Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
DNSBL/Open Proxy-Blocking Details »
DNSBL/Open Proxy-Blocking
Mod Version: 2.0.8, by TMM-TT (Member) TMM-TT is offline
Developer Last Online: May 2019 I like it Show Printable Version Email this Page

This modification is in the archives.
vB Version: 3.5.x Rating: (9 votes - 4.78 average) Installs: 279
Released: 15 Sep 2005 Last Update: 20 Sep 2008 Downloads: 370
Not Supported DB Changes Uses Plugins  

History

I've had some problems with abuse via open proxies for a time ago, and when we were banning abusers, they always found a new proxy to use and register new accounts with. Since this forum was a large type we could'nt just ban e-mails etc just like that, because this was leading to a very large amount of other banned users too.

At IRC, in the other hand, we had Open Proxy Monitors, that was banning everything that was blacklisted in some DNSBL-databases. No spammers had a chance to get in there as long they were listed in such database.

This is a plugin that blocks blacklisted hosts from some different DNSBL's. It uses the global_start-hook, a very simple handler for blocking proxies, and a vBphrase called OPM_Deny.


April 2006

The source has been rewritten a bit. The proxychecker is now using a cache that, by default, stores all ip's in a database for 6 hours. It scans some DNSBL's and can be configured to block proxies from bitmasks (defined in the plugin) which makes it a little bit more reliable, because it does'nt block everything it see).

Configuration is made from the plugin (hopefully there will be a nice admin interface in the future). Exceptions (ip's that can pass through this system even if it is a proxy) are also handled differently now.

// CHANGES
//
// 2008-09-20 (2.0.8)
//
// * Changed the routines for how to handle inclusion/exclusions
// * Splitted up plugins for 3.5/3.6 and 3.7
//
// 2007-08-05
//
// * Fixed reported bug, based on resolved hosts ending with 127
// * Changed database-tables to get rid of (hopefully) duplicate keys
// * Added resolver-function
// * Added two new block-methods available at the efnet-rbl
//
// 2006-06-28 (2.0.6/Another fix)
//
// * Proxyinclusions/exclusions didn't work properly
//
// 2006-06-28 (2.0.5/Fix only)
//
// * Fixed a bug in the $block-array that affected some of the blocking results
//
// 2006-06-28 (2.0.4)
//
// * opm.tornevall.org has a new entry for anonymizers, added support for this
// * Default value on "block everything detected" in plugin changed to "no"
//
// 2006-06-26 (2.0.3)
//
// * Created options for admincp (removed plugin-configuration)
// * Fixed a bit-bug for njabl
// * Plugin is now a function (rbl_livecheck) for external lookups
// * Added options for "only block on newuser-registrations"
//
// 2006-06-22 (2.0.3 RC)
//
// * The monitor is now a function
// * Added small compatibility with other plugins (with return)
//
// 2006-05-13
//
// * sorbs zones added (no bitmasking)
// * opm.blitzed.org removed
// * time() changed to TIMENOW
//
// 2006-04-21
// ==========
//
// * proxyinclusions
// quickly add own hosts that should be treated as a proxy
//


How does it work with other vBulletins?

This filter actually works with both 3.5 and 3.6, but for now, they will be separate versions, but for 3.5 and 3.6 you should look here and for 3.7 you should look here.


How to use the compatibility thing

If you have a plugin that you want to use together with the proxy monitor (only returns a value if a an ip-address is registered as a proxy or not) you can call the function rbl_livecheck like this (example):


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Report bugs if you find them...



Don't forget to install it

Download Now

Only licensed members can download files, Click Here for more information.

Addons

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Add-On Releases DNSBL, RBL - Open Proxy monitoring/blocking TMM-TT vBulletin 3.7 Add-ons 26 03 Feb 2011 19:43
Mini Mods Blocking Proxy Scams Hostboard vBulletin 3.7 Add-ons 10 26 Jun 2008 02:12

  #106  
Old 28 Jun 2006, 04:43
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by titter
Thanks! I was waiting for those 2 to be blocked :]
And now, it works better. Just found a bug in the $block-part, that should be fixed now..
Reply With Quote
  #107  
Old 28 Jun 2006, 06:07
titter's Avatar
titter titter is offline
 
Join Date: Sep 2005
haha another mod on my car site called me saying he couldnt get on ... he uses aol, im guessing its blocking those as well?
__________________
Justin
Reply With Quote
  #108  
Old 28 Jun 2006, 14:26
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by titter
haha another mod on my car site called me saying he couldnt get on ... he uses aol, im guessing its blocking those as well?
Only if it's registered in some of the RBLs listed.

It also depends on how the monitor is configured. I used to have more hosts in the list before but since some of the rbls fight e-mail spam and therefore blocks large dynamic ip ranges, I had to remove some of them. If the "Block everything" is set to yes, the monitor will also block everything, not matter how it's registered and that may in some cases include dynamic hosts. That's why block everything is set to no as default.

The phrase added in the product gives an address to www.tornevall.net/cgi-bin/ip.cgi where you can check which engine the ip is detected as blacklisted.


Edit:

This post made me look so inclusions/exclusions really worked properly. It didn't - the conversion from the old "plugin-configuration" made me forget a few things in the new versions. So there's a new update, again.


// 2006-06-28 (2.0.6/Another fix)
//
// * Proxyinclusions/exclusions didn't work properly

Last edited by TMM-TT; 28 Jun 2006 at 14:51.
Reply With Quote
  #109  
Old 07 Jul 2006, 07:27
GNDI's Avatar
GNDI GNDI is offline
 
Join Date: Jun 2005
Thanks the best usefull script I have seen for a long period of time.

Many other scripts are good to, but they are mostly "fun"
__________________
BSD

VIB-host
Reply With Quote
  #110  
Old 13 Aug 2006, 02:29
iTaLiAnBoY165 iTaLiAnBoY165 is offline
 
Join Date: Jan 2005
Hi i really need help fixing this error i get this in my email how do i fix

Database error in vBulletin 3.6.0:

Invalid SQL:
INSERT INTO proxycache (ip, listed, dateline) VALUES ('218.11.207.244', 1, 1155435828);

MySQL Error : Duplicate entry '218.11.207.244' for key 1 Error Number : 1062
Date : Saturday, August 12th 2006 @ 10:23:31 PM
Script : http:///forums/infraction.php?do=report&p=14975
Reply With Quote
  #111  
Old 26 Aug 2006, 22:43
Cyburbia's Avatar
Cyburbia Cyburbia is offline
 
Join Date: Feb 2002
Is there still a huge problem with false positives? Right now, I'm limiting the DNSBL to opm.tornevall.org, because it blocks Tor and many anonymizers.

EDIT: How does it affect the server load? I temporarily disabled it, because when it was activated my load average rose by quite a bit. Maybe it was a coincidence.
__________________
Cyburbia | urban planning community
http://www.cyburbia.org/forums

Last edited by Cyburbia; 26 Aug 2006 at 23:10.
Reply With Quote
  #112  
Old 28 Aug 2006, 10:28
thedvs thedvs is offline
 
Join Date: May 2002
Heh, I've done something wrong when installing and now I can't get into the admincp as its seeing my normal isp ip as a proxy. I'm locked out any suggestions please...
Reply With Quote
  #113  
Old 28 Aug 2006, 10:51
GNDI's Avatar
GNDI GNDI is offline
 
Join Date: Jun 2005
hehe clean your system and secure it. Go to the dnsrbl list and get removed, then login
__________________
BSD

VIB-host
Reply With Quote
  #114  
Old 28 Aug 2006, 11:07
thedvs thedvs is offline
 
Join Date: May 2002
Thats not helpful at all, as my ip is dynamic...
Reply With Quote
  #115  
Old 01 Sep 2006, 11:11
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Has anyone heard about relakks, the anonymous VPN (some swedish piracy sites has been writing about this, because it makes filesharing more secure)? I've been thinking a while on how this network opens for new abuse-methods into forums, so I decided (yesterday) to add a bunch of completely new entries (65025 ips) into tornevall.org's RBL-database as a preparation for the future. I haven't been testing this with this product yet, but I think adding relakks.tornevall.org into the RBL-list might work, if you'd like to block the Relakks network. I've added this system on another subdomain so this shouldn't interfere with opm.tornevall.org.
Reply With Quote
  #116  
Old 05 Sep 2006, 14:32
Chadi's Avatar
Chadi Chadi is offline
 
Join Date: May 2004
I get a lot of these each day, maybe a dozen but various IP's.

Is this normal?

Database error in vBulletin:

Invalid SQL:
INSERT INTO proxycache (ip, listed, dateline) VALUES ('81.153.88.1', 0, 1157465418);

MySQL Error : Duplicate entry '81.153.88.1' for key 1 Error Number : 1062
Date : Tuesday, September 5th 2006 @ 09:10:20 AM
Script : http://www.talkjesus.com//login.php
Referrer :
IP Address : 81.153.88.1
Username : Unregistered
Classname : vb_database
__________________
...............................
Talk Jesus Forums: Christian Chat
games . chat . gallery . bible . videos
Reply With Quote
  #117  
Old 07 Sep 2006, 12:43
Chadi's Avatar
Chadi Chadi is offline
 
Join Date: May 2004
Can someone please help out? Still getting these errors

Even some that show as no proxy?
http://www.dnsstuff.com/tools/city.ch?ip=68.34.123.100
__________________
...............................
Talk Jesus Forums: Christian Chat
games . chat . gallery . bible . videos
Reply With Quote
  #118  
Old 07 Sep 2006, 13:47
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by chadi
Can someone please help out? Still getting these errors
Can you check if ip-field in the the proxycache is set as a key? If not, this might cause problems wipe dupe keys. An alternative can be to optimize/repair the table.

I've also noticed that the proxydb can't handle ipv6 properly. Maybe thats something to look at.


Originally Posted by chadi
Doesn't it show up as proxy? What do you mean?

http://www.tornevall.net/cgi-bin/ip.cgi says:


REMOTE_ADDR 68.34.123.100

cbl.abuseat.org => unlisted
dnsbl.njabl.org => unlisted
dnsbl.ahbl.org => unlisted
rbl.efnet.org => unlisted
http.dnsbl.sorbs.net => unlisted
socks.dnsbl.sorbs.net => unlisted
misc.dnsbl.sorbs.net => unlisted
opm.tornevall.org => unlisted
relakks.tornevall.org => unlisted
Reply With Quote
  #119  
Old 13 Sep 2006, 22:09
Loony BoB's Avatar
Loony BoB Loony BoB is offline
 
Join Date: Mar 2004
This may sound dumb, but how do you check using tornevall.net? I can't see anywhere to put in an IP address.
Reply With Quote
  #120  
Old 14 Sep 2006, 08:18
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by Loony BoB
This may sound dumb, but how do you check using tornevall.net? I can't see anywhere to put in an IP address.

I never added a field for doing that because of the risk of spam (like bruteforcetesting networks), but http://www.tornevall.net/cgi-bin/ip.cgi?q=<ip> should work.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 06:02.

Layout Options | Width: Wide Color: