News:

Join the Facebook Fan Page.

Main Menu

httpBL

Started by Diego Andrés, February 17, 2010, 03:55:54 PM

Previous topic - Next topic

snoopy_virtual

Quote from: IdanC on October 30, 2010, 05:30:50 PM
this is by far the best answer i ever got in these forums!

a small donation shall be made soon to show my appreciation  :)

Well, thanks for your kind words. Actually, I always answer everybody as best as I can, but I think that's the first time somebody shows so much gratitude for one of my answers. I really appreciate that.

And by the way, when you talked about making a donation I just realized I forgot to add a "donate" button to the mod.

I have been so concentrate in making the mod working as best as possible that I really forgot about it completely.

I have just added the donate button, so you're ok now.  ;D

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

IdanC

#381
my pleasure!

i still feel unsecure about the settings: it's been 24 hrs with no viagras, but i'm afraid it's too strickt now - 10% of my users (around 40) went through the question page, and looking at the Humans log shows practicly no threat -

IP Th.L LBA
77.125.4.226 2 2 Yes
79.181.30.242 6 80 Yes
77.125.4.226 2 2 Yes
79.181.30.242 6 80 Yes
77.125.4.226 2 2 Yes



ok, now i'm really confused - all of the above came with the comment "Threat Level too low. Allowed to pass", does that mean they were'nt questioned? but still - google analytics shows 40 unique views for warning.php.

snoopy_virtual

Quote from: IdanC on October 31, 2010, 11:17:35 AM
i still feel unsecure about the settings: it's been 24 hrs with no viagras, but i'm afraid it's too strickt now - 10% of my users (around 40) went through the question page, and looking at the Humans log shows practicly no threat -

IP Th.L LBA
77.125.4.226 2 2 Yes
79.181.30.242 6 80 Yes
77.125.4.226 2 2 Yes
79.181.30.242 6 80 Yes
77.125.4.226 2 2 Yes



ok, now i'm really confused - all of the above came with the comment "Threat Level too low. Allowed to pass", does that mean they were'nt questioned? but still - google analytics shows 40 unique views for warning.php.

Sorry, I had a mistake when I answered you to this. I was thinking about something different.

Let me see if I can explain this properly.

When I said:

Quote from: snoopy_virtual on October 30, 2010, 12:20:18 PM
Anybody allowed to pass without questioning is not in any log at all.

That's not true. I should have said instead:

Anybody with no data inside HoneyPot's DB ( Threat Level = 0 ) is not in any log at all.

And when I said:

Quote from: snoopy_virtual on October 30, 2010, 12:20:18 PM
Inside the humans log is all the people who where questioned and answered properly, proving they were humans.

I should have said:

Inside the humans log is all the people who where questioned and answered properly (proving they were humans) plus all the people that were not questioned at all because they had a Threat Level too low.

So all the entries in your Humans Log saying "Threat Level too low. Allowed to pass" are from visitors that were not questioned and never saw the warning page at all. They never noticed any difference and visited your forum undisturbed.

======

Another thing: I have been recommending everybody to install as well the anti-spam mods:


Do you have them?

======

Anyway, if you use Skype call me there and we can talk about it. I'm going to be connected all day and it would be an easier way to check everything in your forum and leave the settings proper.

Every forum is different and maybe the ideal settings for my forums are not ideal for yours.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual

#383
Quote from: IdanC on October 31, 2010, 11:17:35 AM
- 10% of my users (around 40) went through the question page, and looking at the Humans log shows practicly no threat -
.....
- all of the above came with the comment "Threat Level too low. Allowed to pass", does that mean they were'nt questioned? but still - google analytics shows 40 unique views for warning.php.

Before you start wondering about this and ask me about it I am going to answer you:

If google analytics says there has been 40 unique views for warning.php it means there has been 40 different IPs who have seen that page.

So 40 of your visitors have visited that page.

To check that inside the httpBL logs, you need to count all the different IPs inside the 3 logs who have visited that page.


  • So count all the different IPs from the spammers log (all of them have seen the warning page). Let's say the number is 10 (just like an example).
  • Count also the different IPs in the humans log without the "Allowed to pass" sign. Let's say the number is 2 (as I said it's just an example).
  • Count also the entries in the errors log who have seen the warning page. Normally none of them (depending on the error message) so let's say this number is 0.

So the total is 12, but google analytics says there has been 40. Why this difference?

The difference are all the web crawlers (spider searchers from Google, Yahoo, Bing, etc etc) visiting all the pages in the world all the time.

Mod httpBL recognize them as legal robots doing their work and never disturbs them, so they don't appear in any log doesn't matter how many times they visit your warning page.

Anyway, instead of google analytics I will recommend you to use CrawlTrack, from http://www.crawltrack.net/

It's a free program and it not only has a lot better statistics that any other similar program. It also protects your site from hackers, sql injections, etc, acting in fact as the best firewall I have seen so far. I have it installed in all my sites.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

IdanC

another wonderful answer, thank you so much!

you covered pretty much everything, if i'll come across anything new i'll be sure to share.

and about the other mods, Stop Spammer isn't much help for me (a simple verification question covers the registration problem), same goes for Anti-Spam Verification Questions.

i do use Anti-Spam Links (which is a bummer for all the guests wishing to post links), and BadBehavior, which doesn't seem to catch that many...

SOC Caesar

Excellent mod, every forum should have it. Great work Snoopy  8)

SpectresOfConvoy[dot]net

snoopy_virtual

Thanks.

My pleasure.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual

New SMF version 1.1.12 thoroughly checked for compatibility with mod httpBL version 2.4

No changes needed at all in this mod, so if you are going to update your forum to the latest stable version (as you should) you shouldn't have any problem:

Mod httpBL version 2.4 is fully compatible with SMF version 1.1.12

Of course, as always, before I say anything, I only checked it a hundred times instead of a thousand times (as I should) so I am only 99.99% sure of what I say. I may have made a mistake somewhere.   ;D

So if you have any problem updating SMF to the new version let me know and I will look into it.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

wlchase

This is probably obvious to everyone but me, but in the database, what is the time format? If I see log time "1269900272", what does that translate to?

TIA!

And thanks for a great mod!
Bill
Bill http://www.czfirearms.us  SysAdmin

IdanC

Quote from: wlchase on November 04, 2010, 10:17:14 AM
This is probably obvious to everyone but me, but in the database, what is the time format?

it is, and it is this - http://www.epochconverter.com/.

snoopy_virtual

Quote from: wlchase on November 04, 2010, 10:17:14 AM
This is probably obvious to everyone but me, but in the database, what is the time format? If I see log time "1269900272", what does that translate to?

Inside the database all the times are stored in Unix timestamp.

So that number you see there is the time measured in the number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT).

We do it this way so it's easy to check if a number is higher than other one, measure differences between 2 of them, etc.

Of course this number is only useful for programs but it's no practical for humans trying to see it, that's why inside the logs it is already formatted to the forum time.

If you check that same entry in the httpBL logs (instead of inside the DB) you will see it as something like:

Today at 01:37:50 AM

Or:

02 - November - 2010, 09:13:52 PM

Or something like that.

Also you need to take into consideration that inside the database, the timestamps are using the server time, but inside the httpBL logs they use the forum time.

If your server and your forum are in the same place it will be no difference, but for example I have a forum in Spain with the server in Texas, so they have 7 hours difference, so I have set that up inside the Admin => Configuration => Features and Options => Overall time offset

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

wlchase

Thanks for the quick reply!

I wanted to know because I have 1500 pages of data in the logs I need to trim, going back to April, and doing via phpMyAdmin seems the best way, but I couldn't figure out the date string... I can now!

Bill
Bill http://www.czfirearms.us  SysAdmin

IdanC

maybe it's just me, but trying to install the mod on rc4 got me this error -

BLOB/TEXT column 'user_agent' can't get default something something...

i fixed it by removing all the lines
'default' => ''
from text fields in install2.php.


snoopy_virtual

You are absolutely right IdanC that is a big mistake I made.

The strange thing is nobody else noticed that error before. Everybody should have had that error when installing the mod, and not only in RC4, but in all SMF versions.

I don't remember how many times I have installed this mod myself (more than 10 for sure) and have never seen it. I suppose that it depends on the error warning level you have on your server or something like that, but it is definitely a big error and I need to sort it ASAP.

In the mean time, before I publish a new version of the mod, any of you installing it new on any forum you should edit as well the package manually:


  • Unzip the file httpBL_v2_4.zip

For those of you using SMF 1.x:


  • Extract the file install_1.php
  • Inside it find the lines:


url text NOT NULL default '',
user_agent text NOT NULL default '',
error text NOT NULL default '',



  • Replace them with:


url text NOT NULL,
user_agent text NOT NULL,
error text NOT NULL,


For those of you using SMF 2.x:


  • Extract the file install_2.php
  • Inside it find the lines:


array (
'name' => 'url',
'type' => 'text',
'null' => '',
'default' => ''
),
array (
'name' => 'user_agent',
'type' => 'text',
'null' => '',
'default' => ''
),
array (
'name' => 'error',
'type' => 'text',
'null' => '',
'default' => ''
),



  • Replace them with:


array (
'name' => 'url',
'type' => 'text',
'null' => ''
),
array (
'name' => 'user_agent',
'type' => 'text',
'null' => ''
),
array (
'name' => 'error',
'type' => 'text',
'null' => ''
),



  • Zip again all the package together with the modified files
  • Install the package as normally

Of course, if it is not a new installation but you already had the mod installed and you are upgrading it you don't need to do this, because you already have this table created on your database .

