Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
DNSBL/Open Proxy-Blocking Details »
DNSBL/Open Proxy-Blocking
Mod Version: 2.0.8, by TMM-TT (Member) TMM-TT is offline
Developer Last Online: May 2019 I like it Show Printable Version Email this Page

This modification is in the archives.
vB Version: 3.5.x Rating: (9 votes - 4.78 average) Installs: 279
Released: 15 Sep 2005 Last Update: 20 Sep 2008 Downloads: 370
Not Supported DB Changes Uses Plugins  

History

I've had some problems with abuse via open proxies for a time ago, and when we were banning abusers, they always found a new proxy to use and register new accounts with. Since this forum was a large type we could'nt just ban e-mails etc just like that, because this was leading to a very large amount of other banned users too.

At IRC, in the other hand, we had Open Proxy Monitors, that was banning everything that was blacklisted in some DNSBL-databases. No spammers had a chance to get in there as long they were listed in such database.

This is a plugin that blocks blacklisted hosts from some different DNSBL's. It uses the global_start-hook, a very simple handler for blocking proxies, and a vBphrase called OPM_Deny.


April 2006

The source has been rewritten a bit. The proxychecker is now using a cache that, by default, stores all ip's in a database for 6 hours. It scans some DNSBL's and can be configured to block proxies from bitmasks (defined in the plugin) which makes it a little bit more reliable, because it does'nt block everything it see).

Configuration is made from the plugin (hopefully there will be a nice admin interface in the future). Exceptions (ip's that can pass through this system even if it is a proxy) are also handled differently now.

// CHANGES
//
// 2008-09-20 (2.0.8)
//
// * Changed the routines for how to handle inclusion/exclusions
// * Splitted up plugins for 3.5/3.6 and 3.7
//
// 2007-08-05
//
// * Fixed reported bug, based on resolved hosts ending with 127
// * Changed database-tables to get rid of (hopefully) duplicate keys
// * Added resolver-function
// * Added two new block-methods available at the efnet-rbl
//
// 2006-06-28 (2.0.6/Another fix)
//
// * Proxyinclusions/exclusions didn't work properly
//
// 2006-06-28 (2.0.5/Fix only)
//
// * Fixed a bug in the $block-array that affected some of the blocking results
//
// 2006-06-28 (2.0.4)
//
// * opm.tornevall.org has a new entry for anonymizers, added support for this
// * Default value on "block everything detected" in plugin changed to "no"
//
// 2006-06-26 (2.0.3)
//
// * Created options for admincp (removed plugin-configuration)
// * Fixed a bit-bug for njabl
// * Plugin is now a function (rbl_livecheck) for external lookups
// * Added options for "only block on newuser-registrations"
//
// 2006-06-22 (2.0.3 RC)
//
// * The monitor is now a function
// * Added small compatibility with other plugins (with return)
//
// 2006-05-13
//
// * sorbs zones added (no bitmasking)
// * opm.blitzed.org removed
// * time() changed to TIMENOW
//
// 2006-04-21
// ==========
//
// * proxyinclusions
// quickly add own hosts that should be treated as a proxy
//


How does it work with other vBulletins?

This filter actually works with both 3.5 and 3.6, but for now, they will be separate versions, but for 3.5 and 3.6 you should look here and for 3.7 you should look here.


How to use the compatibility thing

If you have a plugin that you want to use together with the proxy monitor (only returns a value if a an ip-address is registered as a proxy or not) you can call the function rbl_livecheck like this (example):


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Report bugs if you find them...



Don't forget to install it

Download Now

Only licensed members can download files, Click Here for more information.

