Go Back   vBulletin.org Forum / vBulletin Modifications / Archive / vB.org Archives / vBulletin 3.6 / vBulletin 3.6 Add-ons
Reload this Page

Miscellaneous Hacks - Check Proxy RBL on New User Registration.

Register Members List Search Today's Posts Mark Forums Read

Reply
Page 1 of 18 1 23411 Last »
 
Mod Options
Check Proxy RBL on New User Registration. Details »
Check Proxy RBL on New User Registration.
Mod Information
The Developer
 
Mod Version: 4.1, by DaNIEL MeNTED (Member) DaNIEL MeNTED is offline
Developer Last Online: Jul 2014 I like it Show Printable Version Email this Page
This modification is in the archives.
vB Version: 3.6.2 Rating: (23 votes - 4.65 average) Installs: 281
Released: 18 Nov 2006 Last Update: 22 Dec 2007 Downloads: 1253
Not Supported Uses Plugins  

Check Proxy RBL on New User Registration Version 4.1

Version 4.1 includes remains unchanged from version 4.0 with the exception of a code fix to deal with an SQL injection security hole in the code.

What does this hack do?

Hooking in at register_addmember_process and register_addmember_complete this hack compares the IP address of the person registering with the Realtime Block List(s) of your choice. Based on your configuration the RBL Checker will then perform one of these actions:
  1. Nothing, the registration continues as normal.
  2. Registration continues as normal, but the user is automatically moved into the "Pending Moderation" group of your choice.
  3. Registration continues as normal, but the user is automatically permanently banned.
  4. Registration is blocked, an error message is displayed to the user.
Please Note: It is strongly recommended that you configure PM or Thread based notification so that you may monitor registrations that are from IPs that are a positive hit on the RBL. Especially if you configure the checker to allow registrations to complete normally.

These options are configurable in AdminCP > Options > DM-RBL Check on Registration.


Why Block Proxies?

Banned and Spammers users often get around IP bans by simply using an open proxy - of which there are thousands - to get around the IP ban. Very few legitimate users slow their surfing by using an anonymous proxy.


How do you Install?
  1. Create a user from which PMs, Posts, etc. will be generated.
  2. In your adminCP obtain values for the "banned" and "pending moderation" groupIDs (Defaults are 8 and 4).
  3. Install the attached product.
IMPORTANT NOTE:You must specify a username if you plan on configuring the AUTOBAN or NOTIFICATION options. Otherwise you WILL get errors.


What is the default config?
By default the RBLChecker will check the IP of a new registration, allow registration to complete, but add the new user to the "COPPA Members Awaiting Moderation" usergroup. You can then approve/reject those members depending on whether you think they are/aren't spammers/trolls.

You can modify the settings in the AdminCP to Ban or Block as you like.


Hack History:

Version 4.1
- Fixed SQL Injection security hole.
- Fixed some minor typos in automatically generated messages.

Version 4.0
- Added ability to specify error reported on blocks.
- Added ability to specify ban reason and custom title.
- Added ability to move users to "pending moderation" group if registration is allowed.
- Updated list of RBLs checked based on testing with lists of "anonymous" proxies.
- Fixed IP address of Notification Posts equalling IP of blocked user. (Now Notification IP = 1.2.3.4)

Version 3.2
- Fixed typo causing blocked registrations to be reported as allowed.

Version 3.1
- change in variable name in v3.0 broke RBL checking. Corrected error.
- match notification now includes the name of the RBL that matches the IP.

Version 3.0
- plugin now fires at "register_addmember_process" allowing the user to completely fill in the form.
- Added the ability to specify more than one RBL.
- Added option to specify whether registration is blocked or allowed to complete.
- Added option to automatically ban registrations that are allowed to complete but have a positive IP match.
- Added option to specify user who is "notifier".
- Added option to specify a forum where a notification thread will be created.
- Added option to supress notification PM / Thread when an IP matches blacklist or known proxy list.
- Added customized error codes for notifications - notification now indicates whether a registration IP has matched the RBL, blacklist, or predefined list of anonymizers.
- Reworded Phrases.
- Removed 10.x.x.x IP from known proxy/anonymizer list.

version 2.0
- Added configuration options under vboptions > DM-RBL Check on Registration.
- Added PM on Block.
- Added option to select RBL.
- Added Custom Whitelist.
- Added Custom Blacklist.
- Added list of free proxies.
- Changed default RBL to sbl-xbl.spamhaus.org
- Added option to enable/disable checking.

version 1.0
- added plugin to check against opm.tornevall.org
- added custom phrase to be reported as error on registration start.


Using this Hack?
If you install this hack please click "Installed" to receive updates.

If you find this hack useful you can always hit that paypal button too...

Download Now

Only licensed members can download files, Click Here for more information.

Supporters / CoAuthors

Screenshots

Click image for larger version Name: dm_rblcheck_setting1.jpg Views: 1279 Size: 104.6 KB ID: 63002   Click image for larger version Name: dm_rblcheck_setting2.jpg Views: 835 Size: 80.1 KB ID: 63003   Click image for larger version Name: dm_rblcheck_setting3.jpg Views: 716 Size: 31.0 KB ID: 63004  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Comments
  #2  
Old 18 Nov 2006, 04:41
DaNIEL MeNTED DaNIEL MeNTED is offline
Member
  
Join Date: Sep 2006
Reserved.
Reply With Quote
  #3  
Old 18 Nov 2006, 11:04
Ajavas's Avatar
Ajavas Ajavas is offline
Member
  
Join Date: Aug 2004
Thnx, for your first hack.... First install! Oops..mean first reply.
Reply With Quote
  #4  
Old 18 Nov 2006, 11:55
Eggie Eggie is offline
Member
  
Join Date: Jun 2005
Open Proxies are often exploited by malicious users to circumvent IP bans. If you feel your IP is being blocked in error you may contact the site administrator.
Is there an option to whitelist an IP if they are found to be blocked and can prove they are blocked in error? Is opm.tornevall.org the only list this works with or do you offer other options, as I have never heard of them and the site is not in english to get more info on their RBL. Can this work off a custom built RBL database? Looking good though!
Reply With Quote
  #5  
Old 18 Nov 2006, 16:01
ociosos's Avatar
ociosos ociosos is offline
Member
  
Join Date: Jun 2006
where are options?
have options?

More information please
__________________
Reply With Quote
  #6  
Old 19 Nov 2006, 00:02
DaNIEL MeNTED DaNIEL MeNTED is offline
Member
  
Join Date: Sep 2006
Hey guys... thanks for the feedback.

I had written this hack quickly but I agree there was room for improvement.

I have uploaded a new version - much improved.


Originally Posted by Ajavas View Post
Thnx, for your first hack.... First install! Oops..mean first reply.
Thanks!

Originally Posted by Eggie View Post
Is there an option to whitelist an IP if they are found to be blocked and can prove they are blocked in error? Is opm.tornevall.org the only list this works with or do you offer other options, as I have never heard of them and the site is not in english to get more info on their RBL. Can this work off a custom built RBL database? Looking good though!
There is now.

There is a custom whitelist / blacklist to which you can add IPs. There is also a "known proxy" list that contains the IPs of sites like "the cloak" or "proxify". I will add to that list with each update.

Also, I've been having some issues getting opm.tornevall.org to resolve addresses so I've replaced the default with sbl-xbl.spamhaus.org which is a much more well known RBL.

Originally Posted by ociosos View Post
where are options?
have options?

More information please
There were no options... but there are now.

DL and install the new product and check in your ACP > VB Options. There should be an entry.

I've also added the ability to PM user(s) when an IP gets blocked.

Thx Guys!
Reply With Quote
  #7  
Old 19 Nov 2006, 01:12
Tulsa Tulsa is offline
Member
  
Join Date: Jul 2005
I like the new options, thanks!
Reply With Quote
  #8  
Old 19 Nov 2006, 02:15
funkmeister funkmeister is offline
Member
  
Join Date: Oct 2004
I installed this and then fired up Hide IP Platinum and with various IP's ranging from Slovakia to Saudi Arabia was still able to register successfully on my forum with fake id's.

I don't know much about what, who or how Hide IP works, but whatever it is doing, it's getting past this - any ideas how to circumvent it too?

Great idea though, thanks.
Reply With Quote
  #9  
Old 19 Nov 2006, 02:19
DaNIEL MeNTED DaNIEL MeNTED is offline
Member
  
Join Date: Sep 2006
Originally Posted by funkmeister View Post
I installed this and then fired up Hide IP Platinum and with various IP's ranging from Slovakia to Saudi Arabia was still able to register successfully on my forum with fake id's.

I don't know much about what, who or how Hide IP works, but whatever it is doing, it's getting past this - any ideas how to circumvent it too?

Great idea though, thanks.
The problem is that products like hideIP or anonymizer aren't getting blacklisted by RBLs.

I guess its debatable on whether or not they should...

I'm looking into different RBLs to see if I can find one that hits those ranges.
Reply With Quote
  #10  
Old 19 Nov 2006, 10:25
NiTRoN NiTRoN is offline
Member
  
Join Date: Dec 2005
Real name: Big Kauhuna
maybe this product can expand to also allow multiple ip checking sites.. not just 1.. also Custom msg explaining why the registration was denied with admin option to enable or disable it. The msg would show in format of vbulletin error msg instead being PM one..

my 2cents.. otherwise this is great idea for a product. Looking very promising.. maybe it could evolve into some front-end security suite for vbulletin, but who knows.. its me just dreamin.
Reply With Quote
  #11  
Old 19 Nov 2006, 14:37
DaNIEL MeNTED DaNIEL MeNTED is offline
Member
  
Join Date: Sep 2006
Originally Posted by NiTRoN View Post
maybe this product can expand to also allow multiple ip checking sites.. not just 1.. also Custom msg explaining why the registration was denied with admin option to enable or disable it. The msg would show in format of vbulletin error msg instead being PM one..

my 2cents.. otherwise this is great idea for a product. Looking very promising.. maybe it could evolve into some front-end security suite for vbulletin, but who knows.. its me just dreamin.
Hi Nitron.

There is an error message that is displayed to the user in the standard vb error display format. You can edit exactly what it says by editing the phrase DM_found_in_rbl.

The PM option allows you, as an admin, to receive a PM with the IP when its blocked.

I will look at adding multiple RBLs in the next version.
Reply With Quote
  #12  
Old 20 Nov 2006, 03:22
NiTRoN NiTRoN is offline
Member
  
Join Date: Dec 2005
Real name: Big Kauhuna
oh sweet.. just got confused by what the options were for.. since there was no clear explanation..

can the PM options have drop down menu and let you chose PM or EMAIL?
You can solve that by making one line option with multiple boxes..
example

"Notify Following UserID's [enter userid# here] by [drop down box with options EMAIL/PM] about failed registrations"
and user id "0" would disable that whole option.
Reply With Quote
  #13  
Old 20 Nov 2006, 21:35
Tom1234 Tom1234 is offline
Member
  
Join Date: Sep 2003
Isn't the sbl-xbl.spamhaus.org blacklist a list of IP's that are used by email spammers? I'd expect that to be successful for blocking email spam, but that is not the same as blocking anonymous http proxy sites like Proxify.

countrycheck.com used to try to keep track of anonymous http proxy servers, but they seem to have gone out of business. Their site has contained just an error message for a few weeks now.
Reply With Quote
  #14  
Old 21 Nov 2006, 00:59
DaNIEL MeNTED DaNIEL MeNTED is offline
Member
  
Join Date: Sep 2006
Originally Posted by Tom1234 View Post
Isn't the sbl-xbl.spamhaus.org blacklist a list of IP's that are used by email spammers? I'd expect that to be successful for blocking email spam, but that is not the same as blocking anonymous http proxy sites like Proxify.

countrycheck.com used to try to keep track of anonymous http proxy servers, but they seem to have gone out of business. Their site has contained just an error message for a few weeks now.

spamhaus.org rolls up a number of other RBLs. You can also specify whatever RBL you want to use.
Reply With Quote
  #15  
Old 21 Nov 2006, 05:24
Tom1234 Tom1234 is offline
Member
  
Join Date: Sep 2003
Which Spamhaus (or other source) RBL contains anonymous http proxy servers?
Reply With Quote
Reply
Page 1 of 18 1 23411 Last »

« Previous Mod | Next Mod »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 08:19.

Layout Options | Width: Wide Color:
- vBulletin Main Site
Powered by vBulletin® Version 3.8.14
Copyright © 2023, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Design by Princeton
Copyright ©2001 - , vbulletin.org. All rights reserved.
vBulletin® is a registered trademark.