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

EL34

QuoteThe strange thing is nobody else noticed that error before. Everybody should have had that error when installing the mod, and not only in RC4, but in all SMF versions

That error did not come up for my install
My Forum is on a windows server
Not sure if that make a difference or not.


QuoteOf course, if it is not a new installation but you already had the mod installed and you are upgrading it you don't need to do this, because you already have this table created on your database
What table are you talking about Snoop?
Forum History -> EZBoard -> YABB -> SMF 1.1.19 -> SMF 2.0.19

snoopy_virtual

Quote from: EL34 on November 07, 2010, 06:47:42 AM
QuoteThe strange thing is nobody else noticed that error before. Everybody should have had that error when installing the mod, and not only in RC4, but in all SMF versions

That error did not come up for my install
My Forum is on a windows server
Not sure if that make a difference or not.

No, it doesn't make any difference if it's a windows or linux server. The error has been there all the time in all the servers, but nobody has seen it before because it depends on the error level you have set-up in your server.

Quote from: EL34 on November 07, 2010, 06:47:42 AM
QuoteOf course, if it is not a new installation but you already had the mod installed and you are upgrading it you don't need to do this, because you already have this table created on your database
What table are you talking about Snoop?

I'm talking about the table that keep on your database all the data for the httpBL logs. If you can see your httpBL logs it means that table has already been created and it's working properly, so you don't need to worry about that error at all.

As I said only people installing the mod fresh (as a new installation) need to worry about it, and anyway I think I will have the next version of the mod ready very soon, with this problem sorted in it, of course.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Saint_Frater

#396
Here is the Mod admin French's page:

modification.french.php
// Lines changed from v2.3 to v2.4
$txt['httpBL_log_user_agent'] = 'User Agent';
$txt['httpBL_cookie_length_sub'] = 'Comme les adresses IP changent très souvent, lorsque les visiteurs voient les "captcha" et qu\'ils prouvent qu\'ils sont humains, ils sont autorisés uniquement pour ce nombre d\'heures. Après ce temps, il se peut que l\'adresse IP soit attribuée a une autre ordinateur. Nous ne vous conseillons pas de modifier ces 5 dernières valeurs jusqu\'à ce que vous connaissez la façon dont fonctionne httpBL.';

// New lines in v2.4
$txt['permissionname_httpBL_free_pass'] = 'httpBL Mod ne v&ecute;rifie pas ce groupe';
$txt['permissionhelp_httpBL_free_pass'] = 'Si cette permission est active, tout les membres du groupe ont un acc&egrave;s authoris&eacute; au site sans v&eacute;rification par httpBL, m&ecirc;me si le PC est sous le contr&ocirc;le d\'un trojan.<br />---<br />Activez cette option seulement si vous savez ce que vous faites.';
$txt['httpBL_last_act_too_high'] = 'La derni&egrave;re activit&eacute; remonte &acute; trop de temps. L\'acc&eagrave;s est authorisaeacute;';
$txt['httpBL_threat_too_low'] = 'Niveau de menace trop bas. L\'acc&eagrave;s est authorisaeacute;';
$txt['httpBL_enable_sub'] = 'Avec cette option s&eacute;lectionn&eacute;e, le Mod est actif. Si vous d&eacute;sactiv&eacute; l\'option; le mod sera inactif.';
$txt['httpBL_config_sub_3'] = 'Voici la pr&eacute;sentation pour les utilisateurs qui n\'ont pas trop l\'air dangereux. Avec un captcha, ainsi il peuvent prouver qu\'ils sont bien humains. Si vous d&eacute;sirez v&eacute;rifier ce qui sera pr&eacute;sent&eacute; aux visiteurs REELEMENT dangereux(sans captcha) utilisez plut&ocirc;t ce lien:';
$txt['httpBL_mod_no_connect_1'] = 'Mod httpBL is ON but there is no connection just now with HoneyPot. Please try later.';
$txt['httpBL_mod_no_connect_2'] = 'Si lez probl&egrave;me presistent, vous pouvez demander de l\'aide dans le <a href="http://www.simplemachines.org/community/index.php?topic=366399" target="_blank">forum de suport officiel</a>.';
$txt['httpBL_mod_new_version_1'] = 'Mod httpBL est ACTIF, mais pas &agrave; jour.';
$txt['httpBL_mod_new_version_2'] = 'Il y a une nouvelle version de ce mod. <a href="http://custom.simplemachines.org/mods/index.php?mod=2155" target="_blank">Veuillez mettre a jour d&egrave;s que possible</a>.';
$txt['httpBL_mod_all_ok'] = 'Mod httpBL est ACTIF, il est &agrave; jour et la connection vers le HoneyPot est parfaite.';
$txt['httpBL_mod_is_off'] = 'Mod httpBL est INACTIF.';
$txt['OS_Browser_Compatible'] = 'compatible';
$txt['OS_Browser_OS'] = 'Syst&egrave;me d\'exploitation';
$txt['OS_Browser_Unknown'] = 'Inconnu';
$txt['OS_Browser_Browser'] = 'Navigateur';
$txt['httpBL_cache_length'] = 'Dur&eacute;e de vie (en minutes) pour conserver les r&eacute;sultats dans le cache';
$txt['httpBL_cache_length_sub'] = 'Chaque fois que le mod v&eacute;rifier une IP, il sauve le r&eacute;sultat dans le cache (si celui-ci est activ&eacute;) et dans la session du visiteur pour le nombre de minutes donn&eacute;es ici. Si la m&ecirc;me IP se pr&eacute;sente a nouveau avant l\'expiration du d&eacute;lais que vous avez donn&eacute;, le mod ne va pas faire de v&eacute;rification, mais il utilisera le r&eacute;sultat stock&eacute; dans le cache et/ou la session.';
$txt['httpBL_view_os_whosonline'] = 'Voir les donn&eacute;es OS & Navigateur dans la page "Qui est en ligne"';
$txt['httpBL_view_os_whosonline_sub'] = 'Mod httpBL utilise des fonctions de "Mod OS & Browser Detection" pour afficher dans le log les syst&egrave;me d\'exploitation et navigateur utilis&eacute; pour chaque visites stock&eacute;es das ces logs. Si vous d&eacute;sirez avoir ces informations (Syst&egrave;me d\'exploitation et navigateur) &eacute;galement dans la page "Qui est en ligne", activez cette option. Bien sur, pour pouvoir ls afficher correctement dans les logs et dans votre page "Qui est en ligne", vous devez avoir install&eacute; soit <a href="http://custom.simplemachines.org/mods/index.php?mod=1515" target="_blank">Mod OS & Browser Detection</a> ou la version \'l&eacute;g&egrave;re\' <a href="http://custom.simplemachines.org/mods/index.php?mod=2155" target="_blank">addon to see OS & Browser in httpBL</a>.';



warning.php

/*******************
*  Set 1 - French *
*******************/
$txt['httpBL_warn_title_1'] = 'Attention';
$txt['httpBL_warn_denied_1'] = 'Acc&eagrave;s Refus&eacute;';
$txt['httpBL_warn_head_1'] = 'Notre programme anti-spam a d&eacute;tect&eacute; que vous &ecirc;tes un robot qui tente de poluer notre forum via du SPAM.';
$txt['httpBL_warn_infected_1'] = 'La cause la plus probable de ce blocage est que votre ordinateur, ou un ordinateur sur votre r&eacute;seau local, a &eacute;t&eacute; <b>infect&eacute; par un virus, cheval de Troie ou ver</b>. Les ordinateurs infect&eacute;s sont utilis&eacute;s &agrave; l\'insu de leurs propri&eacute;taires par des criminels, pour attaquer de diff&eacute;rentes façon des sites tels que celui que vous essayez de visiter.';
$txt['httpBL_warn_dinamic_IP_1'] = 'Si votre IP est dynamique et non pas fixe, celle ci change &agrave; chaque fois que vour red&eacute;marrez votre routeur. Peut &ecirc;tre le probl&eagrave;me est il seulement que vous utilisez aujourd\'hui une IP qui a servie r&eacute;cemment &agrave; un ordinateur infect&eacute;. Aussi vous pouvez tenter de red&eacute;marrer votre routeur et revenir ensuite sur ce site afin de v&eacute;rifier si l\'acc&eagrave;s s\'y fait alors normalement.';
$txt['httpBL_warn_technician_1_1'] = 'Dans tous les cas, nous vous recommandons de v&eacute;rifier ou faire v&eacute;rifier par un technicien que votre ordinateur n\'est pas infect&eacute; et demandez lui de visiter le site <b>www.projecthoneypot.org</b> pour y v&eacute;rifier les d&eacute;tails de votre IP:';
$txt['httpBL_warn_technician_2_1'] = 'et voir excatement ce qui y est indiqu&eacute;.';
$txt['httpBL_warn_info_1'] = 'Pour plus d\'informations, n\'h&eacute;sitez pas &agrave; contacter:';
$txt['httpBL_warn_at_1'] = 'at';
$txt['httpBL_warn_dot_1'] = 'dot';
$txt['httpBL_warn_hurry_1'] = 'Vous trouverez des explications d&eacute;taill&eacute;es ci-dessous. Toutefois, si vous &ecirc;tes press&eacute;s, vous pouvez acc&eacute;der imm&eacute;diatement au site, mais sachez qu\'il est possible que votre ordinateur soit infect&eacute;. Nous allons vous poser deux fois de suite des questions faciles sous une forme telle qu\'un robot ne saurait y r&eacute;pondre. R&eacute;pondez &agrave; la premi&eagrave;re question ci dessous (juste le nombre) pour prouver que vous n\'&ecirc;tes pas un robot et cliquez sur le bouton <b>"Envoyer"</b>:';
$txt['httpBL_warn_send_1'] = 'Envoyer';
$txt['httpBL_warn_blank_1'] = 'Ne mettez rien dans ce champ.<br />Saisissez la r&eacute;ponse dans la premi&eagrave;re case.';
$txt['httpBL_warn_wrong_1'] = 'Mauvais';
$txt['httpBL_warn_wrong_head_1'] = 'Mauvaise r&eacute;ponse.';
$txt['httpBL_warn_wrong_answer_1'] = 'Peut-&ecirc;tre n\'avons nous pas expliquer correctement ou peut-&ecirc;tre vous avez entr&eacute; une mauvaise r&eacute;ponse. Vous avez deux lignes diff&eacute;rentes. Dans la premi&eagrave;re vous une addition simple, un champs vide et un bouton "Envoyer". C\'est dans ce champs vide que vous devez &eacute;crire la r&eacute;ponse (juste des chiffres) et cliquer sur le bouton. Vous devez laisser le champs vide dans la seconde ligne.';
$txt['httpBL_warn_good_1'] = 'Bien';
$txt['httpBL_warn_good_head_1'] = 'R&eacute;ponse Correcte.';
$txt['httpBL_warn_good_answer_1'] = 'Votre r&eacute;ponse est bonne, mais veuillez noter qu\'un robot, m&ecirc;me si il n\'est pas capable de voir ou de comprendre la question, peut deviner la bonne r&eacute;ponse en essayant des chiffres au hasard. Bien sur il est impossible de donner deux fois la bonne r&eacute;ponse juste par chance donc, si vous le voulez bien, veuillez r&eacute;pondre une fois encore, et cliquer sur le bouton "Envoyer":';

snoopy_virtual

Wonderful. Thanks Saint_Frater

Merci beaucoup.  ;)

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

thing2

Hi there

Have just installed the new update and everything seems to be working well, and its saying "Mod httpBL is ON, it is up-to-date and the connection with HoneyPot is perfect." which is always good to see.  I'm assuming that its now compatible with the cache on our server as there is now nothing telling me that its not working properly - yay.

In the Log you have said that we can decide what group of members we don't want to be scanned, which is a really great feature and thanks for putting it in.  Keep up the good work and thanks for the help that you gave me previous even though it couldn't be solved due to the incompatibility with our cache.

Thing2

snoopy_virtual

Quote from: thing2 on November 10, 2010, 12:23:52 AM
Hi there

Have just installed the new update and everything seems to be working well, and its saying "Mod httpBL is ON, it is up-to-date and the connection with HoneyPot is perfect." which is always good to see.  I'm assuming that its now compatible with the cache on our server as there is now nothing telling me that its not working properly - yay.

In the Log you have said that we can decide what group of members we don't want to be scanned, which is a really great feature and thanks for putting it in.  Keep up the good work and thanks for the help that you gave me previous even though it couldn't be solved due to the incompatibility with our cache.

Thing2

It should be compatible now with your cache.

Leave the cache level to the recommended level 1 and leave the "Memcache settings" blank.

Check anyway your error logs. (Both the httpBL error log and your forum error log). If you see anything strange there let me know.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Advertisement: