Page Index Toggle Pages: 1 Send TopicPrint
Normal Topic XCAPBAN 1.1 beta (Read 0 times)
BloodyRue
New Member
*
Offline


The Sea Organization will
rot your brain.

Posts: 31
Location: Martha's Vineyard
Joined: Oct 9th, 2011
Gender: Male
XCAPBAN 1.1 beta
Mar 9th, 2012 at 1:17am
Print Post  
xrumer is driving me nuts. The ones showing up were cranking over 200 errors into my logs just on 2 or 3 abusers. This was crashing my error log.

Since there seemed to be no internal YaBB way of limiting the captcha failure attempts I decided to write my own. This version is extremely beta and still needs a lot of debugging and code writing but it seems to fix the problem I am having despite the cosmetic errors and a few file manual edits still needed.

BACKUP your forum before using. Please help me develop this, I can adapt  it to take care of other annoying things too.   I borrowed a bit of coding to do the htaccess banning from the SFS mod that Derek wrote, thank you Derek.
-------------------------------
Preface notes:
1. I need a lot more writing on this to fix and add features.
2. REQUIREMENTS: Guardian .htaccess writing to ban.
3. When finished modifying your files to turn it on or off:
    In the Admin center go to Security Settings.
    In the "Validation Image" tab:
    Find the settings  to turn it on or off with a click box
    Set the number of attempts between 1 and whatever  for  now.
4. Please help me debug this and polish it if you use it.
    (SEE BELOW FOR BUG NOTES AND MANUAL STUFF  NEEDED)

-------------------------------
XCAPBAN  1.0 beta
I am not up on creating mods for boardmod so this is totally manual install  for now.
-------------------------------
1. Create a file in your Variables directory called: Xcapban.txt
2. CHMOD it to 666 or 644.
----------------------------

File coding replacements or additions:
----------------------------
Find in: Languages/English/Error.lng

Code
Select All
'no_verification_code'		=> "The Verification code was not filled out. It is required.",
'wrong_verification_code'	=> "The Verification code was not the same as the image presented on screen, please go back, refresh (hit F5 on most browsers) and try again.",
'invalid_verification_code'	=> "Verification code contains invalid characters. Only a-z and 0-9 are valid",
 



Replace with:

Code
Select All
'no_verification_code'		=> "The Verification code was not filled out. It is required.<br /><br />Attempts Left: <b>$xcapbantleft</b>",
'wrong_verification_code'	=> "The Verification code was not the same as the image presented on screen. please go back, refresh (hit F5 on most browsers) and try again.<br /><br />Attempts Left: <b>$xcapbantleft</b>",
'invalid_verification_code'	=> "Verification code contains invalid characters. Only a-z and 0-9 are valid.<br /><br />Attempts Left: <b>$xcapbantleft</b>",
 


----------------------
Find in Languages/English/Admin.lng
Code
Select All
# Antispam Settings
 



And Add Before that:
Code
Select All
# XCAPBAN Settings
'xcapbando' => 'Enable auto-ban on Multiple Captcha Failures?',
'xcapbanmax' => 'Maximum number of attempts allowed.',

 



---------------------
Find in Admin/NewSettings.pl

Code
Select All
###############################################################################
# Guardian Settings (old Guardian.banned and Guardian.settings)		   #
 



And add before that:
Code
Select All
#####################################
# X Times Captcha Auto-Ban Settings #
#####################################

\$xcapbando = $xcapbando;					 # Set to 1 if you want to auto-ban Multiple captcha attempts.
\$xcapbanmax = $xcapbanmax;				     # Set to maximum attempts at Captcha verification.

 


---------------------------------
Admin settings needed noticed by Derek, Thank you.

Find in: Settings_Security.pl
Code
Select All
		{
			description => qq~<label for="captchastyle">$floodtxt{'style'}</label>~,
 



and Add Before that:

Code
Select All
		{
			description => qq~<label for="xcapbando">$settings_txt{'xcapbando'}</label>~,
			input_html => qq~<input type="checkbox" name="xcapbando" id="xcapbando" value="1"${ischecked($xcapbando)} />~,
			name => 'xcapbando',
			validate => 'boolean',
		},
		{
			description => qq~<label for="xcapbanmax">$settings_txt{'xcapbanmax'}</label>~,
			input_html => qq~<input type="text" name="xcapbanmax" id="xcapbanmax" size="5" value="$xcapbanmax" />~,
			name => 'xcapbanmax',
			validate => 'number',
			depends_on => ['regcheck||', 'xcapbando||'],
		},
 



I have a lot more work to do with that still but that gets it  running so far.
numbers between 1 and whatever. I have mine set to 4 currently.
---------------------------------
Find in Sources/Register.pl
Code
Select All
&LoadLanguage('Register');
 



and Add AFTER:
Code
Select All
### XCAPBAN SET
	my $xcapbantry = 1;
	my $xcapbanleft = $xcapbanmax;

 



Same File Find:
Code
Select All
	if ($regcheck) { require "$sourcedir/Decoder.pl"; &validation_check($member{'verification'}); }


 



REPLACE WITH:  Beta 1.1 update in here
Code
Select All
	if ($regcheck) {
		require "$sourcedir/Decoder.pl";
########## XCAPBAN Limit captcha attempts start
		if ($xcapbando == 1){
			fopen(XCAP, "$vardir/Xcapban.txt") || &fatal_error("cannot_open",">$vardir/Xcapban.txt", 1);
			%xcaplist = map /(.*)\|(.*)/, <XCAP>;
			fclose (XCAP);
			chomp(%xcaplist);
			%cklist = %xcaplist;
			while (($key, $value) = each(%xcaplist)){
				if ($key eq $user_ip){
					$xcapbantry = $xcaplist{$key};
					chomp($xcapbantry);
					if ($xcapbantry >= $xcapbanmax) {
		     				if ($use_guardian && $use_htaccess ) {
			   					my @ipblock;
			   					require "$admindir/GuardianAdmin.pl";
			   					@xcapbanfail = &update_htaccess("load");
								  foreach (@xcapbanfail) {
				 					unless ($_ eq $user_ip) { push(@ipblock, $_); }
			     				}
			     				push(@ipblock, $user_ip);
			     				&update_htaccess("save", @ipblock);
			 				}
						# Clean the Attempt file
						fopen(XCAP, ">$vardir/Xcapban.txt") || &fatal_error("cannot_open",">$vardir/Xcapban.txt", 1);
						while (($tkey, $tvalue) = each(%cklist)){
								if ($tkey ne $user_ip) {
									print XCAP ("$tkey|$cklist{$tkey}\n");
							}
			     			}
						fclose (XCAP);
						$bancap = "banned";
	 					}
					else {
						$xcapbanleft -= $xcapbantry;
			 		 		$xcapbantry++;
					}
				}
			}
			if ($bancap ne "banned"){
				fopen(XCAP, ">$vardir/Xcapban.txt") || &fatal_error("cannot_open",">$vardir/Xcapban.txt", 1);
				while (($key, $value) = each(%xcaplist)){
						unless ($key eq $user_ip) {
							print XCAP ("$key|$xcaplist{$key}\n");
					}
				}
				print XCAP "$user_ip|$xcapbantry\n";
				fclose (XCAP);
			}
			&validation_check("$member{'verification'}","$xcapbanleft");
		}
		else {
		&validation_check("$member{'verification'}");
		}

	}
######### XCAPBAN END

 



----------------
Find in Sources/Decoder.pl

Code
Select All
sub validation_check {
	my $checkcode = $_[0];
	&fatal_error("no_verification_code") if $checkcode eq '';
	&fatal_error("invalid_verification_code") if $checkcode !~ /\A[0-9A-Za-z]+\Z/;
	&fatal_error("wrong_verification_code") if &testcaptcha($FORM{"sessionid"}) ne $checkcode;
}
 



and REPLACE WITH:

Code
Select All
### XCAPBAN ENABLED
sub validation_check {
	my ($checkcode, $xcapbantleft) = @_;
	&fatal_error("no_verification_code","$xcapbantleft") if $checkcode eq '';
	&fatal_error("invalid_verification_code","$xcapbantleft") if $checkcode !~ /\A[0-9A-Za-z]+\Z/;
	&fatal_error("wrong_verification_code","$xcapbantleft") if &testcaptcha($FORM{"sessionid"}) ne $checkcode;
}

 



Beta 1.1 update:
1. Switched the main section to a hash system instead of an array.
2. Adjusted some checks that were causing dupe IP listings.
Highlighted section above.

BUG NOTES:

1. Odd numbers reported in error log:
    While testing this on myself, I get a nice sequential countdown.
     xrumers get odd stuff like: 8, 6, 2, 0, -5, -20, -50, 8
     I am working on a fix for this to stop negative numbers.
2. The Xcapban.txt file usually cleans itself of banned IPs and counts.
    Some times it doesn't, if someone doesn't reach the max number
     it stays in there, If they get banned sometimes xrumers get stuck
     to.  I am working on a way to fix that.

     Also, anyone completing the registration gets stuck in there, I need
     to write a cleanser in that section of YaBB still.
3.   You can manually code edit that file and zero it out if you want but
     make sure it is still in the variables directory.

---------
Future stuff:
1.  Date settings to allow for time between hits or other time adjusting
     thoughts I have  in mind. ie, perhaps you want them to have a 24
     hour cooling off period before actual banning or time difference to
     cleanse the Xcapban.txt file automatically et al.
2. Bug fixes  and polishing.
3. Perhaps other areas  added to control.
« Last Edit: Mar 14th, 2012 at 7:11pm by BloodyRue »  

   
Back to top
WWW  
IP Logged
 
BloodyRue
New Member
*
Offline


The Sea Organization will
rot your brain.

Posts: 31
Location: Martha's Vineyard
Joined: Oct 9th, 2011
Gender: Male
Re: XCAPBAN 1.0 beta
Reply #1 - Mar 10th, 2012 at 8:05am
Print Post  
Yowza debug troubles tonight!

switched it over to a hash system rather than an array system.
testing was going great, it seemed to fix my duplicate entry problems
and was counting better.

then the final test, will it ban me.

oh boy and ever it did!

I forgot to change one of the variables and it just went on an htaccess file rewrite session from hell. Even after closing my browser it was still going. no matter what I did to re-write the htaccess with new stuff it kept just writing it with me banned over and over.

eventually I killed it by zipping my entire yabb2 directory, downloading that. renaming the yabb2 directory (it even kept writing away in that after i deleted everything in it)

I uploaded and decompressed the yabb2 directory I downloaded, then went into the other directory and chmod the .htaccess in there to 444.

That stopped it cold, then I deleted that and am back to normal again.

This note provided for entertainment value only. As soon as I can be sure that  won't happen again I will upload the code changes.
  

   
Back to top
WWW  
IP Logged
 
Derek Barnstorm
God Member
*****
Offline



Posts: 1146
Location: Warwickshire
Joined: Mar 23rd, 2008
Gender: Male
Re: XCAPBAN 1.0 beta
Reply #2 - Mar 11th, 2012 at 6:07pm
Print Post  
BloodyRue wrote on Mar 9th, 2012 at 1:17am:
I borrowed a bit of coding to do the htaccess banning from the SFS mod that Derek wrote, thank you Derek.

Strange. I don't remember you asking me about that. Wink

BloodyRue wrote on Mar 9th, 2012 at 1:17am:
I am not up on creating mods for boardmod so this is totally manual install  for now.

