Anyone here working with CloudFlare/HoneyPot antibot software?

[prince_bear]

I have Bad Behaviour, and http:BL running currently on a SMF 2.0 RC3 Forum. I am currently running into problems with legitimate users from sometimes questionable IPs hitting the http:BL captcha multiple times, over the course of several days. Would Cloudflare offer a solution by analyzing their usage to determine that they are just normal users, or because they are coming from questionable IP's just dead-end them faster?

[butchs]

No.  CloudFlare is written by the guys who made ProjectHoneypot so if your members are getting flagged with httpBL they will get flagged with CloudFlare.  Both offer human confirmation questions with set time limits.

[prince_bear]

Thank you, I was kinda suspecting that. I will keep searching and learning about forum security in the rougher parts of cyberspace.

[spamtrawler]

Hey Prince_Bear,

ProjectHoneypot have 2 values which may be interesting in your case:
Last Seen
and
ThreatLevel

When developing our software, we learned that these 2 values can make a huge difference in regards to "false positives"

Fighting spam can be a tough nut to crack 

For any questions, please feel free to ask.

Cheers
SpamTrawler

[prince_bear]

Thanks for that note spamtrawler

My question would be how do those values help me, if I have legitimate users coming from questionable IPs? They are getting flagged at a certain threat level based on the spam usage of those IPs, but those IPs are shared by hundreds if not thousands of clients. Most of those clients are not the problem, but the bad apples are ruining the batch for everyone else.

Only thing I can think of would be to place a "trusted cookie" on the user's machines after they have gotten through the captcha so that even if they are coming from a questionable IP they would be flagged as safe. Then you only have to worry about the public computers, which are accessing the forum.

[snoopy_virtual]

@prince_bear:

If you are using mod httpBL you are already using those 2 values.

I did that mod 2 years ago, and that's the first thing I took into account.

For more information on how to configurer properly those values, you can search the mod support thread.

For example you may find interesting this question I got there:

http://www.simplemachines.org/community/index.php?topic=366399.msg2833720#msg2833720

And my answer to that question:

http://www.simplemachines.org/community/index.php?topic=366399.msg2833827#msg2833827

[prince_bear]

@snoopy_virtual

Thanks! It definitely looks like you have done your homework!

[butchs]

Attached is the 2.0 RC4 version.

[Gaming4JC]

latest attached version seems corrupt for me... 

[butchs]

New copy uploaded.  It is for 2 RC4.

[Gaming4JC]

I'm still getting errors, seems to be the way the file is packaged due to the wildcard. Even IZArc was screaming 'corrupt! file is directory'.
I repackaged it for those of you who have problems with the above one. Works fine for me now. 

[Glasso]

Thanks for this mod, and a quick question...

Is it necessary to install mod_cloudflare in apache along with this mod? I understand this mod ensures IPS being correctly reported in SMF, but how about the rest of the website - drupal for example?

Thanks.

[snoopy_virtual]

Thanks for this mod, and a quick question...

Is it necessary to install mod_cloudflare in apache along with this mod? I understand this mod ensures IPS being correctly reported in SMF, but how about the rest of the website - drupal for example?

Thanks.

When I started studying Cloudflare my first impression was I didn't liked it because it was adding to my web pages google adverts that I couldn't control.

After studying it a little more, and comparing what I have found with other people using also Cloudflare, I like it even less, because we have seen a few times that some of that google adverts are pointing to fake anti-virus and to pages I wouldn't recommend at all, so I have stopped using it.

Of course it's up to you what anti-spam solutions you use, but if you want to be protected against all the spammers inside projecthoneypot database (that's what Cloudflare is for) I would recommend you to use programs (or mods) where you can control everything.

You can find a lists of the available programs and mods here:

http://www.projecthoneypot.org/httpbl_implementations.php

[Glasso]

When I started studying Cloudflare my first impression was I didn't liked it because it was adding to my web pages google adverts that I couldn't control.

... that some of that google adverts are pointing to fake anti-virus and to pages I wouldn't recommend at all, so I have stopped using it.

Hmm... I didn't know google ads are inserted. Are you referring to ads being inserted into the site pages or the challenge page?
Thanks.

[snoopy_virtual]

The challenge page

[butchs]

[When I started studying Cloudflare my first impression was I didn't liked it because it was adding to my web pages google adverts that I couldn't control.

Do you mean Google Analytics?  That can be turned off.  Go to cloudflare settings and turn off Google Analytics.

I found the Google Analytics implementation messes up with the warning pages of httpBL, BB and FF mods.  So I turned it off.

The challenge page

I would assume that disappears if you upgrade to a paying account?

All in all I like and use Cloudflare.   

Cons:
An experienced webmaster can do much on their own.
As far as protection goes I am not sure what it does that my current solution does not do.
Ads...

Pros:
Less effort, great for newbies.
It blocks the violator before reaching my forum and that saves bandwidth.
The cache increases speed.
Server Side Excludes are cool if you post an email address or phone number.
IP geolocation comes in handy.
Always Online is cool but I am not sure it works.

[Glasso]

...

Is it necessary to install mod_cloudflare in apache along with this mod? I understand this mod ensures IPs being correctly reported in SMF, but how about the rest of the website - drupal for example?

Thanks.

Any case, what is the answer to this, anyone?

[snoopy_virtual]

Do you mean Google Analytics?  That can be turned off.  Go to cloudflare settings and turn off Google Analytics.

I found the Google Analytics implementation messes up with the warning pages of httpBL, BB and FF mods.  So I turned it off.

No, I don't mean Google Analytics, but the Google adverts in the challenge page. Some of them are pointing to legal anti-virus and anti-trojans (but not all of them are good ones, even if they are legal) but it's even worst than some of them are  pointing to fake anti-virus.

I would assume that disappears if you upgrade to a paying account?

As far as I know they don't.

...

Is it necessary to install mod_cloudflare in apache along with this mod? I understand this mod ensures IPs being correctly reported in SMF, but how about the rest of the website - drupal for example?

Thanks.

Any case, what is the answer to this, anyone?

I already answered that. I gave you this link:

http://www.projecthoneypot.org/httpbl_implementations.php

Inside it you can see there is a mod made for Drupal here:

http://drupal.org/project/httpbl

[butchs]

Inside it you can see there is a mod made for Drupal here:

http://drupal.org/project/httpbl

I see my caching idea is catching on.   

The message visitors will see when their IP is blacklisted. <em>%ip</em> will be replaced with the visitor's IP, <em>%ipurl</em> with a link to the Project Honeypot information page for that IP, <em>%honeypot</em> with your Honeypot link.

The message visitors will see when their IP is greylisted. <em>%ip</em> will be replaced with the visitor's IP, <em>%ipurl</em> with a link to the Project Honeypot information page for that IP, <em>%honeypot</em> with your Honeypot link, <em>%whitelisturl</em> with the internal whitelist request URL."
msgstr "

Threshold for the greylisting threat level (1-255, 0 to disable greylisting)

http:BL is enabled and has blocked %t visits (%b blacklisted and %g greylisted)."
msgstr "

Interesting, you should add greylisting to the SMF version!

[snoopy_virtual]

Interesting, you should add greylisting to the SMF version!

So you have just seen that now?

All that was discussed more than 2 years ago. In fact the first version of my mod httpBL was using a lot of the functions made by praseodym for his Drupal mod (as stated in the credits).