   Click image for larger version

Name:	dm_rblcheck_setting3.jpg
Views:	693
Size:	31.0 KB
ID:	63004  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
  #46  
Old 15 Dec 2006, 01:34
falter falter is offline
 
Join Date: Oct 2004
Originally Posted by DementedMindz View Post
ok so you just added them to the Target RBL also is there suppose to be a space between each or a line break?
I did put them in the Target RBL with a newline between each one.

So, for me, it's as follows:

http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
Reply With Quote
  #47  
Old 15 Dec 2006, 01:40
falter falter is offline
 
Join Date: Oct 2004
alternatively, you can use:
proxies.dnsbl.sorbs.net

which points to all three of those systems (it'd also mean one query as opposed to three).
Reply With Quote
  #48  
Old 15 Dec 2006, 01:42
DementedMindz DementedMindz is offline
 
Join Date: Jan 2006
yeah my main thing that i really want to block is anonymous proxys as well as other proxies too. hopefully this will work in doing that. im going to try and test it out and see. cause i have another script in thats suppose to only work on proxies but anonymous get right by it.
Reply With Quote
  #49  
Old 15 Dec 2006, 02:42
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Originally Posted by DementedMindz View Post
ok so you just added them to the Target RBL also is there suppose to be a space between each or a line break? also check out http://www.us.sorbs.net/using.shtml#largesites for more options it seems
One on each new line...

Originally Posted by falter View Post
alternatively, you can use:
proxies.dnsbl.sorbs.net

which points to all three of those systems (it'd also mean one query as opposed to three).
Hmmm... I'll look into SORBS, I might make it the default.
Reply With Quote
  #50  
Old 15 Dec 2006, 02:58
DementedMindz DementedMindz is offline
 
Join Date: Jan 2006
ok so is that just going to block all proxies with proxies.dnsbl.sorbs.net and also is there any way at all to block anonymous proxies?
Reply With Quote
  #51  
Old 15 Dec 2006, 04:20
falter falter is offline
 
Join Date: Oct 2004
Operationally, there is no difference between any proxy and one that puports to be an anonymous proxy. All that an anonymous proxy is is one that strips out any data that might be used to track back to the proxy user (often cookies, common server headers, etc).

To answer your question, proxies.dnsbl.sorbs.net will block all proxies registered with it, anonymous or not. Now, it's possible that your understanding of what an anonymous proxy is might be different than that of mine, but I can assure you that they aren't any sort of special beast that is hard to slay. They're just proxy servers.
Reply With Quote
  #52  
Old 15 Dec 2006, 04:26
DementedMindz DementedMindz is offline
 
Join Date: Jan 2006
ok well for example i have that in there but say you go to this site. http://anonymouse.org/anonwww.html try to register on your site with a new name i bet it works. I havent found a way to block these sort of sites yet cause they dont seem to pass the http variables.
Reply With Quote
  #53  
Old 15 Dec 2006, 10:43
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Originally Posted by DementedMindz View Post
ok well for example i have that in there but say you go to this site. http://anonymouse.org/anonwww.html try to register on your site with a new name i bet it works. I havent found a way to block these sort of sites yet cause they dont seem to pass the http variables.
The problem with that is that a large number of web "anonymizers" don't get added to RBLs. Whether or not they should is a matter for debate. You'll notice there is a section for known anonymizers/proxies and I have added the IPs of a number of "free anonymous hosting" sites...

I may look at building a "report an IP" function into my next release so I can build on the list of proxies that get past the RBL.
Reply With Quote
  #54  
Old 15 Dec 2006, 16:30
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Another method of configuring the RBL checker would be to do the following -

1) Create a new user group based on whatever group your "registered users" end up in and call it "Possible Trolls".
2) Set RBL Checker to allow registration but "autoban" user into the "possible troll" group.

You can now watch these users a little more closely - and if satisfied they're not trolls you can move them to your registered users group.
Reply With Quote
  #55  
Old 17 Dec 2006, 16:10
sinisterpain's Avatar
sinisterpain sinisterpain is offline
 
Join Date: Feb 2006
Real name: Glenn
I have added this to my board but It doesnt appear to work I had a user who is on the sbl-xbl.spamhaus.org list but he was not blocked. I check the that the plugin was active, settings were good. Any ideas why this would occur.
__________________

My vBulletin Mods
Reply With Quote
  #56  
Old 17 Dec 2006, 16:27
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
You are correct ... I had tested everything was working but then cleaned up some variable names to standardize all the variables I use in the product and managed to misname one of the variables used in the RBL checking part of the code. Please download and install 3.1 - tha pronblem is fixed and I've also changed the error message for RBL blocked users to include the name of the RBL doing the check (over time this should let people prune the list of RBLs they use down to the most effective one.)

Also - doing some tests with lists of free anonymous proxies and it looks like dnsbl.ahbl.org blocks the most IPs (checking on dnsstuff.com) the only problem is that www.ahbl.org has NO information so I'm not willing to make it the default or use it on my production forum.

Once I can get some information on it I may make it the default - certainly it reports all the open proxies as being such using DNS stuff.

Thanks for pointing out the RBL check wasn't working SinisterPain...

Last edited by DaNIEL MeNTED; 17 Dec 2006 at 17:17. Reason: found the problem...
Reply With Quote
  #57  
Old 17 Dec 2006, 18:08
sinisterpain's Avatar
sinisterpain sinisterpain is offline
 
Join Date: Feb 2006
Real name: Glenn
Thanks for the update, as I have been overwhelmed recently with spammers.
__________________

My vBulletin Mods
Reply With Quote
  #58  
Old 17 Dec 2006, 21:12
sinisterpain's Avatar
sinisterpain sinisterpain is offline
 
Join Date: Feb 2006
Real name: Glenn
might wanna check it again cause its not working still atleast for me

It seemed to work fine now just got my first bust
__________________

My vBulletin Mods

Last edited by sinisterpain; 18 Dec 2006 at 02:09. Reason: fixed:
Reply With Quote
  #59  
Old 18 Dec 2006, 11:44
DaNIEL MeNTED DaNIEL MeNTED is offline
 
Join Date: Sep 2006
Which proxy are you using for testing? Works for me with any anonymous proxy I found using a combination of spamhaus.org and ahbl.org I blocked all attempts from anonymous proxies.
Reply With Quote
  #60  
Old 18 Dec 2006, 22:32
sinisterpain's Avatar
sinisterpain sinisterpain is offline
 
Join Date: Feb 2006
Real name: Glenn
Originally Posted by DaNIEL MeNTED View Post
Which proxy are you using for testing? Works for me with any anonymous proxy I found using a combination of spamhaus.org and ahbl.org I blocked all attempts from anonymous proxies.
Sorry I edited my post above, to say it did work any thank you for this great mod.
__________________

My vBulletin Mods
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 22:08.

Layout Options | Width: Wide Color: