[Simon Lloyd]

I did for the link and it parsed ok

[Simon Lloyd]

Any ideas why this one has been blocked:

Header
POST /forumz/login.php?do=login HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: bb2_screener_=1304316965+216.67.121.73; bb2_screener_=1304476965+74.124.89.49; tccsessionhash=ac18ec200b202084e3f43421bfd41ebd; vbet_sessionUsed=1; __utmc=118899148; __utma=118899148.893063458.1303547625.1304477337.1304569993.33; __utmz=118899148.1304317329.30.5.utmcsr=thecodecage.com|utmccn=(referral)|utmcmd =referral|utmcct=/; __utmv=118899148.usergroup-1-Unregistered%20%2F%20Not%20Logged%20In; tcclastvisit=1303548761; tcclastactivity=0; __utmb=118899148.2.10.1304569993; tccsessionhash=a0bc27efc24ca21550367fd6d71b19c8; tccthread_lastview=f7b50b30415971c4d96c712d31d24b27503a8bc1a-1-%7Bi-208810_i-1304249678_%7D; HESK=19ea9b13f1cc8ca4ffd7e262f37d54f0; tcclastvisit=1303548761; tcclastactivity=0; tccuserlgv=2
Host: www.thecodecage.com
Referer: http://thecodecage.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
KEY
b40c8ddc
User Agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
METHOD
POST
URI
forumz/login.php?do=login
ENTITY
vb_login_username: XxXxX
vb_login_password:
s:
securitytoken: guest
do: login
vb_login_md5password: 7327xxxxxxxxxxxxxxxxxxxxxxxxxxxb90
vb_login_md5password_utf: 7327xxxxxxxxxxxxxxxxxxxxxxxxxb90
ajax: 0

It's a genuine user who has tried from 2 different IP's but still gets blocked.

[Eric]

Originally Posted by Simon Lloyd

Any ideas why this one has been blocked:It's a genuine user who has tried from 2 different IP's but still gets blocked.

That appears to be the POST/GET error. Can you verify that the mod is injecting the javascript from BB into your header? If I'm not mistaken, that not being present can help lead to this error.

[Eric]

Alfa, could you go into more detail on this please? http://trac.assembla.com/vb-bad-behavior/ticket/8

EDIT: and http://trac.assembla.com/vb-bad-beha...t/12#comment:1

[Alfa1]

I do not seem to have commenting or editing functionality on trac. So here goes:

Send registered member explanation how to resolve blacklisting
Yes, an email would be more effective than a PM.

Trace IP directly from the log.
In the log hotlink the IP of the user. The link should point to a whois for the user. For example /admincp/usertools.php?do=gethost&ip=xx.xx.xx.xx
Or a better whois service like http://who.is/whois-ip/ip-address/xx.xx.xx.xx/

Alert the admin which members have been blocked by BB and why.

Originally Posted by Eric

For sites with a lot of traffic, sending a notification such as this by PM may be overkill - then again, not sure what other option would be available.

Such notification should be sent max once per X days and should list all blocked members since the last notification.
It would be useful to include some additional information like join date, post count and usergroup of the member. This makes it easier to see if the user is a legitimate user.

[Alfa1]

I am having no success with adding these bots to my blacklist:
Alexa
Artabus
BoardPulse
Deepnet Explorer
Radian6 FeedFetcher
Wget

Cna someone tell me what exactly I need to add to my blacklist.inc?

I see that adding 'Alexa' to my blacklist also blocks users with the alexa toolbar. It seems to me that if I want to allow users with the alexa toolbar installed, I will not be able to block the alexa crawler?

[tpearl5]

In less than a day my log is already over 5,000 entries! A lot of them are "Required header 'Accept' missing". I've had one member report seeing strange errors, but I can't pinpoint the user in the logs.

I think an IP search for the logs may be a useful addition.

[Alfa1]

Originally Posted by Alfa1

I am having no success with adding these bots to my blacklist:
Alexa
Artabus
BoardPulse
Deepnet Explorer
Radian6 FeedFetcher
Wget

Cna someone tell me what exactly I need to add to my blacklist.inc?

I see that adding 'Alexa' to my blacklist also blocks users with the alexa toolbar. It seems to me that if I want to allow users with the alexa toolbar installed, I will not be able to block the alexa crawler?

I see that alexa, deepnet explorer, radian6 feedfetcher and wget do get blocked, but are also listed on my spiders who visited list. Should that be?

[Simon Lloyd]

Originally Posted by Eric

That appears to be the POST/GET error. Can you verify that the mod is injecting the javascript from BB into your header? If I'm not mistaken, that not being present can help lead to this error.

Eric i'd love to confirm this .....could you tell me how?

[Simon Lloyd]

ahh, just going to www.thecodecage.com/forumz and right click view source shows

<script type="text/javascript">
<!--
function bb2_addLoadEvent(func) {
var oldonload = window.onload;
if (typeof window.onload != 'function') {
window.onload = func;
} else {
window.onload = function() {
oldonload();
func();
}
}
}

bb2_addLoadEvent(function() {
for ( i=0; i < document.forms.length; i++ ) {
if (document.forms[i].method == 'post') {
var myElement = document.createElement('input');
myElement.setAttribute('type', 'hidden');
myElement.name = 'bb2_screener_';
myElement.value = '1304785371 2.127.13.238';
document.forms[i].appendChild(myElement);
}
}
});
// --></script>

is this what you meant?

[Lee G]

Just checked my logs and another google bot got caught

User agent
Mozilla/5.0 (en-us) AppleWebKit/525.13 (KHTML, like Gecko; Google Web Preview) Version/3.1 Safari/525.13

ip
66.249.82.129

Full ip range
66.249.64.0/19

And another google ip range for google to whitelist
64.233.160.0/19

Bot from ip 64.233.172.18 got caught

[Simon Lloyd]

Hi, i've whitelisted the users IP(s) but they are still being blocked "Post more than two days after Get" here's the header

POST /forumz/login.php?do=login HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: bb2_screener_=1304316965+216.67.121.73; bb2_screener_=1304647462+74.124.87.161; tccsessionhash=62a00b28d319ba412c2ffd704b22a856; vbet_sessionUsed=1; __utmc=118899148; __utma=118899148.893063458.1303547625.1304569993.1304647832.34; __utmz=118899148.1304317329.30.5.utmcsr=thecodecage.com|utmccn=(referral)|utmcmd =referral|utmcct=/; __utmv=118899148.usergroup-1-Unregistered%20%2F%20Not%20Logged%20In; tcclastvisit=1303548761; tcclastactivity=0; tccsessionhash=eea70a6bbfea2bdd00a4029b51c8e209; tccthread_lastview=f7b50b30415971c4d96c712d31d24b27503a8bc1a-1-%7Bi-208810_i-1304249678_%7D; HESK=19ea9b13f1cc8ca4ffd7e262f37d54f0; tcclastvisit=1303548761; tcclastactivity=0; tccuserlgv=2
Host: www.thecodecage.com
Referer: http://thecodecage.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

I do notice two differences in IP (one reversed), am i right? i dont understand anything of the above so im guessing but i thought there may be a problem here

Cookie: bb2_screener_=1304316965+216.67.121.73; bb2_screener_=1304647462+74.124.87.161;

[Eric]

Originally Posted by Simon Lloyd

Hi, i've whitelisted the users IP(s) but they are still being blocked "Post more than two days after Get" here's the headerI do notice two differences in IP (one reversed), am i right? i dont understand anything of the above so im guessing but i thought there may be a problem here

Two different IP's - have the user delete their cookies and see if it still happens.

[Eric]

Originally Posted by Alfa1

I see that alexa, deepnet explorer, radian6 feedfetcher and wget do get blocked, but are also listed on my spiders who visited list. Should that be?

It's possible they are picked up as spiders visited before BB is ran.

[Eric]

Originally Posted by Lee G

Just checked my logs and another google bot got caught

User agent
Mozilla/5.0 (en-us) AppleWebKit/525.13 (KHTML, like Gecko; Google Web Preview) Version/3.1 Safari/525.13

ip
66.249.82.129

Full ip range
66.249.64.0/19

And another google ip range for google to whitelist
64.233.160.0/19

Bot from ip 64.233.172.18 got caught

Hmm. Will add those to the default list.