News:

Join the Facebook Fan Page.

Main Menu

httpBL

Started by Diego Andrés, February 17, 2010, 03:55:54 PM

Previous topic - Next topic

mariusfv

Hi,

Update please for 1.1.13 , don't parse the modification.
I use stopspamforum mod and I want to use this too, I have to many spammers with recaptcha, activation e-mail and stopspamforum, I don't understand have they defeat recaptcha by google ? to many robots it seems bypass recaptcha.
Russia spammers bypass recaptcha so easy....90% of my spammers are from  Russia Federation and 8% from Ukraine...2% others.

Have a nice day !

busterone

Quote from: sheryltoo on February 14, 2011, 07:22:34 PM
What happens if I don't put any of those links on my site cause this is sounding way too confusing and over my head?
The mod will still work as long as you have the honeypot installed, with the correct link entered on the admin page for this mod, and you have your API key input as well. The links help catch harvesters that are not yet in the database. They read the links, go there, then harvest the emails, and then they fall for the trap.
PM me if you would like some help getting your links installed on your forum.

bedges

Just installed this today on 1.1.13, seems to be working fine (even though it's for 1.1.12).

2 things:

Typo in warning.php

$txt['httpBL_warn_infected_1'] = 'The most likely cause is that your computer, or another computer operating on your local network, has been <strong>infected with a virus, trojan, or worm</strong>. Infected computers are used by criminals, without their owners knowledge, to send spam and attack websites like this one you are trying yo visit.';

Typo in warning_css.css

h1
{
   font: bold 2em Arial, Helvetica, sans-serif;
   margin:0;
   padding:0}
}


Attached is a reformatted CSS file for your convenience.

Thanks for the mod :)

Doug Varrieur

Is there a way for me to report spammers to you? The mod works great but some still get through, I'd like to help build the pot :)

Aleksi "Lex" Kilpinen

Quote from: Doug Varrieur on February 16, 2011, 08:47:02 AM
Is there a way for me to report spammers to you? The mod works great but some still get through, I'd like to help build the pot :)
If you have a working honeypot, then you are already contributing towards the httpBL database run by Project Honeypot, and used in this mod. :)
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Doug Varrieur

I don't, I use a quick link...my host doesn't have one set up :(

Aleksi "Lex" Kilpinen

Quote from: Doug Varrieur on February 16, 2011, 08:58:06 AM
I don't, I use a quick link...my host doesn't have one set up :(
That helps as well - It is through honeypots and quicklinks that the project gets all the info it uses :)
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Doug Varrieur

So Lex, is there a reporting function in the control panel that I'm missing? This morning I banned 12 new "users" who were obvious future spammers when I checked there IP's. I'd like to shoot my ban list up to the database??

Aleksi "Lex" Kilpinen

No, The project doesn't accept direct reports - but you can go the the project website, and comment on any IP address if you know something about them, or their activity.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

valentino86

Hi everybody. I'm using this mod on my forum but I'd like to allow one IP, how can I get it? In my joomla site I take some feed from the forum but now with this mod I can't because httpBL thinks that my joomla site is a spammer.

busterone

Quote from: valentino86 on February 18, 2011, 12:30:58 PM
Hi everybody. I'm using this mod on my forum but I'd like to allow one IP, how can I get it? In my joomla site I take some feed from the forum but now with this mod I can't because httpBL thinks that my joomla site is a spammer.
Odd, because the httpBL only reacts to IPs that are in the Project Honeypot database, and its reaction is based on the threat level it is assigned AND your threat level settings threshold.  see below
Number of days to consider good an IP

If an IP used to belong some time ago to a spammer, but nobody has seen it doing anything wrong since at least this number of days, we don't consider it dangerous now and we leave the visitor pass.
Threat level considered bad

Project Honey Pot gives every IP a threat level which is changing every day depending on what this IP does and how many days ago it did it. Every IP with a threat level lower than the number you put here will pass without even been checked.
Threat level considered VERY bad

Every IP with a threat level greater than the number you put here won't be able to pass at all. The IPs with a threat level between both numbers will see a captcha and, if they prove they are humans, they will be granted a pass for a few hours.
Minutes to keep the data in the cache
Every time the mod checks an IP saves the data in the cache (if it's enabled) and in the visitor's session for the amount of minutes you write here. If the same IP visit your page again before this amount of minutes have passed, the mod won't check it again, but it will use the data stored in the cache and/or session.

Hours until an IP needs to prove again it's human
As the IPs change very often, when the visitors see the captcha and prove they are human they are allowed inside the page only for this amount of hours. After that, the IP may be coming from a different computer.

Is your Joomla site on the same server/host as your forum?

Wizzlefits

Very interestink.
If you could post the joomla URL we might be able to sort the problem a bit.

Joshua Dickerson

Taking a quick look through the mod and I noticed a couple of things:
  • You should cache the result from Project Honey Pot so you aren't killing the server and it will be faster for the user
  • You should kill the access way sooner. In SMF 2.0, I was thinking about killing it right before scheduled tasks in index.php
  • Perhaps you can add .htaccess to it so you kill the access before it even gets to SMF
  • Warning.php should really be a static page (HTML) so it takes less resources. These bots already consume a lot of processing power, let's try to keep it to a minimum
  • Instead of checking if the user gets a "free pass" use a whitelist. Give the admin the option to create a white list that won't get checked. If you're going to do the .htaccess route, you'd need to configure the rewrite rules for that as well.
  • Send a 403 status code using header() on the warning page
  • I haven't gotten there yet, but I saw $txt strings in warning.php, why not include those in the language files? Really, the warning page should be in one language or in every language. It shouldn't even check for the user's language. Just give them every possible language. They are bots, but there is a slim chance they aren't. So, give them tons of text that they can look at if they aren't. Otherwise, you're wasting resources.
  • Consider releasing this under an open source license (BSD?) and putting it on Google Code or GitHub so it can grow and prosper for all.
Come work with me at Promenade Group



Need help? See the wiki. Want to help SMF? See the wiki!

Did you know you can help develop SMF? See us on Github.

How have you bettered the world today?

valentino86

Quote from: Wizzlefits on February 18, 2011, 07:46:08 PM
Very interestink.
If you could post the joomla URL we might be able to sort the problem a bit.

Of course www.meccanicaweb.it [nofollow] and yes the forum is on the same server www.meccanicaweb.it/forum [nofollow]

Now I've disabled the mod

Wizzlefits

#554
Looks like your server IP is just triggering httpBL. So, just to make sure that there is not a code problem, change "Number of days to consider good an IP" to 50 and "Threat level considered bad to" 15.
This should allow your server IP pass through.

If everything works okay, you can try to get your server white listed.
Quote
To white list an IP you need to log into http://www.projecthoneypot.org with your username there and tell them.

Unfortunately, they don't have an automated button to do that (unless you are logging exactly from the same IP you want to white-list) so you will have to enter their "contact us" section http://www.projecthoneypot.org/contact_us.php and send them an email explaining the situation.

I've never tried this with a server IP, so I'm not sure if it will work very well. If it doesn't, Snoopy will slap me a good one! lol!
But, you can make a special member group and in permissions, check the box to have httpBL never check that group.
Then, register a new member and add it to this group.
You will then have to manually edit the IP of the new member to that of your server. Do this by logging into phpMyAdmin and finding the new member in the "Members" table. member_ip and member_ip2 should be the same as your server IP.

If this works (finger crossed) you can then change the httpBL settings back to 90 and 10 and see if Joomla is allowed to pass.

valentino86

Quote from: Wizzlefits on February 19, 2011, 10:24:59 AM
Looks like your server IP is just triggering httpBL. So, just to make sure that there is not a code problem, change "Number of days to consider good an IP" to 50 and "Threat level considered bad to" 15.
This should allow your server IP pass through.

If everything works okay, you can try to get your server white listed.
Quote
To white list an IP you need to log into http://www.projecthoneypot.org [nofollow] with your username there and tell them.

Unfortunately, they don't have an automated button to do that (unless you are logging exactly from the same IP you want to white-list) so you will have to enter their "contact us" section http://www.projecthoneypot.org/contact_us.php [nofollow] and send them an email explaining the situation.

I've never tried this with a server IP, so I'm not sure if it will work very well. If it doesn't, Snoopy will slap me a good one! lol!
But, you can make a special member group and in permissions, check the box to have httpBL never check that group.
Then, register a new member and add it to this group.
You will then have to manually edit the IP of the new member to that of your server. Do this by logging into phpMyAdmin and finding the new member in the "Members" table. member_ip and member_ip2 should be the same as your server IP.

If this works (finger crossed) you can then change the httpBL settings back to 90 and 10 and see if Joomla is allowed to pass.

Thank you very much for this answer. Well, I've changed the settings to 50 and 15 and that works, but the member with special permissions ( never check by httpBL) doesn't work with the settings to 90 and 10 and of course I've already changed the IP in the database. Why? I think that the member has to login almost one time.

Wizzlefits

Think you may be right. Should have had you login as the new user, log out, then change the IP. That would have updated all the other tables and only left the IP to be changed.

Hopefully, Honey Pot will allow you to white list the IP. But since it belongs to a shared host...who knows.

Also, if you haven't installed it yet, you should also use Stop Spammer http://custom.simplemachines.org/mods/index.php?mod=1547
They compliment each other very well. Oh, make sure to un-check "Check their username" in Stop Spammer, as it has a tendency to cause to many false positives.

butchs

Quote from: Wizzlefits on February 19, 2011, 10:24:59 AM
I've never tried this with a server IP, so I'm not sure if it will work very well. If it doesn't, Snoopy will slap me a good one! lol!

I will lay low when he comes back if I were you.  :)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Wizzlefits

Quote
I will lay low when he comes back if I were you.  :)
That's the plan! ;)

welshdog

Project Honeypot seems to be having 'issues'.

When I tried to register on the site I was met with a message saying "Unable to save captcha-image." and no way of submitting the request... or even telling them there was an issue!!

I opened the site on three different browsers (IE 8, Firefox 4 and Chrome) and got the same result.

Anyone have any idea what's up over there?

Advertisement: