Advertisement:

Author Topic: Forum Hard Hit Preventer  (Read 3446 times)

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Forum Hard Hit Preventer
« on: March 04, 2016, 07:57:17 PM »
Link to Mod


FORUM HIT HARD PREVENTER v1.6
By Dougiefresh -> Link to Mod


Introduction
One day, I released yet another mod to my website and noticed that once I published the link to the new thread, I started getting views on the thread.  In just over 15 minutes, 1,100+ views were logged for JUST THAT ONE THREAD!  It took deleting that thread for the attack to pretty much stop.  So I wrote this mod to try to play interference in attempts to bring a forum down....

This mod records all non-action visits (aka board index, individual boards and topics) from an IP address for all members EXCEPT for admin and moderators within the session data.  If the visitor is recorded as having more hits than a specified number of times per minutes, this mod will automatically place a ban in the .htaccess file.  The default (and minimum) is set to 30 (one hit every 2 seconds), which I feel is more than reasonable for most users.

This mod attempts to detect whether CloudFlare servers are being used, and writes the .htaccess accordingly.

Additional Requirements
Because we really don't want to ban our "wonderful" spiders, this mod turns on Search Engine Tracking Level to Standard setting in order to properly detect spiders.  For SMF 2.0.x, the Search Engine core feature is enabled in order to properly detect spiders.

Recommended Mods To Install
o More Spiders - Adds 83 more spiders/crawlers to your Spiders section in SMF!

Admin Settings
There is a new setting under Admin => Configuration => Security and Moderation called:
o Maximum number of visits allowed before automatic ban

Related Discussions
o [TIP/TRICK] How to ban users properly from .htaccess

Compatibility Notes
This mod was tested on SMF 2.0.11 and SMF 2.1 RC2, but should work on SMF 2.0 and up.  SMF 1.x is not and will not be supported. 

Changelog
The changelog can be viewed at XPtsp.com.

License
Copyright (c) 2016 - 2019, Douglas Orend
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #1 on: March 04, 2016, 08:16:54 PM »
Uploaded v1.1 - March 4th, 2016
o Added support for SMF 2.1 Beta 2.  No changes for SMF 2.0.x branch.

Offline nend

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 1,755
  • 2 deep n2 the code
    • sicommnend on GitHub
    • SIComm.us
Re: Forum Hard Hit Preventer
« Reply #2 on: March 05, 2016, 08:01:11 AM »
I was sort of curious of how the mod worked so looked at the code.

By blocking all ips that hit the forum more than x many times you run the chance of blocking valid users and indexing spiders.

I myself use prefetch on mobile and RSS so I would be on that permanent ban list. Also you have attachments, avatars and Ajax calls that should be ignored but instead each tick is logged.

Just a FYI,

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #3 on: March 05, 2016, 09:05:17 AM »
By blocking all ips that hit the forum more than x many times you run the chance of blocking valid users and indexing spiders.

I myself use prefetch on mobile and RSS so I would be on that permanent ban list. Also you have attachments, avatars and Ajax calls that should be ignored but instead each tick is logged.
First, I had forgotten about spiders.  I'll try to fix that so that our "wonderful" spiders (sarcasm intended) don't get blocked.....

Second, you obviously overlooked line 23 in the Subs-HardHit.php file.  It reads:
Code: [Select]
if ($user_info['is_admin'] || $user_info['is_mod'] || isset($_GET['action']))This means it won't log admin or moderator requests AND any action specified.  So this URL:
Quote
index.php?action=dlattach;attach=21;type=avatar
won't get logged.

Third, having noted the second point, (with the possible exception of prefetching), valid users won't hit the forum more than 30 times in a minute.  I obviously have to fix the prefetching situation, though....

Thank you for raising these concerns!

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #4 on: March 05, 2016, 10:19:41 AM »
I did a search for the word "prefetch" in the SMF source files and found several instances of the SMF aborting a prefetch request.  I've altered the mod so that it removes the current URL from the session data upon finding a prefetch request.  This should keep the mod from banning valid users....

I also found where the forum attempts to detect whether or not the "user" is a spider/robot.  Evidentally, when the Search Engine core feature isn't enabled, SMF "guesses" at whether the "user" is a robot or spider.  Obviously, we don't want to ban spiders from the forum, as they are the ones who give us traffic!  So, I figured out how to enable the Search Engine core feature, and turn on Search Engine Tracking Level to Standard setting in order to properly detect spiders.  This step is particularly important because SMF will guess at whether a user is a robot/spider and probably won't return valid results.  Searching for known spiders will help with keeping our "wondering" spiders from getting banned, while keeping other robots out of the forum....

I am also adding a recommended mod to install:
o More Spiders - Adds 83 more spiders/crawlers to your Spiders section in SMF!

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #5 on: March 07, 2016, 02:47:39 PM »
Uploaded v1.2 - March 5th, 2016
o Added code to remove URL log from prefetch requests, since they are aborted anyways...
o Added code to allow Subs-HardHit.php to allow spiders to not log URLs...
o Modified installer to turn on Search Engines core feature during install.
o Modified installer to set Search Engine Tracking Level to Standard (or better).



@Everybody: Usually I post what changes happened when I upgrade a mod.  That didn't happen and I apologize for any confusion this may have caused....

Offline Ninja ZX-10RR

  • SMF Hero
  • ******
  • Posts: 2,152
  • Gender: Male
  • Sniper Legends
    • Flavio93Zena on Facebook
    • Virtual Interactive Games Entertainment Forum
Re: Forum Hard Hit Preventer
« Reply #6 on: March 21, 2016, 10:24:35 PM »
Quick thanks for linking my old thread. :)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.
♥ Jess ♥

STOP EDITING MY PROFILE

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #7 on: March 24, 2016, 08:56:21 PM »
Quick thanks for linking my old thread. :)
Sorry about the late reply!  You're welcome!  It was very helpful in building this mod.  I only hope that I got everything right with the mod.....

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #8 on: October 31, 2016, 07:53:44 AM »
Uploaded v1.3 - October 30th, 2016
o Fixed multiple undefined index errors in this mod.

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #9 on: October 16, 2018, 11:32:44 PM »
Uploaded v1.4 - October 16th, 2018
o No functionality change.
o Updated documentation to point to new website.

Online Rock Lee

  • Native Language Support Specialist
  • SMF Hero
  • *
  • Posts: 3,001
  • Gender: Male
  • I also speak english :D
    • BomberCode.Oficial on Facebook
    • RockLee-BC on GitHub
    • @Bomber_Code on Twitter
    • Bomber Code ~ La nueva era del conocimiento
Re: Forum Hard Hit Preventer
« Reply #10 on: October 17, 2018, 09:11:59 AM »
I already commented on github but left it attached here also in case someone downloads it :)


Regards!
¡Regresando como cual Fenix! ~ Bomber Code © 2018
Ayudas - Aportes - Tutoriales - Y mucho mas!!!


Ayudame via PayPal

Offline ORIONzitos

  • Semi-Newbie
  • *
  • Posts: 13
  • Gender: Male
  • PT-BR voluntary Translator
Re: Forum Hard Hit Preventer
« Reply #11 on: October 17, 2018, 09:51:21 AM »
Hello again!  8) one translate more....
See the code... i only translate...no modify anything
« Last Edit: October 17, 2018, 10:10:25 AM by ORIONzitos »
Total of translations: 10

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #12 on: October 17, 2018, 11:56:25 AM »
Uploaded v1.5 - October 17th, 2018
o Added Spanish Latin translation, courtsey of Rock Lee.
o Added Brazilian Portuguese translation, courtsey of ORIONzitos.

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,859
  • Mod King
    • XPtsp.com Community
Re: Forum Hard Hit Preventer
« Reply #13 on: May 22, 2019, 10:45:35 PM »
Uploaded v1.6 - May 22nd, 2019
o Added support for SMF 2.1 RC2.
o Removed support for SMF 2.1 Beta 2.