Anyone here working with CloudFlare/HoneyPot antibot software?

Aleksi "Lex" Kilpinen · June 15, 2011, 07:32:58 AM

Quote from: Angie KidneyKorner on May 04, 2011, 04:00:00 AM
is there a CloudFlare support forum?
Just wondering as I never knew about one but did try to find one. Any tech support I needed I just emailed Matthew
as I was beta testing it. I stopped using CloudFlare awhile back when all my members were being blocked. Turns out
my host didn't like how every member was seen as coming from the same IP range (CloudFlare) and decided to block
the whole range. I know a patch or mod or something came out but without my host's cooperation I decided that I was
fine using mod_httpbl, Stop Spammer, Bad Behavior Mod, and Anti-Spam Verification Questions. I haven't had even one
spammer in months.

Basically HttpBL does exactly the same job as Cloudfare, in screening your potential members - without the problems of shared IP addresses and such

snoopy_virtual · June 15, 2011, 06:49:34 PM

Hi Lex

I collaborate with Angie in another community where the only thing we do is to fight spammers all day long with all the weapons we can find, so I talk a lot with her and I think she already knows that.

My guess is that she is just trying to find a CloudFlare support forum to give them some grieve. (Man, she can talk really nasty when she's angry ...

)

I wouldn't like to have Angie as an enemy.

busterone · June 15, 2011, 07:08:23 PM

I second that one myself. She loves to give the spammers a lot of grief. I would not want to be a spammer in her sights.

Angie on Dialysis · June 18, 2011, 12:34:02 PM

Quote from: snoopy_virtual on June 15, 2011, 06:49:34 PM
My guess is that she is just trying to find a CloudFlare support forum to give them some grieve. (Man, she can talk really nasty when she's angry ... )

I wouldn't like to have Angie as an enemy.

Hahah Snoopy

Quote from: busterone on June 15, 2011, 07:08:23 PM
I second that one myself. She loves to give the spammers a lot of grief. I would not want to be a spammer in her sights.

You guys are great

Genjin · July 07, 2011, 06:15:35 PM

Hey butchs, I switched to CloudFlare today and am about to install SMF2.0! My concern were the IPs too for spambot protection (my previous forum on fluxBB was crawling with them) so your Mod will be just what I need

Small note though, I am not sure if you are aware of it or not but unregistered Users can NOT see your forum attachments. I had to register extra to see it (and wasn't sure if I would when I do, thought I missed something else)

Just saying, maybe you get more downloads from other SMF users that use CloudFlare when your plugin is a direct link on a file hoster or something

But thats minor issue. Thanks for the hard work!

butchs · July 07, 2011, 07:20:45 PM

Not sure how the mod can have anything to do with attachments? Sounds like your SMF admin preference settings.

The mod is linked to the CF site. It is free, so I do not care about downloads.

Genjin · July 07, 2011, 08:12:55 PM

Hi butchs, I think you misunderstood what I ment

I ment to get your CF mod in the first place, in this very thread, as attachment on the bottom of your post on page 1. When you're not logged in / registered, you don't really see that its attached in your posts. There is no note like "This user attached a file, register to download it" which left me wondering a while how I can get your plugin. That's all. It's visible once registered and I got it. Thanks

butchs · July 07, 2011, 08:37:09 PM

Oh, sorry. If CF had a place to put it I would put it on their server. But they seem not to want to give me space so it is here...

Genjin · July 08, 2011, 03:44:15 PM

Hi butchs, too bad, they really should

I encountered something strange. When I installed your Bad Behavior Mod and Cloudflare Mod both together, no IP adresses showed up. When I deactivated the Cloudflare Mod, IP adresses started showing up again. Bad Behavior Mod is configured to Reverse Proxie with the CF header, no IP adresses defined. Is there some sort of compatibility issue between those mods? Will I encounter any negative effects just using Bad Behavior mod and not Cloudflare mod?

Thank you

butchs · July 08, 2011, 07:59:27 PM

Quote from: Genjin on July 08, 2011, 03:44:15 PM
I encountered something strange. When I installed your Bad Behavior Mod and Cloudflare Mod both together, no IP adresses showed up. When I deactivated the Cloudflare Mod, IP adresses started showing up again. Bad Behavior Mod is configured to Reverse Proxie with the CF header, no IP adresses defined. Is there some sort of compatibility issue between those mods? Will I encounter any negative effects just using Bad Behavior mod and not Cloudflare mod?

NO! I have been using both mods together uninterrupted since I created them. I have no issues.

CF mod has nothing to do with the Bad Behavior (BB) mod. CloudFlare (CF) mod only changes the way SMF reads the ip addresses. Due to security reasons, Bad Behavior finds the visitors ip address internally, keeps them to it's self and does not share them with SMF. BB is an island upon it's self. Neither mod uses any part of the other to operate.

The missing ip address is just CF going down for maintenance, an ip address being spoofed or CF not being turned on. Maybe you need to go to the CF web-page and adjust the CF settings for your site?

Only set Bad Behavior for the "Reverse Proxy/Load Balancer" when CF is active. You need to check "Enable Reverse Proxy", put "Cf-Connecting-Ip" in "IP call to Reverse Proxy" and leave "Reverse Proxy Addresses" blank. Then Bad behavior and the Project Honeypot Feature will use the correct ip addresses for testing.

butchs · July 08, 2011, 08:19:51 PM

If you exhausted all options then Forum Firewall (FF) with the following will take care of any ip spoofers you may see:

"Enable Testing", "Block Violations", "Logging", "Enable IP Validation" checked.
"Country Code via Headers" set to "Cf-Ipcountry", "Visitor IP call to Proxy" set to "HTTP_CF_CONNECTING_IP" and "Proxy Header ID" set to "Cf-Connecting-Ip".

Do not use other portions of FF mod unless you read the built in help "click on the ?'s" and fully understand what you are doing.

butchs · July 09, 2011, 04:56:21 AM

With respect to the mods:

CF Mod translates the ip addresses that CF provides to SMF so the members have the correct ip address while it is operation. If the service stops for any reason the addresses will be incorrect. SMF reads the same information over and over so the work of the mod is tedious.

BB Mod reads the ip addresses that CF provides to it's internal system and uses this information, among other things, to determine if it wants to block someone. If the CF service stops for any reason the mod will only partially work. Since all the addresses it sees will be the same the honey pot portion will not work.

FF Mod reads the ip addresses that CF provides to it's internal system and uses this information, among other things, to determine if it wants to block someone. If the CF service stops for any reason the mod will detect this and continues to do it's job unabridged. You should see an increase in blocks since CF is no longer blocking and FF is taking over. This does not happen often but, it can happen once in a while.

butchs · July 09, 2011, 07:54:10 PM

Quote from: Aleksi "Lex" Kilpinen on June 15, 2011, 07:32:58 AM
Basically HttpBL does exactly the same job as Cloudfare, in screening your potential members - without the problems of shared IP addresses and such

Thats so not true it is a sin! Cloudfare does much much more than a mere old port of the Dupral version of httpBl...

Aleksi "Lex" Kilpinen · July 10, 2011, 12:55:27 AM

Well, I did not mean it as if it would be the only thing it does - but in regards to spammers and such, it does do the same thing basically...

butchs · July 10, 2011, 05:03:28 AM

Besides cache and etc it has some basic protection that goes beyond project honeypot. You can block countries like RU & China. There are some basic tests in the free package that removes spammer and script kiddies before they reach your site. It even has a Bad Behavior option. Evident by the amount of bad traffic I see before and after enabling the service. I am sure the free package of CF tests more than just the honeypot database.

It is not fool proof but it certainly cuts down on the work my mods have to do while it is on-line.

Genjin · July 12, 2011, 04:01:17 PM

Hi butchs,

yes your plugins work perfectly fine. I had a screwup somewhere else (with my DNS records)

On another note, here's something nice for Nginx users like me: hxxp:www.cloudflare.com/wiki/Nginx [nonactive]

If you are using Nginx as Webserver and experienced enough to install this module, you will not need any special plugins for the scripts you use to get the real IP. With this module Nginx does that already for you, provided you configured it right

Blackylol · August 12, 2011, 06:53:44 AM

I was using this mod and it was working perfectly, after I changed my domain and added it to cloudflare, 6 hours later and all the user IPs are still 0.0.0.0 I should wait more or this is a mod error ?

----

Yes i had o wait a bit more, nvm ^^ works now

butchs · August 13, 2011, 07:58:47 AM

Nothing is wrong with the mod. Cloudflare is not working. Check your Cloudflare settings.

Ventic · November 24, 2011, 03:12:11 PM

Quote from: butchs on July 31, 2010, 08:54:34 PM
This mod should fix the IP addresses in the users online log files. It works with 1.1.x and 2 RC3.

Plus, I added posting Server Side Excludes.

It will get put in the CloudFlare wiki next week.

EDIT: Update for SMF Gold.

what that does

butchs · November 26, 2011, 09:47:52 AM

Basically it prohibits suspicious visitors from seeing the content in the bbc code.

Read up on it at the Cloudflare site.

News:

Anyone here working with CloudFlare/HoneyPot antibot software?