HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Feedback for Restricted Registration plugin

peregrineperegrine MVP
edited July 2013 in Feedback

If a bunch of savvy users implemented this and could tell me what is more effective in determining bots (first ip address column or second) and times of day and patterns. and maybe get a consolidated list of problem ips and patterns, I be we could make a pretty effective filter.

But it takes a community - so log results (or partial summarization of log results of problem ips and patterns would be useful in creating a better plugin to hone in on things.

possible Future plans - make the log readable from dashboard (provided forum admins find the whole concept of value). clearing log by date or time or keeping only last 200 entries or some such thing, and a stat page on registration attempts.

A consensus of good ideas can direct this project.

also if a lot of forums get problem bots from the same ip octets or first two or three octets, we could create a master list of of bad bot ips and keep a running list for people to add to their forums .htaccess list or whatever method they want to block or readable from this plugin and autoblock.

thx @shadowdare for feedback. figured I'd open up the gates.

I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

«1

Comments

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    Another top effort from your good self.

    I shall put it into action tomorrow!

  • cool. there is a better read me in version 1.3

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @peregrine

    It is working well, and has already logged a couple of hundred attempts.

    There seem to be two kinds of 'attack'.

    One Bot applies the brute force method, applying as the same user from the same IP address multiple times.

    Another Bot uses the same reason for joining, but seems to switch user names and IP each time it is rejected.

  • hgtonighthgtonight ∞ · New Moderator

    @whu606 would you be interested in sharing a dump of your log?

    If you don't want to post it here, feel free to PM me.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP
    edited July 2013

    @hgtonight

    Happily.

    Anything that makes their job less easy or successful.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    First file wasn't complete...

    Take two

  • thanks Whu606.

    if more people were like you, we might be able to put a damper on this.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • @whu606

    this ip is using brute force 218.86.50.58

    Reverse DNS (rDNS): 58.50.86.218.broad.pt.fj.dynamic.163data.com.cn
    Autonomous System #:    AS4134
    Organization:   CHINANET-BACKBONE No.31,Jin-rong Street
    Network CIDR Block: 218.84.0.0/14
    Network IP Range:   218.84.0.0 to 218.87.255.255
    
    Country of Origin:  CN (CHINA)
    Org. Address:   7,East Street,Fuzhou,Fujian,PRC
    No.31 ,jingrong street,beijing
    CN
    
    you can add it to your  .htaccess.
    
    or 
    
    order allow,deny
    deny from 218.86.50.58
    allow from all 
    
    or you could deny a block from that area
    order allow,deny
    deny from 218.86.50
    allow from all 
    
    or you could deny a block from that area if you believe you don't get many visitors from that region.
    
    
    order allow,deny
    deny from 218.86
    deny from 218.85
    deny from 218.86
    deny from 218.87
    allow from all 
    

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited July 2013

    edited. will add this plugin today.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • @whu606

    I added some new features - and based on your results. I think you will like it.
    It also skips logging attempts by know spammers, thus reducing size of your log file.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • you could add these ip's to block also.

       IP Address:  220.250.58.171
        Autonomous System #:    AS4837
        Organization:   CHINA169-BACKBONE CNCGROUP China169 Backbone
        Network CIDR Block: 220.248.0.0/14
        Network IP Range:   220.248.0.0 to 220.251.255.255
        Country of Origin:  CN (CHINA)
        Org. Address:   fuzhoucity,Fujianprovince,China
        CN
    
    
        110.80.109.17
        Autonomous System #:    AS4134
        Organization:   CHINANET-BACKBONE No.31,Jin-rong Street
        Private Network?    No
        Network CIDR Block: 110.80.0.0/13
        Network IP Range:   110.80.0.0 to 110.87.255.255
        IP Address Registrar:   APNIC
        whois.apnic.net
        Country of Origin:  CN (CHINA)
        Org. Address:   7,East Street,Fuzhou,Fujian,PRC
        No.31 ,jingrong street,beijing
        CN
    
        IP Address: 27.154.9.4
        Autonomous System #:    AS4134
        Organization:   CHINANET-BACKBONE No.31,Jin-rong Street
        Network CIDR Block: 27.152.0.0/13
        Network IP Range:   27.152.0.0 to 27.159.255.255
        IP Address Registrar:   APNIC
        whois.apnic.net
        Country of Origin:  CN (CHINA)
        Org. Address:   7,East Street,Fuzhou,Fujian,PRC
        CN
    
    
        IP Address: 72.52.116.232
        Autonomous System #:    AS6939
        Organization:   HURRICANE - Hurricane Electric, Inc.
        Network CIDR Block: 72.52.64.0/18
        Network IP Range:   72.52.64.0 to 72.52.127.255
        IP Address Registrar:   ARIN
        whois.arin.net
        Country of Origin:  US (UNITED STATES)
        Org. Address:   760 Mission Court
        Fremont, CA 94539
        US
    
    
        IP Address: 59.60.120.223
        Autonomous System #:    AS4134
        Organization:   CHINANET-BACKBONE No.31,Jin-rong Street
        Network CIDR Block: 59.60.0.0/15
        Network IP Range:   59.60.0.0 to 59.61.255.255
        IP Address Registrar:   APNIC
        whois.apnic.net
        Country of Origin:  CN (CHINA)
        Org. Address:   7,East Street,Fuzhou,Fujian,PRC
        No.31 ,jingrong street,beijing
        CN
    

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @peregrine

    Thanks for all your efforts.

    Just added it.

    That's going to open up a whole new

    on those pesky spammers!

  • I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • you could comment out line 130 if you don't want to see that either. and it will reduce log size

    but then again, you could leave it in for false positives.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I would help. What exactly do you need me to do?

  • peregrineperegrine MVP
    edited July 2013

    @Left Brain said:
    I would help. What exactly do you need me to do?

    do exactly what whu606 did, install the latest version of the plugin and post the log of applicants who you think are spammers.

    this is what whu did:

    copy your registrationrestrictlog.php remove the first 3 lines and remove any valid applicants and post it here.

    update to newest version 1.5 so far

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited July 2013

    @Left Brain said:
    I would help. What exactly do you need me to do?

    too bad you don't get mention notifications - because you have a space in your name.
    but that's a topic for a different discussion.

    I meant version 1.6 is latest version as of this moment.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    It's doing a grand job, @Peregrine!

    The ability to add in terms and ips is very useful.

    Thanks again.

  • @whu606 said:
    It's doing a grand job, Peregrine!

    The ability to add in terms and ips is very useful.

    Thanks again.

    it's good to get feedback for this plugin. I don't plan to do anything more (unless you have more thoughts @whu606), since no one else is providing patterns or ips and since i don't run a forum, i don't need it.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @peregrine

    I think it is probably pretty much as good as you need to make it.

    Whilst people could share a blacklist of IPs, they change so quickly that it might be easier just to manage our own.

    The 1.6 version is currently logging far fewer attempts to register, which I guess is the impact of the plugin rejecting them out of hand.

    Haven't had one get through to actually register today.

    Huzzah.

This discussion has been closed.