I received an e-mail invitation from Matthew Prince, of Project Honey Pot, to test out their new beta software called CloudFlare. The purpose of CloudFlare is to keep spambots and other bad bots from even reaching your forum. They do this by changing your forum's DNS settings so that traffic first goes to CloudFlare, where it is checked against Project HoneyPot's spambot database, and then if the user passes, he is passed along to your forum. Along the way they also provide some extra services such as caching your website and scrambling your support e-mail addresses so they can't be harvested by a spambot.
I was about to try it when I realized there might be some SMF issues I'd have to deal with. Specifically, SMF would see traffic coming from CloudFlare rather than the accessing user. Also, my software gets the referring URL, and I'd have to code around this. I'm told the SMF software compatibility mods are minimal, but I don't have the time or PHP experience to make them. Hence, I was wondering if others here were attempting to use CloudFlare, and if so, if they developed the necessary mods to enable a smooth transition to it.
Don
I haven't heard of it today, but it looks trustworthy. Although I find it weird that the guy emailed you about it.
I'm not sure if its compatible or not with SMF, you will just have to try it.
I was invited and checked them out and they are for real. I am currently trying it with SMF 2 RC3 and have no log errors to date. But I noticed that SMF 1.1.x requires the following changes:
QuoteTo make CloudFlare compatible with Simple Machine Forum 1.1.x and so there are no log issues, please run the following process:
1. open SSI.php
2. on ~ line 165
find:
if (isset($_SERVER['REMOTE_ADDR']) && !isset($_SERVER['is_cli']) && session_id() == )
replace with:
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && !isset($_SERVER['is_cli']) && session_id() == )
3. Save
4. open Sources/Load.php
5. on ~ line 441
find:
updateMemberData($ID_MEMBER, array('ID_MSG_LAST_VISIT' => (int) $modSettings['maxMsgID'], 'lastLogin' => time(), 'memberIP' => '\ . $_SERVER['REMOTE_ADDR'] . '\, 'memberIP2' => '\ . $_SERVER['BAN_CHECK_IP'] . '\));
replace with:
updateMemberData($ID_MEMBER, array('ID_MSG_LAST_VISIT' => (int) $modSettings['maxMsgID'], 'lastLogin' => time(), 'memberIP' => '\ . $_SERVER['HTTP_CF_CONNECTING_IP'] . '\, 'memberIP2' => '\ . $_SERVER['BAN_CHECK_IP'] . '\));
6. on ~ line 491
find:
'ip' => $_SERVER['REMOTE_ADDR'],
replace with:
'ip' => $_SERVER['HTTP_CF_CONNECTING_IP'],
7. Save.
8. open Sources/QueryString.php
9. There are 20 to replace in this file so it is easier to use find and replace for this file.
10. Save and upload all. Done.
Tutorial by MKNJHILL :)
It will be interesting to see what passes through to get caught by my SPAM software. So far BB is active and Project Honeypot stopped recording. Still have to give it time and look at my other measures.
This mod should fix the IP addresses in the users online log files. It works with 1.1.x and 2 RC3.
Plus, I added posting Server Side Excludes.
It will get put in the CloudFlare wiki next week.
EDIT: Update for SMF Gold.
Good to hear.
Do you think we can mark this as solved? :)
I'd rather leave this open until some more users report their experiences with CloudFlare.
Specifically, CloudFlare is supposed to eliminate most of the spambot attacks. But I just implemented the mod which determines if a registration attempt is made by a human or bot, via asking several questions. That seems to have stopped the spambots dead.
So, given this mod, I'm wondering if CloudFlare is really worth it. I'd love to hear some opinions on this.
I spent several hours of my time adding a SMF 1.1x version to my mod just for you when I have SMF 2.0 RC3. You could try it?
Quote from: Don Peters on August 03, 2010, 05:36:13 PM
I'd rather leave this open until some more users report their experiences with CloudFlare.
Specifically, CloudFlare is supposed to eliminate most of the spambot attacks. But I just implemented the mod which determines if a registration attempt is made by a human or bot, via asking several questions. That seems to have stopped the spambots dead.
So, given this mod, I'm wondering if CloudFlare is really worth it. I'd love to hear some opinions on this.
I've been using CloudFlare (CF from now on) for a couple weeks. Personally, I Love it!
Why you ask? ;)
First off, CF is NOT a single program to stop the bad guys. It's a whole suite of programs with servers all over the country (hence the Cloud part). Which by the way, are currently running at over 500 hits per second, only a small fraction of capacity.
Second.. They say "we take the hit so you don't have to" They really do take the bandwidth hit.
Think about all the bandwidth and processor time that is wasted dealing with bots. Every mod we run trying to stop spammers costs us. Be it increased bandwidth (for big sites), slower loading pages, or the time we take to update this mod or the other. You did get that last update didn't you? ;) Not to mention weeding through logs full of bot data trying to find the important stuff.
Enough of that, you want to know how CF is working for me.
Before CloudFlare, I was running 3 mods, 1 script and had a huge .htaccess file to stop the spammers/hackers.
My SMF error log got so bad I shut error reporting off. (just 1 bot hitting 2 &3 time a second for 2 or 3 minutes makes a log full of junk)
Now I have 1 mod running, Stop Spammer and my htaccess is down to about 8 short lines. ;D
I kept Stop Spammer running because CF relies heavily on the HoneyPot database, which we know only has bots caught by their traps and not reported by humans. Whereas Stop Spammer uses the human data from Stop Forum Spam.
At first I was getting 2 or 3 bots a day sneaking through CF. For the last 3 days there have been 0. This is due in part to the fact that CF also uses human reporting, via our block list.
Noticed a few being blocked that aren't in the Honey Pot database. Good to see! CF is learning.
So far all the features I've tested or tried work very well. Yes there is a bug every now & then, but it IS still in beta. One thing is for sure, they squash the bugs in short order.
One more thing. Ain't done rambling! ::)
Quote
I'm wondering if CloudFlare is really worth it.
Let me ask..
Do you like to... waste time, energy, money, bandwidth, and sometimes sleep?
Do you like to.. wade through endless pages of useless data looking for the important stuff?
Do you like to.. worry if that script you just installed has an exploit that a hacker will find before you do?
Do you like to.. make every single potential new member jump through 10 hoops just to join?
Do you like to.. worry someone might post personal info that a bot could grab and use?
Do you like to.. wonder what you would do if your site was hit by a denial of service attack?
I'll stop there...
So... is it worth it?
Just the features the free version will have makes it a no brainier.
Don't get me wrong! CloudFlare isn't the end all be all. But they'll sure make a heck of front line. And it makes the 2nd line soooo much easier to handle.
I like it too. My bandwidth has dropped from over 6gb to less than 1. I am still keep my normal protection behind it and am catching the stragglers. httpBL will see one 2-3 days and Bad Behavior will catch 3-5 a day and my personal firewall 15-20 per day, mostly bad countries. They say they have parts of Bad Behavior built in it but I prefer to try it on my end and continue to perfect the mod. Besides my mods use cache to reduce processor load. 99% of the bots do not make it to Stop Spammer.
@butchs
Hope you don't mind, but I spruced up your Wiki post a bit. Made it look a bit more Wikified. LOL!
Wow! A 5gb drop?! :o Sweet!
I shut down half of httpBL yesterday as it only logged 2 hits in 4 days. Will always have something running on my end. ;)
Oh!
Thanks for the CF mod!
Seems to be working just fine, but haven't had time to check in detail.
Thanks, I am not much at conforming to the rules Wiki... ;)
I had some problems with Bad Behavior conforming that the traffic is from Coudflare. After doing some research Michael Hampton (from BB) found that CloudFlare had some errors in a DNS record.
Quoteerror@underground ~/Downloads $ host 204.93.177.106
Host 106.177.93.204.in-addr.arpa. not found: 3(NXDOMAIN)
I sent the information to them but never had a reply. I think they fixed it. So if all of the sudden everybody gets banned you can edit the following in "core.inc.php" until it passes. ???
Search:
if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
require_once(BB2_CORE . "/cloudflare.inc.php");
if ($r = bb2_cloudflare($package)) return $r;
}
replace:
if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
// require_once(BB2_CORE . "/cloudflare.inc.php");
// if ($r = bb2_cloudflare($package)) return $r;
}
Noticed that sometime last night (9:30 pm EST) IP's were not being captured. Uninstalled mod CloudFlare, back to normal.
CF made some changes around the same time.
Yea, I emailed them and they said they took on many new users and the bandwidth went through the roof and they were fixing it.
It is back up for me. Times like this make me wish that SMF had just one check for an visitor Ip address so i can easily add a auto-detection script for CloudFlare.
Quote from: butchs on September 05, 2010, 03:47:58 AM
It is back up for me. Times like this make me wish that SMF had just one check for an visitor Ip address so i can easily add a auto-detection script for CloudFlare.
Then it wouldn't be a challenge and you'd get bored, quit coding and spend the rest of your days in the park feeding pigeons and people would call you "the pigeon man"..... ok, a bit far! But you know what I mean... :o
Oh but I prefer to quite coding. Those bots are the only reason I coded at all this summer. :-X
Quote from: butchs on July 31, 2010, 08:54:34 PM
This mod should fix the IP addresses in the users online log files. It works with 1.1.x and 2 RC3.
Plus, I added posting Server Side Excludes.
It will get put in the CloudFlare wiki next week.
I would like to thank you for this mod. I am using Cloudflare since yesterday realised that without proper IP's all banned users had access to my board again. Not good.
Quote from: butchs on July 31, 2010, 08:54:34 PM
This mod should fix the IP addresses in the users online log files. It works with 1.1.x and 2 RC3.
Plus, I added posting Server Side Excludes.
It will get put in the CloudFlare wiki next week.
Should this also work for 2.RC4?
I keep getting CloudFlare's ip for
everyone,
and I want to be able to see the actual I.P of members and guests.
Is that what this is for?
It should, make sure you simulate RC3.
Cool. Thanks butchs.
I have Bad Behaviour, and http:BL running currently on a SMF 2.0 RC3 Forum. I am currently running into problems with legitimate users from sometimes questionable IPs hitting the http:BL captcha multiple times, over the course of several days. Would Cloudflare offer a solution by analyzing their usage to determine that they are just normal users, or because they are coming from questionable IP's just dead-end them faster?
No. CloudFlare is written by the guys who made ProjectHoneypot so if your members are getting flagged with httpBL they will get flagged with CloudFlare. Both offer human confirmation questions with set time limits.
Thank you, I was kinda suspecting that. I will keep searching and learning about forum security in the rougher parts of cyberspace.
Hey Prince_Bear,
ProjectHoneypot have 2 values which may be interesting in your case:
Last Seen
and
ThreatLevel
When developing our software, we learned that these 2 values can make a huge difference in regards to "false positives"
Fighting spam can be a tough nut to crack :)
For any questions, please feel free to ask.
Cheers
SpamTrawler
Thanks for that note spamtrawler
My question would be how do those values help me, if I have legitimate users coming from questionable IPs? They are getting flagged at a certain threat level based on the spam usage of those IPs, but those IPs are shared by hundreds if not thousands of clients. Most of those clients are not the problem, but the bad apples are ruining the batch for everyone else.
Only thing I can think of would be to place a "trusted cookie" on the user's machines after they have gotten through the captcha so that even if they are coming from a questionable IP they would be flagged as safe. Then you only have to worry about the public computers, which are accessing the forum.
@prince_bear:
If you are using mod httpBL you are already using those 2 values.
I did that mod 2 years ago, and that's the first thing I took into account.
For more information on how to configurer properly those values, you can search the mod support thread (http://www.simplemachines.org/community/index.php?topic=366399).
For example you may find interesting this question I got there:
http://www.simplemachines.org/community/index.php?topic=366399.msg2833720#msg2833720
And my answer to that question:
http://www.simplemachines.org/community/index.php?topic=366399.msg2833827#msg2833827
@snoopy_virtual
Thanks! It definitely looks like you have done your homework!
Attached is the 2.0 RC4 version.
latest attached version seems corrupt for me... :-[
New copy uploaded. It is for 2 RC4.
I'm still getting errors, seems to be the way the file is packaged due to the wildcard. Even IZArc was screaming 'corrupt! file is directory'.
I repackaged it for those of you who have problems with the above one. Works fine for me now. :)
Thanks for this mod, and a quick question...
Is it necessary to install mod_cloudflare in apache along with this mod? I understand this mod ensures IPS being correctly reported in SMF, but how about the rest of the website - drupal for example?
Thanks.
Quote from: Glasso on February 05, 2011, 08:14:23 AM
Thanks for this mod, and a quick question...
Is it necessary to install mod_cloudflare in apache along with this mod? I understand this mod ensures IPS being correctly reported in SMF, but how about the rest of the website - drupal for example?
Thanks.
When I started studying Cloudflare my first impression was I didn't liked it because it was adding to my web pages google adverts that I couldn't control.
After studying it a little more, and comparing what I have found with other people using also Cloudflare, I like it even less, because we have seen a few times that some of that google adverts are pointing to fake anti-virus and to pages I wouldn't recommend at all, so I have stopped using it.
Of course it's up to you what anti-spam solutions you use, but if you want to be protected against all the spammers inside
projecthoneypot database (that's what Cloudflare is for) I would recommend you to use programs (or mods) where you can control everything.
You can find a lists of the available programs and mods here:
http://www.projecthoneypot.org/httpbl_implementations.php
Quote from: snoopy_virtual on February 05, 2011, 09:01:16 AM
When I started studying Cloudflare my first impression was I didn't liked it because it was adding to my web pages google adverts that I couldn't control.
... that some of that google adverts are pointing to fake anti-virus and to pages I wouldn't recommend at all, so I have stopped using it.
Hmm... I didn't know google ads are inserted. Are you referring to ads being inserted into the site pages or the challenge page?
Thanks.
The challenge page
Quote from: snoopy_virtual on February 05, 2011, 09:01:16 AM
[When I started studying Cloudflare my first impression was I didn't liked it because it was adding to my web pages google adverts that I couldn't control.
Do you mean Google Analytics? That can be turned off. Go to cloudflare settings and turn off Google Analytics.
I found the Google Analytics implementation messes up with the warning pages of httpBL, BB and FF mods. So I turned it off.
Quote from: snoopy_virtual on February 05, 2011, 09:24:29 AM
The challenge page
I would assume that disappears if you upgrade to a paying account?
All in all I like and use Cloudflare. :P
Cons:
An experienced webmaster can do much on their own.
As far as protection goes I am not sure what it does that my current solution does not do.
Ads...
Pros:
Less effort, great for newbies.
It blocks the violator before reaching my forum and that saves bandwidth.
The cache increases speed.
Server Side Excludes are cool if you post an email address or phone number.
IP geolocation comes in handy.
Always Online is cool but I am not sure it works.
Quote from: Glasso on February 05, 2011, 08:14:23 AM
...
Is it necessary to install mod_cloudflare in apache along with this mod? I understand this mod ensures IPs being correctly reported in SMF, but how about the rest of the website - drupal for example?
Thanks.
Any case, what is the answer to this, anyone?
Quote from: butchs on February 05, 2011, 10:27:35 AM
Do you mean Google Analytics? That can be turned off. Go to cloudflare settings and turn off Google Analytics.
I found the Google Analytics implementation messes up with the warning pages of httpBL, BB and FF mods. So I turned it off.
No, I don't mean Google Analytics, but the Google adverts in the challenge page. Some of them are pointing to legal anti-virus and anti-trojans (but not all of them are good ones, even if they are legal) but it's even worst than some of them are pointing to fake anti-virus.
QuoteI would assume that disappears if you upgrade to a paying account?
As far as I know they don't.
Quote from: Glasso on February 05, 2011, 10:36:30 AM
Quote from: Glasso on February 05, 2011, 08:14:23 AM
...
Is it necessary to install mod_cloudflare in apache along with this mod? I understand this mod ensures IPs being correctly reported in SMF, but how about the rest of the website - drupal for example?
Thanks.
Any case, what is the answer to this, anyone?
I already answered that. I gave you this link:
http://www.projecthoneypot.org/httpbl_implementations.php
Inside it you can see there is a mod made for Drupal here:
http://drupal.org/project/httpbl
Quote from: snoopy_virtual on February 05, 2011, 10:52:36 AM
Inside it you can see there is a mod made for Drupal here:
http://drupal.org/project/httpbl
I see my caching idea is catching on. ::)
QuoteThe message visitors will see when their IP is blacklisted. <em>%ip</em> will be replaced with the visitor's IP, <em>%ipurl</em> with a link to the Project Honeypot information page for that IP, <em>%honeypot</em> with your Honeypot link.
QuoteThe message visitors will see when their IP is greylisted. <em>%ip</em> will be replaced with the visitor's IP, <em>%ipurl</em> with a link to the Project Honeypot information page for that IP, <em>%honeypot</em> with your Honeypot link, <em>%whitelisturl</em> with the internal whitelist request URL."
msgstr "
QuoteThreshold for the greylisting threat level (1-255, 0 to disable greylisting)
Quotehttp:BL is enabled and has blocked %t visits (%b blacklisted and %g greylisted)."
msgstr "
Interesting, you should add greylisting to the SMF version!
Quote from: butchs on February 05, 2011, 11:05:23 AM
Interesting, you should add greylisting to the SMF version!
So you have just seen that now?
All that was discussed more than 2 years ago. In fact the first version of my mod httpBL was using a lot of the functions made by
praseodym for his Drupal mod (as stated in the credits).
Kind off topic, but related. :)
Since you both are reading this topic, I want to place it here. I want to commend both of you snoopy_virtual and butchs for your work on preventing spam.
I have used Stop Spammer for a long time and was very satisfied. Recently the bots started changing their habits a bit, so I would get at least a dozen or more a week that I would have to manually approve or disapprove. I then added httpBL, and the Forum Firewall to the site. In the last 2 weeks, I have only had 2 that I had to manually reject. The combination has been great. The firewall has stopped quite a few dos attacks and other weird bot behaviors, and http_BL has redirected over 800 spambots in two weeks. Thank you both for your hard work. :)
You don't have also the Anti-Spam Questions activated?
Since I activated them in all my 7 forums 4 months ago I didn't have even one spammer registered in any of them yet.
That's the main reason why I haven't been too bother really updating mod Stop Spammer lately. ;)
I did have the questions for a while, but it seemed a pain for real member registrants. As of right now, I will leave it alone unless more start getting in later. :)
It is always nice to hear good news. Thank you.
Quote from: butchs on July 31, 2010, 08:54:34 PM
This mod should fix the IP addresses in the users online log files. It works with 1.1.x and 2 RC3.
Plus, I added posting Server Side Excludes.
It will get put in the CloudFlare wiki next week.
How do I install this mod on SMF 1.1.13? Thanks.
I have been using Cloudflare since the Beta also. It's AWESOME. Get it! They (Cloudflare) do have a module to put on the server, which you can put up or have your web host install for you so that you can get the real IP.
I'm on shared hosting and I had to do a little bit of begging to get them to install the module on the server, but they finally did it.
I have a couple of issues with CloudFlare. Most have been adressed here. Some have only been hinted at.
My major beef with CloudFlare is poor customer relations. They talk a great game, and where are they when
there is a technical question at four in the morning?
I disabled cloudflare finally. All the troubles they couldn't address got addressed when I moved back to my regular
webhosting provider. In effect, my web hosting provider would tell me, via telephone call because THEY are available
24 hours a day by telephone, that my site was not listed as being hosted with them but by CloudFlare, so I should ask CloudFlare my technical questions.
CloudFlare is not available by phone, and barely available by email.
For my money? CloudFlare is like the old Brick cell phones: a great idea, but not perfected. Your mileage may vary.
Any chance of an SMF 2.0RC5 update to the plugin? I tried running the old version, but that had a bit of trouble. :-P
Quote
* 4. Execute Modification ./Sources/Subs.php Test failed
1. Add After ./Sources/Subs.php Test failed
please use the proper support topic for that mod, this is not the right place.
I did not publish the mod at the SMF mod site. It takes many months for one of my mods to get released. It is not worth my effort. Besides, the RC4 version works fine with RC5.
On the bottom right corner of package manager click "advanced" and set emulate version to "SMF 2.0 RC4".
We use CloudFlare, and have been very pleased.
@butchs
Thank you for your Mod to display IPs correctly, it works like a charm. We are using smf 1.1.13 :)
QuoteNo, I don't mean Google Analytics, but the Google adverts in the challenge page.
