httpBL

[willerby]

Hi Snoopy, long time no contact. httpBL has been working away admirably on my forum for a number of years but just started seeing this error in my error log over last few days -

Error Log: Sorry, can not register new user with spam info

Hundreds of them all different IP addresses, trying to register. The trigger appears to be ...index.php?action=register2

It's been a while since I had some sort of automated login attempt but SMF seems to be coping admirably. I'm led to believe from Kindred that this is likely to be a mod specific error message and my main protection is your mod so I'm assuming its something triggered by httpBL? Apologies if not.

[snoopy_virtual]

(...) just started seeing this error in my error log over last few days -

Error Log: Sorry, can not register new user with spam info

There is not a single line in mod httpBL (in the text fields) with those words, so this must be coming from some other mod.

Can you give me a list of the mods you have installed?

In the mean time I would suggest you to add at least an anti-spam question in your forum (if you haven't got one already).

[willerby]

Thanks Snoopy... I couldn't find it either. I've looked through all my mods and there are only a few that could be impacting registration. I've checked all and most likely culprit is Tapatalk - SMF on an App.

Having just launched BYO Apps I supect this is either part of their testing or the login via their App is causing issues. Will check with them. Thanks for the fast response and sorry to have troubled you.

Keep up the great work!

[snoopy_virtual]

I've just discovered something wonderful when you are using mod httpBL and you have an Apache dedicated server with WHM-cPanel in it.

You just need to access your WHM.
Navigate to "Security Center" => "ModSecurity Tools"
Click on "Rules List"
Click on "Add Rule"
And enter this text:

Code Select Expand


SecHttpBlKey YOUR_API_KEY_HERE
SecRule TX:REAL_IP|REMOTE_ADDR "@rbl dnsbl.httpbl.org" "id:'99010',chain,phase:1,t:none,capture,block,msg:'HTTPBL Match of Client IP.',logdata:'%{tx.httpbl_msg}',setvar:tx.httpbl_msg=%{tx.0}"
SecRule TX:0 "threat score (\d+)" "chain,capture"
SecRule TX:1 "@gt 20"


Before you save this new rule you need to edit it a little.

In the first line, change the text YOUR_API_KEY_HERE for your actual httpBL API key (the same one you are using in mod httpBL).

The last line SecRule TX:1 "@gt 20" means that you are going to block every visitor with a threat score greater than 20.

That's the way I have it just now in my server, but you can use here any other value if you want.

The way this rule works, every visitor arriving to your server (human or robot) with a threat score in Project Honey Pot higher than this value, will be blocked from the server completely, with no even the possibility of watching a "warning page" or anything at all. So you may want to use a higher value here like 25 or 30.

It's up to you. You can edit the rule later, if you need to.

After you finish editing the rule, just save it and re-start your Apache server.

The good thing about this rule is that (when you have it enabled) mod httpBL is protecting every single port in your server. Not only from malicious visitors trying to access your web pages (ports 80 - http and 443 - https) but every other port and process on your server at the same time.

[szinski]

I've just discovered something wonderful when you are using mod httpBL

Awesome find! I have it running on my server now, thanks!!

[szinski]

I found a setting under ModSecurity Configuration where you can add your Project Honey Pot API Key.

[snoopy_virtual]

I found a setting under ModSecurity Configuration where you can add your Project Honey Pot API Key.

Yes, I found it too the next day.

If you enter your API key there, you can delete the first line in the rule, because you don't need to put it twice.

[Nodaz]

Two questions:
A. i am following the directions to install a honeypot and it is asking for a preferred language, what do i choose?
My host is running:
cPanel Version    58.0 (build 20)
Apache Version    2.4.23
PHP Version    5.6.24
MySQL Version    10.0.25-MariaDB-cll-lve
Architecture    x86_64
Operating System    linux


Perl Version    5.10.1
Kernel Version    2.6.32-531.17.1.lve1.2.60.el6.x86_64

Am i better off, being a novice for the most part just using a honey pot quicklink?

[snoopy_virtual]

I suppose you didn't read the tutorial I wrote:

http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2;language=english

A. i am following the directions to install a honeypot and it is asking for a preferred language, what do i choose?

The language you need to chose is PHP.

Am i better off, being a novice for the most part just using a honey pot quicklink?

This mod doesn't work with a honey pot quicklink.

You need the good honey pot.

[Nodaz]

I hadn't seen that tutorial yet, i ended up downloading the mod through a referral in a post about another mod, not sure if i just missed it or if i hadnt come across it yet.
i will read it, thanks for the additional information as well.

[Nodaz]

i have installed the honeypot and activated it sucessfully, i have retreived the BL aAPI key and downloaded the MOD package, BUT when i attempt to install i am getting two errors:
at kibe 6 and 6.2
   1.    Execute Modification    ./Sources/ManagePermissions.php    Test successful
*    2.    Execute Modification    ./Sources/Admin.php    Test successful
*    3.    Execute Modification    ./index.php    Test successful
*    4.    Execute Modification    ./SSI.php    Test successful
*    5.    Execute Modification    ./Themes/default/index.template.php    Test successful
*    6.    Execute Modification    ./Themes/default/Who.template.php    Test failed
      1.    Add Before    ./Themes/default/Who.template.php    Test successful
      2.    Add Before    ./Themes/default/Who.template.php    Test failed
*    7.    Execute Modification    ./Themes/default/languages/Modifications.english.php    Test successful
   8.    Execute Modification    ./Themes/default/languages/Modifications.english_british.php    Skipping file
   9.    Execute Modification    ./Themes/default/languages/Modifications.spanish_es.php    Skipping file
   10.    Execute Modification    ./Themes/default/languages/Modifications.spanish_latin.php    Skipping file
*    11.    Execute Modification    ./Themes/default/languages/Modifications.english-utf8.php    Test successful
   12.    Execute Modification    ./Themes/default/languages/Modifications.english_british-utf8.php    Skipping file
   13.    Execute Modification    ./Themes/default/languages/Modifications.spanish_es-utf8.php    Skipping file
   14.    Execute Modification    ./Themes/default/languages/Modifications.spanish_latin-utf8.php    Skipping file
   15.    Extract File    ./Sources/httpBL_Subs.php    
   16.    Extract File    ./Sources/httpBL_2_Config.php    
   17.    Extract File    ./Themes/default/httpBL.template.php    
   18.    Extract File    ./Themes/default/css/httpBL_css.css    
   19.    Extract File    ./warning.php    
   20.    Extract File    ./warning_css.css    
   21.    Adapt Database    install_2.php

I dont want to continue without some direction as to what is happening.

[snoopy_virtual]

I suppose it's some other mod you have installed.

Attach here your Who.template.php file (or send me it via PM or email) and I will sort it for you.

[Nodaz]

Ive tried to keep mods to a minimum, here is what is installed:
1.    Google Analytics Code    1.4    [ Uninstall ] [ List Files ] [ Delete ]
2.    httpBL    2.5.1    [ Install Mod ] [ List Files ] [ Delete ]
3.    Responsive Curve    1.0 Beta 3    [ Uninstall ] [ List Files ] [ Delete ]
4.    Misc Anti Spam    1.0    [ Uninstall ] [ List Files ] [ Delete ]
5.    Stop Spammer    2.3.9    [ Uninstall ] [ List Files ] [ Delete ]
6.    SMF 2.0.11 Update    1.0    [ Uninstall ] [ List Files ] [ Delete ]
7.    SMF 1.1.21 / 2.0.10 Update    1.0    [ List Files ] [ Delete ]
8.    Ad Managment    3.2    [ Uninstall ] [ List Files ] [ Delete ]

ive attached the file.
I appreciate the help

[snoopy_virtual]

I think the problem is with the mod Responsive Curve.

Try this:

1.- Uninstall the mod Responsive Curve

2.- Install the mod httpBL (it should show no errors this time I hope).

3.- Install again the mod Responsive Curve

[Nodaz]

That was it, i uninstalled the responsive curve mod and httpBL installed without issue, i was able to set it up with the BL API and turn it on, it shows me a green bar and states it connected to the honeypot perfectly.
I have not reinstalled responsive curve yet, not sure why i actually installed it in the first place, dont remember exactly what it does and may leave it uninstalled.
Thanks very much for the help !

[Kindred]

it makes your default theme somewhat responsive (enough to pass the google mobile friendly check)

[lepidas]

Hello to all and specially to the author of the mod.
Today I was checking the source of my index and at the 2nd line from the end I found this

Code Select Expand

</div></div><div><a href="http://forum.snowguide.gr/clandestine.php"><span style="display: none;">anything</span></a></div>

I was just wondering what is this about? just out of curiosity

[DarkAngel612]

Is the link your site link?

If so it looks like it may be something to do with honey pot that you have registered to your site. The one to catch "spammers", maybe

[snoopy_virtual]

Exactly.

That's the link to your honey pot.

It's done in a way that humans cannot see if they only look to the site in the normal way. Only robots see it.

It's explained better in the tutorial I started to write ages ago (but I never finished, sorry).

http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2;language=english

[lepidas]

Because I don't understand, I don't have such a php, what is the purpose of the link? How the HttpBl mod will understand that someone loaded that .php?