Addons

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Add-On Releases DNSBL, RBL - Open Proxy monitoring/blocking TMM-TT vBulletin 3.7 Add-ons 26 03 Feb 2011 19:43
Mini Mods Blocking Proxy Scams Hostboard vBulletin 3.7 Add-ons 10 26 Jun 2008 02:12

  #121  
Old 15 Sep 2006, 10:44
Loony BoB's Avatar
Loony BoB Loony BoB is offline
 
Join Date: Mar 2004
Questions from a techy admin at my forums:

Is there an option to only scan users when logging on/are logged on, to reduce the amount of scanning even further?
Also, can it log anywhere whenever it does detect someone trying to use a proxy in case we need to troubleshoot a false positive or something?
And what sort of error message does someone detected as an open proxy receive?
Reply With Quote
  #122  
Old 17 Sep 2006, 19:04
Chadi's Avatar
Chadi Chadi is offline
 
Join Date: May 2004
Where is "ip-field" to check if its set as key or not? If it is set as key, what should I do then?
__________________
...............................
Talk Jesus Forums: Christian Chat
games . chat . gallery . bible . videos
Reply With Quote
  #123  
Old 19 Sep 2006, 10:50
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Sorry for the delayed answer.. :cry:

Originally Posted by chadi
Where is "ip-field" to check if its set as key or not? If it is set as key, what should I do then?

The table is called proxycache and the field 'ip'.

If the key is missing, this command to the sql should fix it:

ALTER TABLE proxycache ADD PRIMARY KEY(`ip`);
Reply With Quote
  #124  
Old 19 Sep 2006, 21:06
Chadi's Avatar
Chadi Chadi is offline
 
Join Date: May 2004
field "ip" is already there..what to do now?
__________________
...............................
Talk Jesus Forums: Christian Chat
games . chat . gallery . bible . videos
Reply With Quote
  #125  
Old 19 Sep 2006, 21:59
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by chadi
field "ip" is already there..what to do now?
Can you see if it has a primary key?
If you think it hasn't, try the command I gave before -
ALTER TABLE proxycache ADD PRIMARY KEY(`ip`);

Hopefully, that'll help..If not, you can try to reinstall the product or use...
OPTIMIZE TABLE proxycache
alt.
REPAIR TABLE proxycache

...instead
Reply With Quote
  #126  
Old 19 Sep 2006, 23:17
venomx's Avatar
venomx venomx is offline
 
Join Date: Apr 2002
I would like one like this that used the list from http://www.ahbl.org/docs/ircbl.php

Also would be nice to have one that checked the URLS people put it their posts and blcok them if they are listed on lists we select.
__________________
TopDollarMall
Reply With Quote
  #127  
Old 20 Sep 2006, 09:29
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by venomx
I would like one like this that used the list from http://www.ahbl.org/docs/ircbl.php
If you want the standard support, just add ircbl.ahbl.org to the DNSBL list in the configuration (attached example). I'll try add specific support for it in the next version.



Originally Posted by venomx
Also would be nice to have one that checked the URLS people put it their posts and blcok them if they are listed on lists we select.
Do you mean like if someone posts www.freeporn.com into the forum, that post should be blocked if it's listed in the BL?
Attached Images
File Type: jpg ircbl.jpg (51.5 KB, 25 views)
Reply With Quote
  #128  
Old 22 Sep 2006, 07:02
Loony BoB's Avatar
Loony BoB Loony BoB is offline
 
Join Date: Mar 2004
Originally Posted by Loony BoB
Questions from a techy admin at my forums:

Is there an option to only scan users when logging on/are logged on, to reduce the amount of scanning even further?
Also, can it log anywhere whenever it does detect someone trying to use a proxy in case we need to troubleshoot a false positive or something?
And what sort of error message does someone detected as an open proxy receive?
Any chance of an answer to these questions? I need to know before we can go ahead with implementing this on our forums. Thanks in advance.
Reply With Quote
  #129  
Old 22 Sep 2006, 07:50
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by Loony BoB
Any chance of an answer to these questions? I need to know before we can go ahead with implementing this on our forums. Thanks in advance.
There is no option for that yet, but can be fixed.

Do you want it to work with the login.php-script only, and if a userid is equal to a logged in user?
Reply With Quote
  #130  
Old 26 Sep 2006, 13:57
Loony BoB's Avatar
Loony BoB Loony BoB is offline
 
Join Date: Mar 2004
That sounds good - If my techy has other thoughts I'll be sure to post them.

Also, is there any chance of knowledge on the second two questions?

Thanks once again for all your help.
Reply With Quote
  #131  
Old 26 Sep 2006, 15:31
pzykotic pzykotic is offline
 
Join Date: Sep 2006
I just installed this on my forum and it blocked me. I'm using Optimum Online at home and a leased line from VERIO at work. No clue why both are blocked as proxies. Any thoughts?
Reply With Quote
  #132  
Old 26 Sep 2006, 16:15
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by pzykotic
I just installed this on my forum and it blocked me. I'm using Optimum Online at home and a leased line from VERIO at work. No clue why both are blocked as proxies. Any thoughts?
If you can't log in to your forum, enter

define(DISABLE_HOOKS, 1);

to your config.php so you can disable the blocker while you're investigating...

Then check www.tornevall.net/cgi-bin/ip.cgi if that page says where you might be blacklisted (I just wrote a FAQ about the blacklist part).

You can also add your ip into the configuration under "Exclude from monitor". Then it won't block you.

It looks like there's a few problems with proxyblocking on admins. I'll take a look on some solutions on this. Maybe a function for "only look for logged in" users, so you have a chance to login before getting blocked.
Reply With Quote
  #133  
Old 27 Sep 2006, 09:26
Loony BoB's Avatar
Loony BoB Loony BoB is offline
 
Join Date: Mar 2004
My techy's response...

Originally Posted by cl_out


Checking on logging in only wouldn't be good enough, especially if you tell your browser to "remember" to be logged in via cookies - you could even log in normally, then hop over to a proxy Checking whenever the user isn't a guest is good Of course, an option to only check when the user tries to post/PM/other database-changing function might be better than for every page request, but that's not important at the moment

I can always find out the answer to the error message question I asked by myself if we implement it, having access to multiple IP addresses simultaneously to post from I suppose the logging bit isn't that important right now either since I now noticed it says it caches IPs for a few hours, since we can then use an SQL query instead on the cache table, though it would be nice if with the IP it stored the username that attempted to connect from it in there as well
Reply With Quote
  #134  
Old 27 Sep 2006, 10:13
TMM-TT's Avatar
TMM-TT TMM-TT is offline
 
Join Date: Jun 2005
Real name: Tomas
Originally Posted by Loony BoB
My techy's response...
tell your browser to "remember" to be logged in via cookies - you could even log in normally, then hop over to a proxy

How about something like this?

Let's say someone is logging into a forum in the normal way. After this, he switch to a proxy. The RBL checks if there's any changes from the last activity (with a limit of like 10 minutes so we're sure we don't block all dynamic users - besides, it should only look after proxys anyway, so that might not interfere with normal activity), and if the new ip is detected as a proxy, the users again gets blocked...
Reply With Quote
  #135  
Old 03 Oct 2006, 21:00
Loony BoB's Avatar
Loony BoB Loony BoB is offline
 
Join Date: Mar 2004
I've passed that on to my techy again. He's constantly going on about how it should include usernames in the proxycache at the moment... don't know if that's something you can do?

On a sidenote, is there any way for me to do a check on an IP to see if it is really an open proxy? I know there are sites that will check my own PC, but I'm not sure if there are sites that allow me to check other people's IPs. This would help me be reasonable when dealing with people who have complained that they can no longer get in.

PS. I have to say, you're definitely one of the more helpful guys I've experienced at these kind of boards. Thanks for your continuing assistance!

EDIT: Here's the response from our techy after quoting you to him...

Originally Posted by cl_out
Yeah, I saw that post, but I thought that's how it worked anyway? I thought it checked if the user's IP is in the database, it uses that data. Then if the user hops to a proxy (or changes IP address because he's dynamic), obviously his IP will be different so I thought it would check again anyway? I didn't know it cached if the user was clean, then it remembers the user, regardless of his IP address.

I originally mentioned the possibility of the address changing in context of if you only checked when the user logs on rather than all the time like it currently does, which wouldn't be when you want to check anyway. When I asked about only checking for users logging on/are logged on, I should have made it clearer by saying we don't care to check guests (or spiders) if they're using a proxy or not, since they can't post anyway, hence only continuously checking actual users logged in
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 01:35.

Layout Options | Width: Wide Color: