News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Anyone here working with CloudFlare/HoneyPot antibot software?

Started by Don Peters, July 21, 2010, 05:03:33 PM

Previous topic - Next topic

Don Peters

I received an e-mail invitation from Matthew Prince, of Project Honey Pot, to test out their new beta software called CloudFlare. The purpose of CloudFlare is to keep spambots and other bad bots from even reaching your forum. They do this by changing your forum's DNS settings so that traffic first goes to CloudFlare, where it is checked against Project HoneyPot's spambot database, and then if the user passes, he is passed along to your forum. Along the way they also provide some extra services such as caching your website and scrambling your support e-mail addresses so they can't be harvested by a spambot.

I was about to try it when I realized there might be some SMF issues I'd have to deal with. Specifically, SMF would see traffic coming from CloudFlare rather than the accessing user. Also, my software gets the referring URL, and I'd have to code around this. I'm told the SMF software compatibility mods are minimal, but I don't have the time or PHP experience to make them. Hence, I was wondering if others here were attempting to use CloudFlare, and if so, if they developed the necessary mods to enable a smooth transition to it.

Don

Kill Em All

I haven't heard of it today, but it looks trustworthy. Although I find it weird that the guy emailed you about it.

I'm not sure if its compatible or not with SMF, you will just have to try it.


My Site: KEAGaming.com

Manual Installation of Mods
Prevent Spam and Forum Attacks
Please do not PM or email me for support unless offered, help should be publicly displayed to others.

butchs

I was invited and checked them out and they are for real.  I am currently  trying it with SMF 2 RC3 and have no log errors to date.   But I noticed that SMF 1.1.x requires the following changes:

QuoteTo make CloudFlare compatible with Simple Machine Forum 1.1.x and so there are no log issues, please run the following process:
1. open SSI.php
2. on ~ line 165
find:
if (isset($_SERVER['REMOTE_ADDR']) && !isset($_SERVER['is_cli']) && session_id() == )
replace with:
if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && !isset($_SERVER['is_cli']) && session_id() == )
3. Save
4. open Sources/Load.php
5. on ~ line 441
find:
updateMemberData($ID_MEMBER, array('ID_MSG_LAST_VISIT' => (int) $modSettings['maxMsgID'], 'lastLogin' => time(), 'memberIP' => '\ . $_SERVER['REMOTE_ADDR'] . '\, 'memberIP2' => '\ . $_SERVER['BAN_CHECK_IP'] . '\));
replace with:
updateMemberData($ID_MEMBER, array('ID_MSG_LAST_VISIT' => (int) $modSettings['maxMsgID'], 'lastLogin' => time(), 'memberIP' => '\ . $_SERVER['HTTP_CF_CONNECTING_IP'] . '\, 'memberIP2' => '\ . $_SERVER['BAN_CHECK_IP'] . '\));
6. on ~ line 491
find:
'ip' => $_SERVER['REMOTE_ADDR'],
replace with:
'ip' => $_SERVER['HTTP_CF_CONNECTING_IP'],
7. Save.
8. open Sources/QueryString.php
9. There are 20 to replace in this file so it is easier to use find and replace for this file.
10. Save and upload all. Done.

Tutorial by MKNJHILL :)

It will be interesting to see what passes through to get caught by my SPAM software.  So far BB is active and Project Honeypot stopped recording.  Still have to give it time and look at my other measures.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

This mod should fix the IP addresses in the users online log files.  It works with 1.1.x and 2 RC3.

Plus, I added posting Server Side Excludes.

It will get put in the CloudFlare wiki next week.


EDIT: Update for SMF Gold.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Kill Em All



My Site: KEAGaming.com

Manual Installation of Mods
Prevent Spam and Forum Attacks
Please do not PM or email me for support unless offered, help should be publicly displayed to others.

Don Peters

I'd rather leave this open until some more users report their experiences with CloudFlare.

Specifically, CloudFlare is supposed to eliminate most of the spambot attacks. But I just implemented the mod which determines if a registration attempt is made by a human or bot, via asking several questions. That seems to have stopped the spambots dead.

So, given this mod, I'm wondering if CloudFlare is really worth it. I'd love to hear some opinions on this.

butchs

I spent several hours of my time adding a SMF 1.1x version to my mod just for you when I have SMF 2.0 RC3.  You could try it?
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Wizzlefits

Quote from: Don Peters on August 03, 2010, 05:36:13 PM
I'd rather leave this open until some more users report their experiences with CloudFlare.

Specifically, CloudFlare is supposed to eliminate most of the spambot attacks. But I just implemented the mod which determines if a registration attempt is made by a human or bot, via asking several questions. That seems to have stopped the spambots dead.

So, given this mod, I'm wondering if CloudFlare is really worth it. I'd love to hear some opinions on this.

I've been using CloudFlare (CF from now on) for a couple weeks. Personally, I Love it!
Why you ask?  ;)
First off, CF is NOT a single program to stop the bad guys. It's a whole suite of programs with servers all over the country (hence the Cloud part). Which by the way, are currently running at over 500 hits per second, only a small fraction of capacity.

Second.. They say "we take the hit so you don't have to" They really do take the bandwidth hit.
Think about all the bandwidth and processor time that is wasted dealing with bots. Every mod we run trying to stop spammers costs us. Be it increased bandwidth (for big sites), slower loading pages, or the time we take to update this mod or the other. You did get that last update didn't you?  ;) Not to mention weeding through logs full of bot data trying to find the important stuff.

Enough of that, you want to know how CF is working for me.
Before CloudFlare, I was running 3 mods, 1 script  and had a huge .htaccess file to stop the spammers/hackers.
My SMF error log got so bad I shut error reporting off. (just 1 bot hitting 2 &3 time a second for 2 or 3 minutes makes a log full of junk)
Now I have 1 mod running, Stop Spammer and my htaccess is down to about 8 short lines.  ;D

I kept Stop Spammer running because CF relies heavily on the HoneyPot database, which we know only has bots caught by their traps and not reported by humans. Whereas Stop Spammer uses the human data from Stop Forum Spam.
At first I was getting 2 or 3 bots a day sneaking through CF. For the last 3 days there have been 0. This is due in part to the fact that CF also uses human reporting, via our block list.
Noticed a few being blocked that aren't in the Honey Pot database. Good to see! CF is learning.

So far all the features I've tested or tried work very well. Yes there is a bug every now & then, but it IS still in beta. One thing is for sure, they squash the bugs in short order.

One more thing. Ain't done rambling! ::)
Quote
I'm wondering if CloudFlare is really worth it.
Let me ask..
Do you like to... waste time, energy, money, bandwidth, and sometimes sleep?
Do you like to.. wade through endless pages of useless data looking for the important stuff?
Do you like to.. worry if that script you just installed has an exploit that a hacker will find before you do?
Do you like to.. make every single potential new member jump through 10 hoops just to join?
Do you like to.. worry someone might post personal info that a bot could grab and use?
Do you like to.. wonder what you would do if your site was hit by a denial of service attack?
I'll stop there...

So... is it worth it?
Just the features the free version will have makes it a no brainier.
Don't get me wrong! CloudFlare isn't the end all be all. But they'll sure make a heck of front line. And it makes the 2nd line soooo much easier to handle.

butchs

I like it too.  My bandwidth has dropped from over 6gb to less than 1.  I am still keep my normal protection behind it and am catching the stragglers.  httpBL will see one 2-3 days and Bad Behavior will catch 3-5 a day and my personal firewall 15-20 per day, mostly bad countries.  They say they have parts of Bad Behavior built in it but I prefer to try it on my end and continue to perfect the mod.  Besides my mods use cache to reduce processor load.  99% of the bots do not make it to Stop Spammer.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Wizzlefits

@butchs
Hope you don't mind, but I spruced up your Wiki post a bit. Made it look a bit more Wikified. LOL!

Wow! A 5gb drop?!  :o Sweet!

I shut down half of httpBL yesterday as it only logged 2 hits in 4 days. Will always have something running on my end.  ;)

Oh!
Thanks for the CF mod!
Seems to be working just fine, but haven't had time to check in detail.

butchs

Thanks, I am not much at conforming to the rules Wiki...   ;)

I had some problems with Bad Behavior conforming that the traffic is from Coudflare.  After doing some research Michael Hampton (from BB) found that CloudFlare had some errors in a DNS record.
Quoteerror@underground ~/Downloads $ host 204.93.177.106
Host 106.177.93.204.in-addr.arpa. not found: 3(NXDOMAIN)

I sent the information to them but never had a reply.  I think they fixed it.  So if all of the sudden everybody gets banned you can edit the following in "core.inc.php" until it passes.   ???

Search:
if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
require_once(BB2_CORE . "/cloudflare.inc.php");
if ($r = bb2_cloudflare($package)) return $r;
}

replace:
if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
// require_once(BB2_CORE . "/cloudflare.inc.php");
// if ($r = bb2_cloudflare($package)) return $r;
}


I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Wizzlefits

Noticed that sometime last night (9:30 pm EST) IP's were not being captured. Uninstalled mod CloudFlare, back to normal.
CF made some changes around the same time.

butchs

Yea,  I emailed them and they said they took on many new users and the bandwidth went through the roof and they were fixing it.


I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

butchs

It is back up for me.  Times like this make me wish that SMF had just one check for an visitor Ip address so i can easily add a auto-detection script for CloudFlare.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Wizzlefits

Quote from: butchs on September 05, 2010, 03:47:58 AM
It is back up for me.  Times like this make me wish that SMF had just one check for an visitor Ip address so i can easily add a auto-detection script for CloudFlare.

Then it wouldn't be a challenge and you'd get bored, quit coding and spend the rest of your days in the park feeding pigeons and people would call you "the  pigeon man"..... ok, a bit far! But you know what I mean... :o

butchs

Oh but I prefer to quite coding.  Those bots are the only reason I coded at all this summer.   :-X
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Vandaahl

Quote from: butchs on July 31, 2010, 08:54:34 PM
This mod should fix the IP addresses in the users online log files.  It works with 1.1.x and 2 RC3.

Plus, I added posting Server Side Excludes.

It will get put in the CloudFlare wiki next week.


I would like to thank you for this mod. I am using Cloudflare since yesterday realised that without proper IP's all banned users had access to my board again. Not good.

Scratching my Head

Quote from: butchs on July 31, 2010, 08:54:34 PM
This mod should fix the IP addresses in the users online log files.  It works with 1.1.x and 2 RC3.

Plus, I added posting Server Side Excludes.

It will get put in the CloudFlare wiki next week.




Should this also work for 2.RC4? 


I keep getting CloudFlare's ip for everyone,
and I want to be able to see the actual I.P of members and guests.

Is that what this is for?

butchs

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Scratching my Head


Advertisement: