News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

httpBL

Started by Diego Andrés, February 17, 2010, 03:55:54 PM

Previous topic - Next topic

snoopy_virtual

MOD httpBL v2.3.3
=============






  • Author:
snoopy_virtual
  • Version:
2.3.3
  • Release:
3rd March 2010
  • Languages:
  • Compatible With:
SMF 1.1.1 - 1.1.11
SMF 2 RC2

I had already that version finished a few hours ago, but I haven't released it until I have done a lot of tests in 2 of my forums (one with SMF 1.1.11 and the another one with SMF 2 RC2) and all the tests came OK, because I didn't wanted more surprises.

So I think this version will be the last one for a while and I can concentrate now in finishing the tutorial.

Of course, if any of you see any other error tell me and I will look at it.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

giveaway365.com

Sir,
the two file did not get copied in source directory and one in theme default directory.
This error in 2.3.3 version
Apply Filter: Only show the error messages of this URL  http://www.giveaway365.com/index.php?action=packages;sa=install2;package=httpBL_v2_3_3.zip
Apply Filter: Only show the errors with the same message
2: chmod() [<a href='function.chmod'>function.chmod</a>]: No such file or directory
File: /home/content/XXX/html/Packages/temp/install_1.php
Line: 91

I had to manually upload them in their respective directory and chmod to 644

snoopy_virtual

Quote
the two file did not get copied in source directory and one in theme default directory.
...
I had to manually upload them in their respective directory and chmod to 644

I have already installed this new version in all my forums and in all of them the files were copied properly and with the correct chmod permissions.

But of course it any of you have the same problem this is the right solution, upload them manually.  ;)

I will add that to the tutorial and the FAQ as soon as I arrive to that part.

Quote
This error in 2.3.3 version
...
2: chmod() [<a href='function.chmod'>function.chmod</a>]: No such file or directory

This is not an error in the mod, but in the SMF packages manager. As soon as I have time I need to check if this error has been already reported to SMF and (if not) report it myself.

You can see more info here:

http://www.snoopyvirtualstudio.com/foro/index.php?topic=314.msg1396#msg1396

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Sudhakar Arjunan

while installing got error

Add Before     ./Themes/default/index.template.php     Test failed

near </body> tag.
Working on New Mods & Themes for SMF... Will update soon... My Blog page
My Smf forum : Discuss ITAcumens :: My SMF Forum

snoopy_virtual

Quote from: A.SK on March 04, 2010, 04:12:46 PM
while installing got error

Add Before     ./Themes/default/index.template.php     Test failed

near </body> tag.

It means somehow you have modified your default index.template.php and you haven't got the original one.

I suppose it must be because of any other mod you have installed.

In that case you will need to do that modification manually.

Please read how to do that in the tutorial:

http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2

If there is anything there you don't understand, tell me and I will try to explain it a little better here.

Anyway, in order to make the mod work properly, you only need to do that modification in the index.template.php file of the Theme you actually use, so if you are not using the default theme but another one, you can forget the default one if you want and do the modification only in the Theme you are using.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

giveaway365.com

index.template.php   seriously has a problem.... it is not getting rectified. I tried lot of combinations to let smf install it but ended up uploading index.template.php  manually only.

But apart from this this mod seems to be more stable.
I think now httpbl in combination with stopspammer is best solution !

snoopy_virtual

Quote from: giveaway365.com on March 04, 2010, 11:38:35 PM
index.template.php   seriously has a problem.... it is not getting rectified. I tried lot of combinations to let smf install it but ended up uploading index.template.php  manually only.

Contact me via Skype when you finish work.

I would like to see what kind of index.template.php you have.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual

MOD httpBL v2.3.4
=============






  • Author:
snoopy_virtual
  • Version:
2.3.4
  • Release:
5th March 2010
  • Languages:
  • Compatible With:
SMF 1.1.1 - 1.1.11
SMF 2 RC2

When trying to see what was the problem in A.SK installation I discovered a big mistake on version 2.3.3

It would install more or less without a problem if you already had any other version of the mod installed before, but it was impossible to install it new.

At least not in SMF 2 RC2, but maybe this was also why GJSchaller had problems installing it.

So I have sorted that big mistake.




At the same time I tried a suggestion from butchs to sort the problem about


2: chmod() [<a href='function.chmod'>function.chmod</a>]: No such file or directory


reported by giveaway365.com.

As I said a few times, this is not a very important issue, but, as I had to do a new version anyway, I tried butchs suggestion and it works.

This time, as I was installing it I got no errors at all.




Anyway, as both errors are only at installation time, there is no real need to update if you have version 2.3.3 and it's working properly.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

giveaway365.com

the 2.3.4 version worked without any problem.
there are some main difference between 2.3.3 and 2.3.4 in index.template.php file

if ($context['current_action'] == 'httpBL')
$current_action = 'admin';
these to lines are new in 2.3.4 in index.template.php

and the codes were after the </body> tag in 2.3.3 and in 2.3.4 they are before the </body> tag.

Also i want to know if  a new version of package is available.... in the pakage manager of smf 1.1.11 it still shows a green icon saying the latest version is install where the latest version actually has already released. I think it happens in all mods. It seems some bug in smf.

Sudhakar Arjunan

Working wonderfully.

Marked almost 2 pages of spammers so far.

Great work Snoopy.
Working on New Mods & Themes for SMF... Will update soon... My Blog page
My Smf forum : Discuss ITAcumens :: My SMF Forum

snoopy_virtual

Quote from: giveaway365.com on March 05, 2010, 10:40:10 PM
the 2.3.4 version worked without any problem.

Glad to hear it.  ;)

Quote from: giveaway365.com on March 05, 2010, 10:40:10 PM
there are some main difference between 2.3.3 and 2.3.4 in index.template.php file

if ($context['current_action'] == 'httpBL')
$current_action = 'admin';
these to lines are new in 2.3.4 in index.template.php

These 2 lines had been there from version 2.0

The only differences between version 2.3.3 and 2.3.4 are at installation time. 2.3.3 was not creating the table in the database properly, so if you already had the mod installed before there was no problem, because even if you uninstall a mod, the changes it has done on the database stay there unless you undo them manually. So if you had the mod before, the database was already OK, but if you were installing it as a new mod it wouldn't install.

There are no differences at all between 2.3.3 and 2.3.4 inside the index.template.php

Quote from: giveaway365.com on March 05, 2010, 10:40:10 PM
and the codes were after the </body> tag in 2.3.3 and in 2.3.4 they are before the </body> tag.

All the things inside a web page are always before the </body> tag. Once you close the body you cannot write anything.

That's why I told you yesterday I wanted to see your index.template.php as I knew there was something really wrong with it, but it seems it's ok now.  ;)

Quote from: A.SK on March 06, 2010, 04:03:08 AM
Working wonderfully.
Marked almost 2 pages of spammers so far.
Great work Snoopy.

Thank you. Did you read my PM?

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

butchs

#131
I finally installed the latest version on-line.  I have been watching my spammer log and comparing it with the visitor log in my cpanel.  I have seen several bots visit that have a rating above my "Threat level considered VERY bad" (ie 30) bounce all over the place in a flurry of defiance, never touch my honeypot and then hit the warning.php page after a lengthy visit.

Here is part of my Cpanel latest visitor log (same as attached latest_visitors.jpg):


Here is the httpBL spammers log (same as attached Spammer_log.jpg):


Why is it taking so long?  Does the software track their IP in the log and status in SMF cache then and direct them to the appropriate screen ASAP EVERY time?  What happens when they come back?




Second question.  If a bot comes bye and answers the warning question. Before the cookie time expires their status with project honeypot increases above the high level you configured, will they get kicked off the site or will we have to wait until the cookie expires for them to get the boot?
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

snoopy_virtual

I think both are the more important questions anybody had asked until now. They have been actually the core of all my worries since I started doing the mod and also the things I have been watching and thinking and that is why I have done the log system so complicated, because I want to see all that kind of things.

I was planning to talk about all that, either in the tutorial or the FAQ, and I think I will explain it more there, but as they are so important, here I can give you a quick answer.

1.- That's because of the cache.

When I turn cache off I see bots coming, hitting a few pages in a row (very few seconds between them) and go away. All these pages are shown in both logs (cPanel and the mod)

They may comeback again a couple of hours later and again hit a few pages, etc.

Try to turn cache off for a few hours and you will see the difference.

With cache on, the mod only checks them once every 2 minutes. The first page they hit is shown in the mod log, but the rest of the hits just re-direct them to the warning page without even giving them the option to prove they are human and without putting it in the log to save bandwidth and space.

At least that's the way I have design the mod. I will take your screenshots and analyze them carefully to see if that's what's happening.

Wouldn't be a bad idea though to add this value to the config page also. I have it in 2 minutes now because all the bots in my forums are hitting like that, but this could be a nice improvement for lc62003

The bot he's having hits for 24h non-stop (every few seconds) and then goes away for 24h and then comes back again, etc.

If he changes the value for the cache from 2 minutes to 24h he will get only one entry of this bot in the log every 48 h




Quote
Why is it taking so long?

What is taking so long? Don't understand what you mean there.




Anyway let me think a little more about it and I will continue with the next question and more about the first one.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

butchs

Catching the bad bot seems to take some time.  O:)

Why not use the database you already made to dispose of repeat offenders?  When an IP comes you check the database, if they are bad send them to warning.  If they are not known check the honeypot.  Then make a auto delete after x amount of time to trim the database.
:o
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

snoopy_virtual

Quote
I have seen several bots visit .... never touch my honeypot ...

If they touch your honey pot or not you are not going to see it.

Everytime they hit the honey pot they send a signal to PHPot and everything they do inside it is recorded in their logs, not in yours.

With all that information they built the threat level for that IP and that's what you get everytime it's analyzed by the mod.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual

Quote from: butchs on March 06, 2010, 08:42:22 AM
Catching the bad bot seems to take some time.  O:)

Why not use the database you already made to dispose of repeat offenders?  When an IP comes you check the database, if they are bad send them to warning.  If they are not known check the honeypot.  Then make a auto delete after x amount of time to trim the database.
:o

That's the system of white, grey and black lists I was talking here:

http://www.snoopyvirtualstudio.com/foro/index.php?topic=297.msg1230#msg1230

I explained there why I don't like it and that's why I am using the system with cache, cookies and session instead.

Of course it's another option and I could do a test version of the mod with that system and see the difference. Another one for the list of "TTDOOTTWIHT", but some how I don't think it will be better.

If the mod, everytime a bot arrives need to read the log table and delete the entries older than 2 minutes you will loose your logs. I will need another table to do that, and that will take even longer.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual

Quote
Second question.  If a bot comes bye ... Before the cookie time expires ...

Before anything else here is a fact very few people take into account:

Spam-bots don't use normal browsers as Firefox, Internet Explorer, Opera, etc. They use special ones (different for every bot) and all of them (at least all the ones I know of) don't have cookies, javascript, etc

For example, a human using Internet Explorer with Windows OS, have the program IE installed on his hard disk. Everytime IE opens a page which send a cookie, it store that cookie inside the hard disk in "Documents and settings", etc.

A spam-bot is a program the spammers send to crawl the net gathering information, writing spam messages, etc, but it is jumping from one server to another and running on that servers, it's not running on any computer, and usually it doesn't use a browser installed on any computer, but it's built-in inside the bot itself, so it has no hard disk to store the cookie if you give it one.

Of course, I can be mistaken, but this is what I have understood after reading hundreds of pages about it. If any of you find information saying the opposite give me a link.

One good thing about the bots not having javascript activated is you can hide your email address using javascript and they won't see it.

Of course, as they cannot understand everything on the pages they are, but they just look for keywords, you can hide your email using simpler ways.

For example a spam-bot harvester is looking for any @ written on a page. Everytime it finds one, it take the word where the @ is in and put it in its database to use it later.

For example if I write here this:

[email protected]

I bet you in less than 5 minutes that address will get an email selling viagra or something (unless the guys here in SMF are already using my mod)  ;D

Good thing that address is not mine (I hope it doesn't even exists)  :P

More information about how to hide your email address in public forums, blogs etc here:

http://www.projecthoneypot.org/how_to_avoid_spambots.php

It actually has 6 pages and all of them are very interesting.I will recommend everybody to read them carefully.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual

Sorry, after so much talking my throat was dry and needed a break. Slange var

Continue:




Quote
Second question.  If a bot comes bye and answers the warning question. ...

I haven't seen yet a bot answering the questions in the warning page.

If you ever see one doing it please tell me ASAP, because then I will need to change the way the warning page is done.

That's why I have changed the way the log display the error message.

In version 2.2 and earlier, almost all of them were always "No error" and it will display something different only if there has been an internal error inside the mod.

From version 2.3 I don't call that column "error message" any more, but just "message", because if there is an internal error it will display which one, but if there is no error it will give you a lot of information about what happened with that IP.

For example it can tells you "Threat Level too high. Didn't show the captcha" or "0 Answers on the captcha" or "3 Answers on the captcha - 2 Good - 1 Bad" etc etc. There are a lot of possibilities.

The way the warning page is designed, all the spammers need to be either "Th. L. too high" or "0 Answers".

If a spammer can give even 1 good answer something is wrong.

And also, the way it's done, all the humans need to be either "2 Good - 0 Bad" or "2 Good - 1 Bad"

A human giving 2 or 3 bad answers means either it's somebody checking the warning page or something is very wrong.

I suppose anybody with enough knowledge to turn a computer on and move a mouse must know how much is 2 + 2

[mental-note]
Talk with any blind friend to check if the special browsers they use can read my warning page properly.
[/mental-note]

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

butchs

Quote from: snoopy_virtual on March 06, 2010, 08:44:29 AM
[Everytime they hit the honey pot they send a signal to PHPot and everything they do inside it is recorded in their logs, not in yours.

Every page change hit shows up in my cpanel visitor log including honey pot hits.  Yesterday I saw a banned IP get a error message and actually hit my honeypot.  This is why I wonder about the page hits.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

snoopy_virtual

Now that I have explained all these points I can actually answer your question very easy:

Quote
Second question.  If a bot comes bye and answers the warning question. Before the cookie time expires their status with project honeypot increases above the high level you configured, will they get kicked off the site or will we have to wait until the cookie expires for them to get the boot?

If a human (not a bot because they don't have cookies) answers the 2 questions OK they get a cookie for as long as you set in the config page (default 24h) and they are not checked again AT ALL within PHPot database until the cookie expires.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Advertisement: