Omnimaga
Omnimaga => Site Feedback and Questions => Topic started by: Netham45 on March 30, 2012, 01:54:32 pm
-
I put a script on the site that will check with stopforumspam for every page request, thanks to their DNSBL. I'm hoping this will both cut down on bandwidth and spambot registrations.
An example of a bad request: http://omnimaga.org/?testblock&ip=109.230.251.45
The requests are cached on my DNS server after the first request, so user impact should be minimal at worst.
Here's the script I'm using:
<?PHP
session_name("dnsbl");
session_start();
$publicKey = "<Recaptcha public key>";
$privateKey = "<Recaptcha private key>";
$whitelist = array();
$checkIP = (isset($_GET['ip']) && isset($_GET['testblock'])?$_GET['ip']:$_SERVER['REMOTE_HOST']);
$ip = explode(".",$checkIP);
$dnsRequest = "$ip[3].$ip[2].$ip[1].$ip[0].dnsbl.tornevall.org";
$requestResult = gethostbyname($dnsRequest);
$isBlocked = ($requestResult!=$dnsRequest);
if (isset($_GET['captcha']))
{
$array_postvars = array();
$array_postvars[] = 'privatekey=' . $privateKey;
$array_postvars[] = 'remoteip=' . $_SERVER['REMOTE_HOST'];
$array_postvars[] = 'challenge=' . $_POST['recaptcha_challenge_field'];
$array_postvars[] = 'response=' . $_POST['recaptcha_response_field'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, implode('&', $array_postvars));
curl_setopt($ch, CURLOPT_URL, "http://www.google.com/recaptcha/api/verify");
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
$error = curl_error($ch);
unset($_SESSION['recaptcha']);
if ($result == "true\nsuccess")
$_SESSION['recaptcha'] = true;
header("location: index.php");
}
if (($isBlocked || isset($_GET['testblock'])) && !in_array($checkIP,$whitelist) && !isset($_SESSION['recaptcha']))
{
header('HTTP/1.0 403 Forbidden');
$file = file_get_contents("blocked_hosts.txt");
$file .= "\n[" . date("r") . "] Blocked: $checkIP " . ($isBlocked?"Block":"Test");
file_put_contents("blocked_hosts.txt",$file);
$errorCode = explode(".",$requestResult);
$errorCode = intval($errorCode[3]);
echo "<html>
<head>
<title>Blocked</title>
</head>
<body>
Apologies, but your IP ($checkIP) is blacklisted as a spammer. <span style=\"color:#F00\">You have not been banned from Omnimaga</span>. If you believe this is in error, please e-mail
<a href=\"http://www.google.com/recaptcha/mailhide/d?k=01zMDC5OWSs7zbYNzHfWcbLg==&c=xOphTe00o_PsF0UW3DYNxgM6oLOdZ92RuAQvVkgZqQM=\" onclick=\"window.open('http://www.google.com/recaptcha/mailhide/d?k\\07501zMDC5OWSs7zbYNzHfWcbLg\\75\\75\\46c\\75xOphTe00o_PsF0UW3DYNxgM6oLOdZ92RuAQvVkgZqQM\\075', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">[email protected]</a>
for help. Please remember to include your IP, $checkIP, in the message. This site is using the DNSBL provided by http://dnsbl.tornevall.org/
<br/>Code received: $errorCode<br/>Blocked for:<br/><ul>";
if ($errorCode & 1) echo "<li>Proxy has been scanned</li>";
if ($errorCode & 2) echo "<li>Proxy is working</li>";
if ($errorCode & 8) echo "<li>Proxy was tested, but timed out on connection</li>";
if ($errorCode & 16) echo "<li>Proxy was tested, but failed at connection</li>";
if ($errorCode & 32) echo "<li>Proxy was tested but the IP was different to the one connected at (Including TOR)</li>";
if ($errorCode & 64) echo "<li>IP marked as \"abusive host\". Primary target is web-form spamming (includes dnsbl_remote)</li>";
if ($errorCode & 128) echo "<li>Proxy has a different anonymous-state (web-based proxies, like anonymouse, etc)</li>";
echo "</ul><a href=\"http://dnsbl.tornevall.org/index.php?do=usage\">Please see the DNSBL for more information on the error codes</a>";
echo '<br/>You may solve the following captcha to access the site:
<form action="dnsbl.php?captcha" method="POST">
<script type="text/javascript"
src="http://www.google.com/recaptcha/api/challenge?k='.$publicKey.'">
</script>
<noscript>
<iframe src="http://www.google.com/recaptcha/api/noscript?k='.$publicKey.'"
height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
value="manual_challenge">
</noscript>
</form>
</body></html>';
die();
}
if (isset($_GET['clearSession']))
{
session_destroy();
}
?>
If anyone has any issues with this, please let me know.
The e-mail code was generated by this (http://www.google.com/recaptcha/mailhide/) (Thanks Juju)
The DNSBL is provided by dnsbl.tornevall.org, and is based off of stopforumspam's blocklist.
If you want to use the script, just put
<?PHP include("dnsbl.php") ?>
at the top of whatever script you wish to protect.
Edit: Added recaptcha support to it.
-
Great! :D
You might want to hide your email with this (http://www.google.com/recaptcha/mailhide/) though, in case.
-
I'm putting my faith into gmail's spam filter, heh.
Also, updated the script in the first post (I added logging).
-
Yeah, I agree, Gmail's spam filter is kinda great. At least, it does a good job for me.
-
Yea. I put the captcha on it, though. Updated the first post too.
-
Sweet, hopefully it helps. I've noticed there are a ton more spambots then usual these days.
EDIT: I think it broke the ajax though for loading quick reply, quotes etc.
-
Sweet, hopefully it helps. I've noticed there are a ton more spambots then usual these days.
EDIT: I think it broke the ajax though for loading quick reply, quotes etc.
Fixed. I did a stupid.
-
Thanks :P
What was the stupid if I may ask?
-
I was accidentally returning 403 Forbidden for all requests, not just those that are blocked. AJAX is reliant on the correct codes being returned.
-
Ah ok, makes sense. Glad it was an easy fix :P
-
(http://i.netham45.org/20120330192249677.png)
That's after like 2 hours.
Edit: By the time I posted this, it was up to 350.
-
inb4 that file fills up your HD... Hope not.
-
I'll wipe it before it does. :P
I just updated the script in the first post to have more in-depth error responses, and I updated the test link to a link that'll use them.
-
What will happen when Stopforumspam server is down? Will this cause Omnimaga to be down for everyone in the process? That's my main worry about this script. Could you make it so when the SFS server is down, that anyone can access Omni fine? We might still get a few bots, but at least it would not be as bad.
-
If their server is down then the dns check will fail, and they'll be allowed to access the site.
-
Ok good to hear. The SFS mod we have installed since a year ago does that too (or at least ours is set to do so).
This was a serious problem when we had RECAPTCHA installed in the registration page: Whenever RECAPTCHA server was down (which was pretty frequent), nobody could register on Omni at all, because the registration page stopped loading at the security code thing, with no Reigster button to click. D:
Also in case some of our members are in weird countries or universities, would there be a way to let them in with limited Omni features? For example, when the error page appears, have an URL with spaces that the person can type/copy/paste in his address bar, then he can get on Omni in mobile mode or something.
-
Ok good to hear. The SFS mod we have installed since a year ago does that too (or at least ours is set to do so).
This was a serious problem when we had RECAPTCHA installed in the registration page: Whenever RECAPTCHA server was down (which was pretty frequent), nobody could register on Omni at all, because the registration page stopped loading at the security code thing, with no Reigster button to click. D:
Also in case some of our members are in weird countries or universities, would there be a way to let them in with limited Omni features? For example, when the error page appears, have an URL with spaces that the person can type/copy/paste in his address bar, then he can get on Omni in mobile mode or something.
Right now they can e-mail me and I (or any other admin with FTP) can whitelist them.
Also,
---------------------------
Count
---------------------------
585 match(es) to occurrence(s)
---------------------------
OK
---------------------------
-
Ah ok. I guess what you could do is if there are either too many false positives or that Omnimaga activity drops considerably in a short amount of time (like 2500 fewer posts over last month), then disable it. (In the latter case, such drastic activity drop could be due to people not bothering to e-mail you)
-
Why do bots love our site x.x
-
Well it looks like the blocking will not work out, because 4 legit users got blocked in a short amount of time D:
My suggestion would be to just throttle their connection on the site if they're seen as bots. If for example they open 10 pages in under 30 seconds, make their connection slower.
Also maybe an alternate v5 theme with no skin image (except maybe a 8 bit version of the banner), and switch to that theme by default for blacklisted users.
-
Well it looks like the blocking will not work out, because 4 legit users got blocked in a short amount of time D:
My suggestion would be to just throttle their connection on the site if they're seen as bots. If for example they open 10 pages in under 30 seconds, make their connection slower.
Also maybe an alternate v5 theme with no skin image (except maybe a 8 bit version of the banner), and switch to that theme by default for blacklisted users.
I made it give them a captcha they have to solve before logging in. Updated the first post for the new script.
-
Ah ok, good to hear. :)