Maybe this will be of some help (if you haven't already read it):

http://www.boardmod.org/docs/HowTo.html
  
Back to top
 
IP Logged
 
BloodyRue
New Member
*
Offline


The Sea Organization will
rot your brain.

Posts: 31
Location: Martha's Vineyard
Joined: Oct 9th, 2011
Gender: Male
Re: XCAPBAN 1.0 beta
Reply #3 - Mar 11th, 2012 at 7:14pm
Print Post  
Twas only a few lines i borrowed.

I will check that doc out.
I was following a similar mod for my bot hunter mod, but it just seemed extremely more involved than doing a post. although it seems to be the same thing in a way.

When I get done debugging this one I will tackle it for this one I  think.
My bot hunter one seems way more work is needed to get to where I want it.
-------------

Current debugging  on this:
I am still getting some kind of never ending while loop even though I can't see it yet. I  have  some ideas on  what to test it next with though.

-----------
new ideas:
1. in the admin section a small box with a list of autobanned ip's like the guardian has so you can adjust it if needed.
  

   
Back to top
WWW  
IP Logged
 
BloodyRue
New Member
*
Offline


The Sea Organization will
rot your brain.

Posts: 31
Location: Martha's Vineyard
Joined: Oct 9th, 2011
Gender: Male
Re: XCAPBAN 1.0 beta
Reply #4 - Mar 13th, 2012 at 9:32am
Print Post  
Debugging info:
  Found the error leading to never ending loop status. Fixed that PHEW!

testing on myself yields good numbers.
I have 2 newbies to test  on the next time they show up before I want to list the  code changes.
  

   
Back to top
WWW  
IP Logged
 
Derek Barnstorm
God Member
*****
Offline



Posts: 1146
Location: Warwickshire
Joined: Mar 23rd, 2008
Gender: Male
Re: XCAPBAN 1.0 beta
Reply #5 - Mar 13th, 2012 at 11:53pm
Print Post  
I've PM'd you...
  
Back to top
 
IP Logged
 
Derek Barnstorm
God Member
*****
Offline



Posts: 1146
Location: Warwickshire
Joined: Mar 23rd, 2008
Gender: Male
Re: XCAPBAN 1.1 beta
Reply #6 - Mar 14th, 2012 at 4:34pm
Print Post  
Rue, I haven't actually had a go with this, but by the looks of it, it seems that you have missed a step for the Admin Center in your first post, so nobody will be able to get it working because they can't set values for '$xcapbando' and '$xcapbanmax'.
  
Back to top
 
IP Logged
 
BloodyRue
New Member
*
Offline


The Sea Organization will
rot your brain.

Posts: 31
Location: Martha's Vineyard
Joined: Oct 9th, 2011
Gender: Male
Re: XCAPBAN 1.1 beta
Reply #7 - Mar 14th, 2012 at 7:20pm
Print Post  
Derek Barnstorm wrote on Mar 14th, 2012 at 4:34pm:
Rue, I haven't actually had a go with this, but by the looks of it, it seems that you have missed a step for the Admin Center in your first post, so nobody will be able to get it working because they can't set values for '$xcapbando' and '$xcapbanmax'.


Oh cripes, how did I forget that part. I added it and highlighted it.
Security_Settings.pl

I am planning on adding to those settings:
1. a box with the contents of Xcapban.txt so you can erase them
    manually or adjust it perhaps.
2. A box with a  list of banned IPs from a new file so you can see info
   about them also.
3. Limiters for the number of times like (1-25)
4. Date stamping to be added so it can be an auto-clean on a time period.
------------
In the main part of the code I am going to have it do a run through and compare to the htaccess file to see if the current IP has been banned already and clean the Xcapban.txt file of that IP. I am getting a bug where someone already banned shows up and hits the registration leaving their IP in there but it won't go away since they have  been banned already.
------------
  

   
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Send TopicPrint