I have seen no ads in our challenge page. But We don't rely on Cloudflare's challenge page, we still use Recaptcha.
In total we have:
CloudFlare, ReCaptcha, StopForum Spam, and a light .htaccess file.
We are considering adding Forum Firewall and httpBL
I appreciate all of the developers of this kind of defensive software, since our site specilizes in removing malware from infected computers (for free). A little prevention cures a lot of problems
If a person uses this and decides they don't like it how hard is it to reverse everything and go back to the previous setup?
Just a few clicks then however long it takes the domain name to change.
Great, thanks for the quick reply. I grabbed your mod from the other page and want to try it out but was curious about the removal thing. By the way, I'm guessing you setup CF first then run the mod, is that correct?
EDIT: I forgot to ask one other thing. I register my main domain, does it cover all directories inside that? I just started a Wordpress blog would it be taken care of as well or do I need to use the WP CF plugin? Sorry if these questions are a bit overkill I'm just getting all my ducks in a row before I dive in.
Yes.
Yes it will cover all your directories. You will need both the WP and SMF plugin.
I'm hoping you may have an answer for this butchs(or anyone else possibly). I have the WP/CP plugin installed(installed it today) and everything is showing as fine except for the fact the blog site has horrible load times. I'm honestly not sure if it's due to CF or what as I wasn't on that section of the site yesterday but the day prior pages would load almost instantly. Now today however the page loads take around a minute. I'm looking around the CF help section now hoping to find something but I figured asking here might result in an optional help solution. Thanks.
CF uses cache to make your site faster. Could be your host? Ask CF.
is there a CloudFlare support forum?
Just wondering as I never knew about one but did try to find one. Any tech support I needed I just emailed Matthew
as I was beta testing it. I stopped using CloudFlare awhile back when all my members were being blocked. Turns out
my host didn't like how every member was seen as coming from the same IP range (CloudFlare) and decided to block
the whole range. I know a patch or mod or something came out but without my host's cooperation I decided that I was
fine using mod_httpbl (http://custom.simplemachines.org/mods/index.php?mod=2155), Stop Spammer (http://custom.simplemachines.org/mods/index.php?mod=1547), Bad Behavior Mod (http://custom.simplemachines.org/mods/index.php?mod=2502), and Anti-Spam Verification Questions (http://custom.simplemachines.org/mods/index.php?mod=1516). I haven't had even one
spammer in months.
Hi Angie,
The url to contact CloudFlare can be found here: https://www.cloudflare.com/contact.html
There is a mod for SMF here: http://www.cloudflare.com/wiki/SMF
Quote from: damoncloudflare on May 09, 2011, 02:01:31 AM
Hi Angie,
The url to contact CloudFlare can be found here: https://www.cloudflare.com/contact.html
There is a mod for SMF here: http://www.cloudflare.com/wiki/SMF
Thanks Damon
Quote from: Angie KidneyKorner on May 04, 2011, 04:00:00 AM
is there a CloudFlare support forum?
Just wondering as I never knew about one but did try to find one. Any tech support I needed I just emailed Matthew
as I was beta testing it. I stopped using CloudFlare awhile back when all my members were being blocked. Turns out
my host didn't like how every member was seen as coming from the same IP range (CloudFlare) and decided to block
the whole range. I know a patch or mod or something came out but without my host's cooperation I decided that I was
fine using mod_httpbl (http://custom.simplemachines.org/mods/index.php?mod=2155), Stop Spammer (http://custom.simplemachines.org/mods/index.php?mod=1547), Bad Behavior Mod (http://custom.simplemachines.org/mods/index.php?mod=2502), and Anti-Spam Verification Questions (http://custom.simplemachines.org/mods/index.php?mod=1516). I haven't had even one
spammer in months.
Basically HttpBL does exactly the same job as Cloudfare, in screening your potential members - without the problems of shared IP addresses and such ;)
Hi Lex
I collaborate with Angie in another community where the only thing we do is to fight spammers all day long with all the weapons we can find, so I talk a lot with her and I think she already knows that.
My guess is that she is just trying to find a CloudFlare support forum to give them some grieve. (Man, she can talk really nasty when she's angry ... ;D )
I wouldn't like to have Angie as an enemy. ;D
I second that one myself. She loves to give the spammers a lot of grief. I would not want to be a spammer in her sights. :)
Quote from: snoopy_virtual on June 15, 2011, 06:49:34 PM
My guess is that she is just trying to find a CloudFlare support forum to give them some grieve. (Man, she can talk really nasty when she's angry ... ;D )
I wouldn't like to have Angie as an enemy. ;D
Hahah Snoopy :P
Quote from: busterone on June 15, 2011, 07:08:23 PM
I second that one myself. She loves to give the spammers a lot of grief. I would not want to be a spammer in her sights. :)
You guys are great :D
Hey butchs, I switched to CloudFlare today and am about to install SMF2.0! My concern were the IPs too for spambot protection (my previous forum on fluxBB was crawling with them) so your Mod will be just what I need :)
Small note though, I am not sure if you are aware of it or not but unregistered Users can NOT see your forum attachments. I had to register extra to see it (and wasn't sure if I would when I do, thought I missed something else)
Just saying, maybe you get more downloads from other SMF users that use CloudFlare when your plugin is a direct link on a file hoster or something :)
But thats minor issue. Thanks for the hard work!
Not sure how the mod can have anything to do with attachments? Sounds like your SMF admin preference settings.
The mod is linked to the CF site. It is free, so I do not care about downloads.
Hi butchs, I think you misunderstood what I ment :) I ment to get your CF mod in the first place, in this very thread, as attachment on the bottom of your post on page 1. When you're not logged in / registered, you don't really see that its attached in your posts. There is no note like "This user attached a file, register to download it" which left me wondering a while how I can get your plugin. That's all. It's visible once registered and I got it. Thanks
Oh, sorry. If CF had a place to put it I would put it on their server. But they seem not to want to give me space so it is here...
Hi butchs, too bad, they really should :)
I encountered something strange. When I installed your Bad Behavior Mod and Cloudflare Mod both together, no IP adresses showed up. When I deactivated the Cloudflare Mod, IP adresses started showing up again. Bad Behavior Mod is configured to Reverse Proxie with the CF header, no IP adresses defined. Is there some sort of compatibility issue between those mods? Will I encounter any negative effects just using Bad Behavior mod and not Cloudflare mod?
Thank you
Quote from: Genjin on July 08, 2011, 03:44:15 PM
I encountered something strange. When I installed your Bad Behavior Mod and Cloudflare Mod both together, no IP adresses showed up. When I deactivated the Cloudflare Mod, IP adresses started showing up again. Bad Behavior Mod is configured to Reverse Proxie with the CF header, no IP adresses defined. Is there some sort of compatibility issue between those mods? Will I encounter any negative effects just using Bad Behavior mod and not Cloudflare mod?
NO! I have been using both mods together uninterrupted since I created them. I have no issues.
CF mod has nothing to do with the Bad Behavior (BB) mod. CloudFlare (CF) mod only changes the way SMF reads the ip addresses. Due to security reasons, Bad Behavior finds the visitors ip address internally, keeps them to it's self and does not share them with SMF. BB is an island upon it's self. Neither mod uses any part of the other to operate.
The missing ip address is just CF going down for maintenance, an ip address being spoofed or CF not being turned on. Maybe you need to go to the CF web-page and adjust the CF settings for your site?
Only set Bad Behavior for the "Reverse Proxy/Load Balancer" when CF is active. You need to check "Enable Reverse Proxy", put "Cf-Connecting-Ip" in "IP call to Reverse Proxy" and leave "Reverse Proxy Addresses" blank. Then Bad behavior and the Project Honeypot Feature will use the correct ip addresses for testing.
If you exhausted all options then Forum Firewall (FF) with the following will take care of any ip spoofers you may see:
"Enable Testing", "Block Violations", "Logging", "Enable IP Validation" checked.
"Country Code via Headers" set to "Cf-Ipcountry", "Visitor IP call to Proxy" set to "HTTP_CF_CONNECTING_IP" and "Proxy Header ID" set to "Cf-Connecting-Ip".
Do not use other portions of FF mod unless you read the built in help "click on the ?'s" and fully understand what you are doing. 8)
With respect to the mods:
CF Mod translates the ip addresses that CF provides to SMF so the members have the correct ip address while it is operation. If the service stops for any reason the addresses will be incorrect. SMF reads the same information over and over so the work of the mod is tedious.
BB Mod reads the ip addresses that CF provides to it's internal system and uses this information, among other things, to determine if it wants to block someone. If the CF service stops for any reason the mod will only partially work. Since all the addresses it sees will be the same the honey pot portion will not work.
FF Mod reads the ip addresses that CF provides to it's internal system and uses this information, among other things, to determine if it wants to block someone. If the CF service stops for any reason the mod will detect this and continues to do it's job unabridged. You should see an increase in blocks since CF is no longer blocking and FF is taking over. This does not happen often but, it can happen once in a while.
Quote from: Aleksi "Lex" Kilpinen on June 15, 2011, 07:32:58 AM
Basically HttpBL does exactly the same job as Cloudfare, in screening your potential members - without the problems of shared IP addresses and such ;)
Thats so not true it is a sin! Cloudfare does much much more than a mere old port of the Dupral version of httpBl...
Well, I did not mean it as if it would be the only thing it does - but in regards to spammers and such, it does do the same thing basically...
Besides cache and etc it has some basic protection that goes beyond project honeypot. You can block countries like RU & China. There are some basic tests in the free package that removes spammer and script kiddies before they reach your site. It even has a Bad Behavior option. Evident by the amount of bad traffic I see before and after enabling the service. I am sure the free package of CF tests more than just the honeypot database.
It is not fool proof but it certainly cuts down on the work my mods have to do while it is on-line.
Hi butchs,
yes your plugins work perfectly fine. I had a screwup somewhere else (with my DNS records)
On another note, here's something nice for Nginx users like me: https://www.cloudflare.com/wiki/Nginx
If you are using Nginx as Webserver and experienced enough to install this module, you will not need any special plugins for the scripts you use to get the real IP. With this module Nginx does that already for you, provided you configured it right :)
I was using this mod and it was working perfectly, after I changed my domain and added it to cloudflare, 6 hours later and all the user IPs are still 0.0.0.0 I should wait more or this is a mod error ?
----
Yes i had o wait a bit more, nvm ^^ works now
Nothing is wrong with the mod. Cloudflare is not working. Check your Cloudflare settings.
Quote from: butchs on July 31, 2010, 08:54:34 PM
This mod should fix the IP addresses in the users online log files. It works with 1.1.x and 2 RC3.
Plus, I added posting Server Side Excludes.
It will get put in the CloudFlare wiki next week.
EDIT: Update for SMF Gold.
what that does
Basically it prohibits suspicious visitors from seeing the content in the bbc code.
Read up on it at the Cloudflare site.
hey . . . CloudFlare sent me here . . . I tried to install, but I'm getting "./Sources/Subs.php Test failed"
Can anyone confirm it should work with v2.0.1?
There are several different mods that do this... which one?
The mod is located at reply 3 (http://www.simplemachines.org/community/index.php?topic=391926.msg2726085#msg2726085). It was made for the default theme.
Ah, in which case, this addresses the user's question:
http://wiki.simplemachines.org/smf/Error_in_mod_installation
Quote from: Kindred on December 01, 2011, 11:39:14 AM
There are several different mods that do this... which one?
I'm using the one I found on this thread here:
http://www.simplemachines.org/community/index.php?topic=391926.msg2726085#msg2726085
It was last modified on June 18, 2011, meaning it's quite possible the reason I'm getting an error is because it's not compatible with v2.0.1. Of course, it could also be because it's not compatible with a mod I have installed, hence why I'm asking :P
So . . . can anyone confirm it should work with v2.0.1?
It works on my version of 2.0.1 and the date matches my records.
The package manager only gave me an error on Subs.php. It was looking for this but couldn't find it:
array(
if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0)
$data = \'http://\' . $data;
'),
'disallow_children' => array('email', 'ftp', 'url', 'iurl'),
'disabled_after' => ' ($1)',
),
So I opened up Subs.php and found this instead:
array(
'tag' => 'url',
'type' => 'unparsed_equals',
'before' => '<a href="$1" class="bbc_link" target="_blank">',
'after' => '</a>',
'validate' => create_function('&$tag, &$data, $disabled', '
if (strpos($data, \'http://\') !== 0 && strpos($data, \'https://\') !== 0)
$data = \'http://\' . $data;
'),
'disallow_children' => array('email', 'ftp', 'url', 'iurl'),
'disabled_after' => ' ($1)',
),
So I just manually added this right after the above code as per the directions in the error:
array(
'tag' => 'sse',
'before' => '<!--sse-->',
'after' => '<!--/sse-->',
'block_level' => true,
),
I then ignored the error and installed the package. It's now reporting IP's properly.
However, I'm getting tons of errors related to httpBL, ForumFirewall:
8: Undefined variable: ip File: /home/sr/public_html/my_site/Sources/httpBL_Subs.php
8: Undefined index: HTTP_CF_CONNECTING_IP File: /home/sr/public_html/my_site/Sources/Subs-ForumFirewall.php Line: 28
It also doesn't fix the IP reporting in AjaxChat.
Anyone know what I can do to resolve this issue?
Yeow... If package manager reports an error you should not install the mod! The is most likely a mod conflict. You should uninstall other mods until the conflict goes away. Furthermore, if you manually install part you should manually install all of the mod.
That is true especially for this mod since there are so many changes. Please uninstall the mod and manually install it or start from scratch!
httpBL though well written a few years ago has issues now. The main issue I have with the mod is that it is easy for a modern bot to bypass it's protection. Bad behavior with project honeypot does much better.
If you get a "HTTP_CF_CONNECTING_IP" error in forum firewall then you need to set:
Visitor IP call to Proxy -> 'HTTP_CF_CONNECTING_IP'
Proxy Header ID -> 'Cf-Connecting-Ip'
I do not use 'AjaxChat" so I can not make a comment there without detailed input. Compatibility with all other mods in the world is impossible... If you want to try please post it with the appropriate mod.
I noticed that with this mod many IP addresses are resolving correctly now. However, a few still point to Cloudflare. It appears much of CloudFlares IPs are now blacklisted by httpBL and BadBehavior, thereby blocking out my visitors. And it hides the true IPs of actual spammers.
It appears I'm going to be forced between these two choices: disable BadBehavior, httpBL, and ForumFirewall . . . or remove CloudFlare. Any opinions? I'm thinking CloudFlare must go . . .
QuoteIf you get a "HTTP_CF_CONNECTING_IP" error in forum firewall then you need to set:
Visitor IP call to Proxy -> 'HTTP_CF_CONNECTING_IP'
Proxy Header ID -> 'Cf-Connecting-Ip'
I checked, and it's already set like that . . .
I have no interest in manually modding files. I tried that before for several years, but every SMF version upgrade was a huge hair pulling experience to keep track of all the changes. I promised myself never again :P
(I guess I could write my own personal mods, but I don't really have time for that either . . .)
httpBL is not compatible with Cloudflare.
Bad Behavior is if you check Enable Reverse Proxy, set "IP call to Reverse Proxy" -> 'Cf-Connecting-Ip' and leave "Reverse Proxy Addresses" blank.
BadBehavior and ForumFirewall work with the proper settings. Do not forget to purge the cache.
Quote from: butchs on December 05, 2011, 05:07:53 AMBad Behavior is if you check Enable Reverse Proxy, set "IP call to Reverse Proxy" -> 'Cf-Connecting-Ip' and leave "Reverse Proxy Addresses" blank...Do not forget to purge the cache.
I made the changes, and it seems BB is now working properly. How does one purge the cache for BB?
But I'm still getting the "HTTP_CF_CONNECTING_IP" error in forum firewall . . .
BB cache resets automatically every day but can be manually reset in Scheduled Tasks.
You must have an typo somewhere. Please post the error from the log and your settings in the "forum firewall" support board.
I made the post here:
http://www.simplemachines.org/community/index.php?topic=417490.msg3225399#msg3225399
Hey butchs, do you think you could update your modification to support IPv6 as well since it's now one of the features of CloudFlare? Your CF mod and the IPv6 mod have a number of conflicts.
Sorry, I learned my lesson with the smartphone mod, do not program something you can not personally test.
:'(
Quote from: butchs on February 12, 2012, 02:44:58 PM
Sorry, I learned my lesson with the smartphone mod, do not program something you can not personally test.
:'(
I'm guessing the reason you can't test is the lack of an IPv6 connection? You can setup a IPv6 tunnel with http://www.tunnelbroker.net/ . I can help you get it working if you want.
This is not an official mod and I only made it to have CF compatibility with my site. I do not like the massive amounts of code edits. I believe that the IPV6 mod does it in a much simpler way. With that said, I am busy and I do not intend to work on this mod. But, I give you or anyone else permission to do whatever you want with it, take it over, change it for ipv6 compatibility. Enjoy.
:)
Anybody planning to take up where the venerable Butchs is leaving? I have a forum of 150 people, averaging 8-9GB of Bandwith per month, 1.5 Million page views per year and regularly limiting on CPU and Memory. Sufficed to say I am looking for options. :)
I feel that this topic doesn't really require team attention anymore, so I'm marking this solved.
@Don Peters - If you disagree with me, feel free to mark the topic not solved again.
A bit of a necropost, but I came up with a different fix for the IPs not being reported properly in SMF 1.1.x:
Quote
1) Open index.php
2) Right below the <?php line (Should be the top line in the file), insert this:
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
3) Open SSI.php
4) Right below the <?php line (Should be the top line in the file), insert this:
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
It's not the cleanest (overwriting $_SERVER vars...) , but it doesn't break IPs for connections that are outside of cloudflare (we have an SSL connection that's not going through cloudflare), and it's far less intrusive into the code.
Hello. I recently installed the mod on a 2.0.2 board. The installation came back as successful and there were no errors. However, I still see only CloudFlare IPs in the guest list and on member profiles.
Any ideas what I should try next? Thank you.
The mod works with 2.0.2. Reset you CF cache. Check the install.
Seems to be working now. Thanks. :)
Sounds like you did not reset the CF cache.
:)
I didn't do anything really. Just started working. Either way, glad its working. :)
hey butchs,
since this topic ended over a year ago, not sure if the instructions are still valid.
the default value for "IP call to Reverse Proxy" in BB mod is currently "X-Forwarded-For".
however, in your post above, you stated that the value for "IP call to Reverse Proxy" should be "Cf-Connecting-Ip".
may i ask which is the correct value that should be in that field since i'm using cloudflare?
thanks!
There are other proxies out there. For CF use ""Cf-Connecting-Ip".
noted with thanks!
last quick question, do i have to "enable bad behavior" for the reverse proxy to work, or can i leave bad behavior turned off and only check the box "enable reverse proxy"?
your help is much appreciated!
Yes you have to "enable bad behavior" for it to work as the reverse proxy only works with the BB mod. Install the CF mod earlier in this thread for CF to work with SMF.
all working good now, thanks butchs!
There are Apache modules that can do the same thing my mod does:
https://github.com/cloudflare
Looking at the code in the Apache module "mod_cloudflare" it seems that if the source is not from CF it will deny access. If CF goes down you loose access. I would remove the the "#DenyAllButCloudFlare" and recompile.
<IfModule mod_cloudflare.c>
CloudFlareRemoteIPHeader CF-Connecting-IP
CloudFlareRemoteIPTrustedProxy 204.93.240.0/24 204.93.177.0/24 199.27.128.0/21 173.245.48.0/20 103.22.200.0/22 141.101.64.0/18 108.162.192.0/18
#DenyAllButCloudFlare
</IfModule>
Very useful topic and the support given by butchs is cool.
Am going to try now.
Thank you.
Also if butchs could support, my question is this,
I have a site here website.com pointed to my dedicated server ns1.website.com and ns2.website.com ( ex ip : 1.1.1.1 )
I have forum running separately in another dedicated server which as name server ns1.newserver.com and ns2.newserver.com ( ex ip : 1.2.3.4 )
I currently have a record pointed for forum.website.com to load from 1.2.3.4, so my forum is loading form the new dedicated server.
Now how do i point my cloudflare dns, still i will check for the documents, but your instant support is appreciated.
Not sure. I never tried doing it that way. I suggest running a test.
Quote from: butchs on August 06, 2013, 07:10:19 AM
Not sure. I never tried doing it that way. I suggest running a test.
Thank you anyway , i will try and report here.