httpBL

Aoife · February 26, 2011, 12:51:12 PM

Bad IPs are getting through the httpBL mod, after 9:00p last nite (the last entry in the Spammers Log). I've had a few in my Users Online this morning that show up with high threat levels in the Project Honey Pot database that should have been screened out but weren't.

Don't know what's going on..... $:-\$

Wizzlefits · February 26, 2011, 01:17:34 PM

Are you using the Stop Spammer mod? As the two work really well together. (wish they could be combined into one)

I have had spammers get through httpBL by brute force, hitting the registration page 15 to 20 times a second. But that was several updates ago. HP has been doing some updates, but don't know if that has anything to do with this.

snoopy_virtual · February 26, 2011, 01:29:23 PM

Quote from: aoife on February 26, 2011, 12:51:12 PM
Bad IPs are getting through the httpBL mod, after 9:00p last nite (the last entry in the Spammers Log). I've had a few in my Users Online this morning that show up with high threat levels in the Project Honey Pot database that should have been screened out but weren't.

Don't know what's going on..... $:-\$

That's really weird. It's not happening in any of my forums.

Have you checked if in mod httpBL config page still says everything is OK? (connection with the spammers database included).

Have you change the mod default Internal Settings?

Aoife · February 26, 2011, 01:32:45 PM

Quote from: Wizzlefits on February 26, 2011, 01:17:34 PM
Are you using the Stop Spammer mod? As the two work really well together. (wish they could be combined into one)

I have had spammers get through httpBL by brute force, hitting the registration page 15 to 20 times a second. But that was several updates ago. HP has been doing some updates, but don't know if that has anything to do with this.

no, just httpBL and logindetector. httpBL has been catching things up until last nite so not sure what's up, if anything. one of the IPs that got through is currently active and has a threat lvl of 32 so there's no reason why it should get through (although it's an IP we'd previously banned from the forums, before we installed httpBL). Another IP address was trying to modify karma but hadn't been banned.

And yes, Project HP has been going up and down all week it seems so that may have something to do with it.

thanks for the reply!

Aoife · February 26, 2011, 01:34:30 PM

Quote from: snoopy_virtual on February 26, 2011, 01:29:23 PM
Quote from: aoife on February 26, 2011, 12:51:12 PM
Bad IPs are getting through the httpBL mod, after 9:00p last nite (the last entry in the Spammers Log). I've had a few in my Users Online this morning that show up with high threat levels in the Project Honey Pot database that should have been screened out but weren't.

Don't know what's going on..... $:-\$

That's really weird. It's not happening in any of my forums.

Have you checked if in mod httpBL config page still says everything is OK? (connection with the spammers database included).

Have you change the mod default Internal Settings?

no haven't touched anything in the mod. and the connection is still showing as 'perfect'

snoopy_virtual · February 26, 2011, 01:49:36 PM

I suppose then it should be just a bad connection every now and then. As you said Project HP's server has been going up and down all week.

Anyway if the problem persist let's us know and we will see if we can think of any more possible solutions.

But as Wizzlefits said, I will advise you to add also mod Stop Spammer. If one of them fails the another one will stop them.

Aoife · February 26, 2011, 01:55:51 PM

Quote from: snoopy_virtual on February 26, 2011, 01:49:36 PM
I suppose then it should be just a bad connection every now and then. As you said Project HP's server has been going up and down all week.

Anyway if the problem persist let's us know and we will see if we can think of any more possible solutions.

But as Wizzlefits said, I will advise you to add also mod Stop Spammer. If one of them fails the another one will stop them.

okie dokie, i'll take a look at that mod. we'll be watching our logs for problems and i'll let you all know if this persists.

thanks again!

DJ-X · March 01, 2011, 06:51:59 AM

Protect your login from smart robots that pick up passwords

This code is inserted in index.php to the top.

Code Select


if (strstr($_POST['user'], 'SSSR'))                  // Tried to pick up the password
   {
   header("location: /yourhoneypot.php");
   exit();
   }

wickedgood · March 01, 2011, 08:06:05 AM

Is there any other place else I can download this mod?

Been trying for 3 days now at SMF and keep getting "unavailable".

Aoife · March 01, 2011, 08:33:31 AM

Quote from: wickedgood on March 01, 2011, 08:06:05 AM
Is there any other place else I can download this mod?

Been trying for 3 days now at SMF and keep getting "unavailable".

I just tried from http://custom.simplemachines.org/mods/index.php?mod=2155 and was able to access just fine.

wickedgood · March 01, 2011, 08:52:56 AM

Just tried again.......

"Temporarily Unavailable
Due to high stress on the server the forum is temporarily unavailable. Please try again later. "

Aleksi "Lex" Kilpinen · March 01, 2011, 08:59:48 AM

Works fine for me, try this http://custom.simplemachines.org/mods/index.php?action=download;mod=2155;id=164985

Aoife · March 01, 2011, 09:02:21 AM

Quote from: wickedgood on March 01, 2011, 08:52:56 AM
Just tried again.......

"Temporarily Unavailable
Due to high stress on the server the forum is temporarily unavailable. Please try again later. "

And I just tried again and was able to get thru again - maybe look in the Support boards and see if anyone else is having the same issue?

wickedgood · March 01, 2011, 09:56:41 AM

Quote from: LexArma on March 01, 2011, 08:59:48 AM
Works fine for me, try this http://custom.simplemachines.org/mods/index.php?action=download;mod=2155;id=164985

Nope. Same error code.

Aleksi "Lex" Kilpinen · March 01, 2011, 10:24:10 AM

OK, please make a new topic about this, detailing the problem and how long you have had this problem, on the Site Comments -board so our admins can have a stab at it

wickedgood · March 01, 2011, 02:32:23 PM

Finally got it downloaded and installed.

Server issue?

Seems to be working fine.

Thanks!

Aleksi "Lex" Kilpinen · March 01, 2011, 02:38:34 PM

The servers have been having load issues lately, so it was most probably related, but it usually only affects people for some minutes at a time - not straight days. So that's why I suggested posting to the Site comments.

MCK · March 04, 2011, 02:53:18 AM

I have a Global Moderator who accesses my site on his iPhone. He got trapped yesterday for no apparent reason. 2 questions.

Is the attached screen generated by httpBL mod or StopSpammer mod? I have both but can't tell which mod trapped this connection but I'm guessing it's httpBL.

If this is httpBL what can I do to make it go away? I'm guessing this is because the AT&T iPhone IP range is blacklisted due to some malicious activity. Is there a way for me to whitelist my user? Thanks for your help.

snoopy_virtual · March 04, 2011, 06:10:09 AM

That's not mod httpBL nor mod StopSpammer.

I would never put Google adverts on any of my mods.

My guess is you are using CloudFlare, that is a piece of software from a company done to make money, so they are more interested in putting adverts everywhere than actually stopping spammers.

MCK · March 04, 2011, 06:41:39 AM

Thanks for your clarification. I need to go read up on whitelisting on CloudFlare then. In the meanwhile I don't know why there is so much ill feelings about CloudFlare. I'm a new user and generally enjoy what they offer. What am I missing? Its interesting to note that they too use ProjectHoneyPot data to run their service. See http://www.cloudflare.com/wiki/DataSources

News:

httpBL