News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Anyone here working with CloudFlare/HoneyPot antibot software?

Started by Don Peters, July 21, 2010, 05:03:33 PM

Previous topic - Next topic

societyofrobots

hey . . . CloudFlare sent me here . . . I tried to install, but I'm getting "./Sources/Subs.php   Test failed"

Can anyone confirm it should work with v2.0.1?

Kindred

There are several different mods that do this...   which one?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

butchs

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

societyofrobots

Quote from: Kindred on December 01, 2011, 11:39:14 AM
There are several different mods that do this...   which one?
I'm using the one I found on this thread here:
http://www.simplemachines.org/community/index.php?topic=391926.msg2726085#msg2726085

It was last modified on June 18, 2011, meaning it's quite possible the reason I'm getting an error is because it's not compatible with v2.0.1. Of course, it could also be because it's not compatible with a mod I have installed, hence why I'm asking   :P

So . . . can anyone confirm it should work with v2.0.1?

butchs

It works on my version of 2.0.1 and the date matches my records.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

societyofrobots

#86
The package manager only gave me an error on Subs.php. It was looking for this but couldn't find it:
array(
if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0)
$data = \'http://\' . $data;
'),
'disallow_children' => array('email', 'ftp', 'url', 'iurl'),
'disabled_after' => ' ($1)',
),


So I opened up Subs.php and found this instead:
array(
'tag' => 'url',
'type' => 'unparsed_equals',
'before' => '<a href="$1" class="bbc_link" target="_blank">',
'after' => '</a>',
'validate' => create_function('&$tag, &$data, $disabled', '
if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0)
$data = \'http://\' . $data;
'),
'disallow_children' => array('email', 'ftp', 'url', 'iurl'),
'disabled_after' => ' ($1)',
),


So I just manually added this right after the above code as per the directions in the error:
array(
'tag' => 'sse',
'before' => '<!--sse-->',
'after' => '<!--/sse-->',
'block_level' => true,
      ),


I then ignored the error and installed the package. It's now reporting IP's properly.

However, I'm getting tons of errors related to httpBL, ForumFirewall:
8: Undefined variable: ip   File: /home/sr/public_html/my_site/Sources/httpBL_Subs.php
8: Undefined index: HTTP_CF_CONNECTING_IP   File: /home/sr/public_html/my_site/Sources/Subs-ForumFirewall.php Line: 28

It also doesn't fix the IP reporting in AjaxChat.

Anyone know what I can do to resolve this issue?

butchs

Yeow...  If package manager reports an error you should not install the mod!  The is most likely a mod conflict.  You should uninstall other mods until the conflict goes away.  Furthermore, if you manually install part you should manually install all of the mod.

That is true especially for this mod since there are so many changes.  Please uninstall the mod and manually install it or start from scratch!

httpBL though well written a few years ago has issues now.  The main issue I have with the mod is that it is easy for a modern bot to bypass it's protection.  Bad behavior with project honeypot does much better.

If you get a "HTTP_CF_CONNECTING_IP" error in forum firewall then you need to set:
Visitor IP call to Proxy  -> 'HTTP_CF_CONNECTING_IP'
Proxy Header ID -> 'Cf-Connecting-Ip'

I do not use 'AjaxChat" so I can not make a comment there without detailed input.  Compatibility with all other mods in the world is impossible...  If you want to try please post it with the appropriate mod.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

societyofrobots

I noticed that with this mod many IP addresses are resolving correctly now. However, a few still point to Cloudflare. It appears much of CloudFlares IPs are now blacklisted by httpBL and BadBehavior, thereby blocking out my visitors. And it hides the true IPs of actual spammers.

It appears I'm going to be forced between these two choices: disable BadBehavior, httpBL, and ForumFirewall . . . or remove CloudFlare. Any opinions? I'm thinking CloudFlare must go . . .

QuoteIf you get a "HTTP_CF_CONNECTING_IP" error in forum firewall then you need to set:
Visitor IP call to Proxy  -> 'HTTP_CF_CONNECTING_IP'
Proxy Header ID -> 'Cf-Connecting-Ip'
I checked, and it's already set like that . . .

I have no interest in manually modding files. I tried that before for several years, but every SMF version upgrade was a huge hair pulling experience to keep track of all the changes. I promised myself never again :P
(I guess I could write my own personal mods, but I don't really have time for that either . . .)

butchs

httpBL is not compatible with Cloudflare.

Bad Behavior is if you check Enable Reverse Proxy, set "IP call to Reverse Proxy" -> 'Cf-Connecting-Ip' and leave "Reverse Proxy Addresses" blank.

BadBehavior and ForumFirewall  work with the proper settings.  Do not forget to purge the cache.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

societyofrobots

Quote from: butchs on December 05, 2011, 05:07:53 AMBad Behavior is if you check Enable Reverse Proxy, set "IP call to Reverse Proxy" -> 'Cf-Connecting-Ip' and leave "Reverse Proxy Addresses" blank...Do not forget to purge the cache.
I made the changes, and it seems BB is now working properly. How does one purge the cache for BB?

But I'm still getting the "HTTP_CF_CONNECTING_IP" error in forum firewall . . .

butchs

BB cache resets automatically every day but can be manually reset in Scheduled Tasks.

You must have an typo somewhere.  Please post the error from the log and your settings in the "forum firewall" support board.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.


gamerzworld

Hey butchs, do you think you could update your modification to support IPv6 as well since it's now one of the features of CloudFlare? Your CF mod and the IPv6 mod have a number of conflicts.

butchs

Sorry, I learned my lesson with the smartphone mod, do not program something you can not personally test.
:'(
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

gamerzworld

Quote from: butchs on February 12, 2012, 02:44:58 PM
Sorry, I learned my lesson with the smartphone mod, do not program something you can not personally test.
:'(
I'm guessing the reason you can't test is the lack of an IPv6 connection? You can setup a IPv6 tunnel with http://www.tunnelbroker.net/ [nofollow] . I can help you get it working if you want.

butchs

This is not an official mod and I only made it to have CF compatibility with my site.  I do not like the massive amounts of code edits.  I believe that the IPV6 mod does it in a much simpler way.  With that said, I am busy and I do not intend to work on this mod.  But, I give you or anyone else permission to do whatever you want with it, take it over, change it for ipv6 compatibility.  Enjoy.
:)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

prince_bear

Anybody planning to take up where the venerable Butchs is leaving? I have a forum of 150 people, averaging 8-9GB of Bandwith per month, 1.5 Million page views per year and regularly limiting on CPU and Memory. Sufficed to say I am looking for options.  :)

Aleksi "Lex" Kilpinen

I feel that this topic doesn't really require team attention anymore, so I'm marking this solved.
@Don Peters - If you disagree with me, feel free to mark the topic not solved again.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

netham45

A bit of a necropost, but I came up with a different fix for the IPs not being reported properly in SMF 1.1.x:

Quote
1) Open index.php

2) Right below the <?php line (Should be the top line in the file), insert this:

if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
     $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];


3) Open SSI.php

4) Right below the <?php line (Should be the top line in the file), insert this:
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
     $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];


It's not the cleanest (overwriting $_SERVER vars...) , but it doesn't break IPs for connections that are outside of cloudflare (we have an SSL connection that's not going through cloudflare), and it's far less intrusive into the code.

Advertisement: