Proxy Blocker

[simmaster]

Here's Serbian translation for the whole modification

Errors

Code Select Expand

$txt['on_proxy'] = 'Izvinjavamo se, ali administrator je blokirao pristup preko proksija. Mogući problemi ovoga mogu biti korisćenje intraneta (školski/fakultetski internet), registracija preko mobilnog telefona, ili koriščenje browsera koji ne podržava kompersiju ili ne prihvata enkodiranje stranica';

Modsettings

Code Select Expand

$txt['proxyblock_reg'] = 'Blokiraj registracije ukoliko se koristi proksi';
$txt['proxyblock_index'] = 'Blokiraj forum ukoliko se koristi proksi';

And the last string

Code Select Expand

$txt['proxyblock_no_ip'] = 'Omogući korisnicima pristup forumu ako saznamo njihovu pravu IP adresu';

Thanks! I'll slip this into 1.1.5

[lexa90]

Np

Awesome mod btw

[Mr. Pirate]

i get blocked from my forum with or without a proxy?

[simmaster]

i get blocked from my forum with or without a proxy?

Use the killswitch and uninstall the mod. If you're behind any kind of proxy server, have no HTTP_CONNECTION set, or can't accept encoding, you will get blocked. The connection/encoding related options will be removed in 1.1.5

[simmaster]

2.0 is almost out. Here's a changelog:

Code Select Expand


[+] - Added feature
[-] - Removed feature
[*] - Bugfix
[%] - Security patch/new blocked proxy

v1.99 (2.0pre)
[*] More empty() checks to avoid killing your error log
[*] Deprecated the http-connection/accept-encoding checks
[+] Added language strings:
      [++] Serbian_Cyrillic
      [++] Serbian_Cyrillic-UTF8
      [++] Serbian_Latin
      [++] Serbian_Latin-UTF8
[+] Allows users whose IPs we can catch to register
[+] Add $kill_proxyblocker = 0 to the Settings file to make it easier for new admins to kill it
[*] Sync the version elements across all the mod files
[+] Common edits between SMF 1.1 and 2.0 are in a common.xml mod file
[*] Single quotes!
[*] Convert to strpos() for sanity's sake.
[*] Fixed a coding issue with checking if we can get their IP
[*] Use gethostbyaddr() only if mod is enabled


In progress

Code Select Expand


[+] Set a session for captured proxies so we don't kill your database
[+] Allowed IP list


I can't release it until I have a Spanish translation for:

Code Select Expand


$txt['proxyblock_no_ip'] = 'Allow users to use the forum if we can get their real IP';
$txt['proxyblock_allowed'] = 'Allowed IP addresses (separated by a comma and space)';


[Trevor Hale]

Is there anyway that you could possibly add a section where we could "Specify allowed IP's" For some reason I have 1 user who gets blocked when I turn this on, and he said he is not behind a proxy.

Best regards,

Trev

[simmaster]

Is there anyway that you could possibly add a section where we could "Specify allowed IP's" For some reason I have 1 user who gets blocked when I turn this on, and he said he is not behind a proxy.

Best regards,

Trev

I'll add that into my 1.1.5 todo. See if the experimental 1.1.5 mod unblocks him.

EDIT: Jumping this to 1.2 because of the number of edits made in the changelog, plus the fact that I'm working on listing the captured proxies. The experimental 1.1.5 is still attached, but you won't find the "Unblock if we can get IP" option if you're using SMF 1.1

[Mr. Pirate]

sorry i should of clarified. I get blocked from registering on my forum with or without a proxy?

[simmaster]

Try 1.1.5 experimental and see if you're unblocked, or wait for 1.2 and add yourself to the exclude list.

[Trevor Hale]

Fantastic support,  I will wait for your 1.2 with the exception list, and then try that.. 

Thanks again, and Happy New Year,

Trev

[Mr. Pirate]

this proxy blocker doesnt even work version 1.1.4 blocked me from registering with or without a proxy and version 1.1.5 experimental doesnt even block registration using a proxy 

[atokar]

The mod does not block Tor. Using FFx 3.5 on GNU/Linux with Privoxy and Tor, I can browse my local forum just fine.

Another concern is that the mod does gethostbyaddr in both index.php and Register.php even if the corresponding option is disabled. For index.php, I think you could fix it by replacing:

Code Select Expand

// What if we're on a proxy?
$hostaddr = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if(
!empty($modSettings['proxyblock_index'])
&& empty($kill_proxyblocker)
&& (!$hostaddr
|| $hostaddr == "."
|| empty($_SERVER['HTTP_ACCEPT_ENCODING'])
|| !empty($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !empty($_SERVER['HTTP_X_FORWARDED'])
|| !empty($_SERVER['HTTP_FORWARDED_FOR'])
|| !empty($_SERVER['HTTP_VIA'])
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| empty($_SERVER['HTTP_CONNECTION'])
|| stripos($hostaddr, "tor-exit")
|| IsTorExitPoint())
)

with:

Code Select Expand

// What if we're on a proxy?
if(
!empty($modSettings['proxyblock_index'])
&& empty($kill_proxyblocker)
&& (($hostaddr = gethostbyaddr($_SERVER['REMOTE_ADDR'])) && (!$hostaddr
|| $hostaddr == "."
|| empty($_SERVER['HTTP_ACCEPT_ENCODING'])
|| !empty($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !empty($_SERVER['HTTP_X_FORWARDED'])
|| !empty($_SERVER['HTTP_FORWARDED_FOR'])
|| !empty($_SERVER['HTTP_VIA'])
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| empty($_SERVER['HTTP_CONNECTION'])
|| stripos($hostaddr, "tor-exit")
|| IsTorExitPoint()))
)

And for Register.php just wrap the gethostbyaddr around in a conditional expression.

Another thing to note is that double quotes in SMF mods are greatly loathed (because they are slower than single quotes) and generally should be avoided.

[Arantor]

Oh, and stripos is also PHP 5 only (SMF supports PHP 4)

[atokar]

Oh, and stripos is also PHP 5 only (SMF supports PHP 4)

Shouldn't be a concern due to the following code in Subs-Compat.php:

Code Select Expand

if (!function_exists('stripos'))
{
function stripos($haystack, $needle, $offset = 0)
{
return strpos(strtolower($haystack), strtolower($needle), $offset);
}
}

[simmaster]

The mod does not block Tor. Using FFx 3.5 on GNU/Linux with Privoxy and Tor, I can browse my local forum just fine.

FFx 3.5 on Win7 32-bit with Vidalia bundle (Privoxy + Tor)
http://i45.tinypic.com/2rxab2v.jpg

Another concern is that the mod does gethostbyaddr in both index.php and Register.php even if the corresponding option is disabled. For index.php, I think you could fix it by replacing:

Code Select Expand

// What if we're on a proxy?
$hostaddr = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if(
!empty($modSettings['proxyblock_index'])
&& empty($kill_proxyblocker)
&& (!$hostaddr
|| $hostaddr == "."
|| empty($_SERVER['HTTP_ACCEPT_ENCODING'])
|| !empty($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !empty($_SERVER['HTTP_X_FORWARDED'])
|| !empty($_SERVER['HTTP_FORWARDED_FOR'])
|| !empty($_SERVER['HTTP_VIA'])
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| empty($_SERVER['HTTP_CONNECTION'])
|| stripos($hostaddr, "tor-exit")
|| IsTorExitPoint())
)

with:

Code Select Expand

// What if we're on a proxy?
if(
!empty($modSettings['proxyblock_index'])
&& empty($kill_proxyblocker)
&& (($hostaddr = gethostbyaddr($_SERVER['REMOTE_ADDR'])) && (!$hostaddr
|| $hostaddr == "."
|| empty($_SERVER['HTTP_ACCEPT_ENCODING'])
|| !empty($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !empty($_SERVER['HTTP_X_FORWARDED'])
|| !empty($_SERVER['HTTP_FORWARDED_FOR'])
|| !empty($_SERVER['HTTP_VIA'])
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| empty($_SERVER['HTTP_CONNECTION'])
|| stripos($hostaddr, "tor-exit")
|| IsTorExitPoint()))
)

And for Register.php just wrap the gethostbyaddr around in a conditional expression.

Another thing to note is that double quotes in SMF mods are greatly loathed (because they are slower than single quotes) and generally should be avoided.

Added for fixing in 1.2

Oh, and stripos is also PHP 5 only (SMF supports PHP 4)

Oh, and stripos is also PHP 5 only (SMF supports PHP 4)

Shouldn't be a concern due to the following code in Subs-Compat.php:

Code Select Expand

if (!function_exists('stripos'))
{
function stripos($haystack, $needle, $offset = 0)
{
return strpos(strtolower($haystack), strtolower($needle), $offset);
}
}

For sanity's sake, I'll change it to strpos.

this proxy blocker doesnt even work version 1.1.4 blocked me from registering with or without a proxy and version 1.1.5 experimental doesnt even block registration using a proxy 

Did you switch the right settings in 1.1.5?
http://i47.tinypic.com/huf13b.jpg


Guys, I'm trying to replicate the conditions you're using Proxy Blocker under. If I can't replicate them, I can't fix them.

[atokar]

Some (very) bugged version of Vidalia bundle then, or shall we blame it on MS?

The following code:

Code Select Expand

gethostbyname(ReverseIPOctets($_SERVER['REMOTE_ADDR']) . "." .
$_SERVER['SERVER_PORT'] . "." .
ReverseIPOctets($_SERVER['SERVER_ADDR']) .
".ip-port.exitlist.torproject.org")

returns:

Code Select Expand

206.226.251.192.80.2.2.168.192.ip-port.exitlist.torproject.org

instead of the expected "127.0.0.2".

[lexa90]

Here are the string you wanted

Code Select Expand


$txt['proxyblock_allowed'] = 'Dozvoljene IP adrese (ako navodite više adresa, odvojite zarezom i razmakom)';

And also, оne note It's not Cyrillic it's latin
But i'm gonna translate into cyrillic also

Cheers and HNY!

Also i made some fixes in text so here are the cyrillic and latin versions of it

Errors (latin)

Code Select Expand

$txt['on_proxy'] = 'Izvinjavamo se, ali administrator je blokirao pristup preko proksija. Mogući problemi ovoga mogu biti korišćenje intraneta (školski/fakultetski internet), registracija preko mobilnog telefona, ili korišćenje pretraživača koji ne podržava kompersiju ili ne prihvata enkodiranje stranica';

Modsettings(latin)

Code Select Expand

$txt['proxyblock_reg'] = 'Onemogući registracije ukoliko se koristi proksi';
$txt['proxyblock_index'] = 'Onemogući pristup forumu ukoliko se koristi proksi';

Code Select Expand

$txt['proxyblock_no_ip'] = 'Omogući korisnicima pristup forumu ako saznamo njihovu pravu IP adresu';
$txt['proxyblock_allowed'] = 'Dozvoljene IP adrese (ako navodite više adresa, stavite zarez i razmak između svake)';



Errors (cyrillic)

Code Select Expand

$txt['on_proxy'] = 'Извињавамо се, али администратор је блокирао приступ преко проксија. Могући проблеми овога могу бити коришћење интранета (школски/факултетски интернет), регистрација преко мобилног телефона, или коришчење претраживача који не подржава комперсију или не прихвата енкодирање страница.или коришћење претраживача који не подржава комперсију или не прихвата енкодирање страница.';

Modsettings (cyrillic)

Code Select Expand

$txt['proxyblock_reg'] = 'Онемогући регистрације уколико се користи прокси';
$txt['proxyblock_index'] = 'Онемогући приступ форуму уколико се користи прокси';

Code Select Expand

$txt['proxyblock_no_ip'] = 'Omogući korisnicima pristup forumu ako saznamo njihovu pravu IP adresu';
$txt['proxyblock_allowed'] = 'Дозвољене ИП адресе (ако наводите више адреса, ставите зарез и размак између сваке)';

[simmaster]

Some (very) bugged version of Vidalia bundle then, or shall we blame it on MS?

The following code:

Code Select Expand

gethostbyname(ReverseIPOctets($_SERVER['REMOTE_ADDR']) . "." .
$_SERVER['SERVER_PORT'] . "." .
ReverseIPOctets($_SERVER['SERVER_ADDR']) .
".ip-port.exitlist.torproject.org")

returns:

Code Select Expand

206.226.251.192.80.2.2.168.192.ip-port.exitlist.torproject.org

instead of the expected "127.0.0.2".

Then you're probably not truly using Tor or it is misconfigured. This function uses the TorDNSEL database by converting your IP to a DNSEL hostname. If the query sent returns 127.0.0.2 (which it did for me), you are using Tor. If not, you are not connected to Tor.

Do you use Torbutton?

Here are the string you wanted

Code Select Expand


$txt['proxyblock_allowed'] = 'Dozvoljene IP adrese (ako navodite više adresa, odvojite zarezom i razmakom)';

And also, оne note It's not Cyrillic it's latin
But i'm gonna translate into cyrillic also

Cheers and HNY!

Also i made some fixes in text so here are the cyrillic and latin versions of it

Errors (latin)

Code Select Expand

$txt['on_proxy'] = 'Izvinjavamo se, ali administrator je blokirao pristup preko proksija. Mogući problemi ovoga mogu biti korišćenje intraneta (školski/fakultetski internet), registracija preko mobilnog telefona, ili korišćenje pretraživača koji ne podržava kompersiju ili ne prihvata enkodiranje stranica';

Modsettings(latin)

Code Select Expand

$txt['proxyblock_reg'] = 'Onemogući registracije ukoliko se koristi proksi';
$txt['proxyblock_index'] = 'Onemogući pristup forumu ukoliko se koristi proksi';

Code Select Expand

$txt['proxyblock_no_ip'] = 'Omogući korisnicima pristup forumu ako saznamo njihovu pravu IP adresu';
$txt['proxyblock_allowed'] = 'Dozvoljene IP adrese (ako navodite više adresa, stavite zarez i razmak između svake)';



Errors (cyrillic)

Code Select Expand

$txt['on_proxy'] = 'Извињавамо се, али администратор је блокирао приступ преко проксија. Могући проблеми овога могу бити коришћење интранета (школски/факултетски интернет), регистрација преко мобилног телефона, или коришчење претраживача који не подржава комперсију или не прихвата енкодирање страница.или коришћење претраживача који не подржава комперсију или не прихвата енкодирање страница.';

Modsettings (cyrillic)

Code Select Expand

$txt['proxyblock_reg'] = 'Онемогући регистрације уколико се користи прокси';
$txt['proxyblock_index'] = 'Онемогући приступ форуму уколико се користи прокси';

Code Select Expand

$txt['proxyblock_no_ip'] = 'Omogući korisnicima pristup forumu ako saznamo njihovu pravu IP adresu';
$txt['proxyblock_allowed'] = 'Дозвољене ИП адресе (ако наводите више адреса, ставите зарез и размак између сваке)';

Thanks! I'll slip this into the next version as well.

[atokar]

Hmm... Considering that instead of my local IP, someone from US connected to my local forum, I think I'm using Tor, thank you very much.

[simmaster]

Again, I've tried to replicate it and was blocked successfully. If I can't replicate it, I can't fix it. As they say:

If it ain't broke... don't fix it.