TPU: Detect and Block Spam Registrations 1.6.6

[Xon]

From what I understand, Akismet needs an actual post to be invoked, it won't just work on a registration alone?

Correct. I guess what I'm actually looking for is some sort of per-user spam log as the current UI isn't searchable at all.

The use-case I'm looking at, is a user was let in on a moderate spam score, was manually approved, and then makes spam posts. At which point seeing the Akismet record + the original registration log to adjust spam settings would be handy.

 

[eva2000]

Got a strange error when I tried to do a test user sign up on my forums XF 1.3.3 updated

Server Error

Only variables should be passed by reference

XenForo_Application::handlePhpError() in TPUDetectSpamReg/AS.php at line 22
TPUDetectSpamReg_AS::getASNameAndNumber() in TPUDetectSpamReg/AS.php at line 58
TPUDetectSpamReg_AS::getRegSpamScore()
call_user_func_array() in XenForo/CodeEvent.php at line 90
XenForo_CodeEvent::fire() in TPUDetectSpamReg/ModelSpamPrevention.php at line 67
TPUDetectSpamReg_ModelSpamPrevention->allowRegistration() in XenForo/ControllerPublic/Register.php at line 253
XenForo_ControllerPublic_Register->actionRegister() in XenForo/FrontController.php at line 347
XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 134
XenForo_FrontController->run() in /home/****/public/index.php at line 13

 

[W1zzard]

in AS.php replace line 22:

 $items=array_shift(explode('|', $dns[0]['txt'], 2));

with

$items=explode('|', $dns[0]['txt'], 2);
$items=array_shift($items);

the warning is related to strict mode, which doesn't like explode() being passed to array_shift() which expects a variable reference, but explode is a function, that returns a variable, but not good enough for strict mode.

 

[eva2000]

Cheers mate that fixed it

 

[Xon]

@W1zzard It looks like this plugin doesn't resolve the AS number for an IPv6 address.

It looks like the "TPUDetectSpamReg_TOR::reverseIP", "TPUDetectSpamReg_AS::reverseIP" and "TPUDetectSpamReg_AS::getASNameAndNumber" do not handle IPv6 correctly (or at all).

getASNameAndNumber needs to use ".origin6.asn.cymru.com" for IPv6 and reversing an Ipv6 address is much more complex than what reverseIP does.

Additionally; https://www.torproject.org/projects/tordnsel.html.en states that the correct response is:

Other A records inside net 127/8, except 127.0.0.1, are reserved for future use and should be interpreted by clients as indicating an exit node. Queries outside the DNSEL's zone of authority result in REFUSED. Ill-formed queries inside its zone of authority result in NXDOMAIN.

 

[W1zzard]

That's correct, only IPv4 supported at this time. I'll happily accept patches for the source code

 

[Xon]

That's correct, only IPv4 supported at this time. I'll happily accept patches for the source code

Great, I need to debug my attempts at IPv6 some more before it is ready.

Testing it is a pain in the ass.

 

[Biarritz64]

@W1zzard
i had this error when someone register wth facebook on xenforo 1.3.3

XenForo_Exception: Cannot load class using XFCP. Load the class using the correct loader first. - library/XenForo/Autoloader.php:108

Any idea??

 

[naia]

@W1zzard
i had this error when someone register wth facebook on xenforo 1.3.3



Any idea??

I receive the same error. I also have an issue with the "moderate new users posts" function. It does not seem to work at all.

 

[Biarritz64]

There is this problem on other addon, here is the solution
http://xenforo.com/community/threads/bd-widget-framework.28014/page-80#post-607960

i hope it will help to have a fix soon

thank you

 

[W1zzard]

@W1zzard
i had this error when someone register wth facebook on xenforo 1.3.3

Any idea??

do you have a stack trace for me, or other information where this error appears?

 

[Biarritz64]

do you have a stack trace for me, or other information where this error appears?

Send by PC
thank

 

[Xon]

I've been using a patch for this which enables IPv6 support for ASN lookups, and it has been quite successful so far.

However, AT&T and Comcast for some reason have IPv6 devices which have the following ports which respond to connection requests: 80, 8080, 1080, 25, 22, 21

This is needless to say leading to false positives.

 

[W1zzard]

Are you sure that this is not just people using a proxy service?

 

[Xon]

Are you sure that this is not just people using a proxy service?

It is hard to rule it out, especially as Comcast/AT&T don't auto-generate PTRs for IPv6.

 

[W1zzard]

Have you done a portscan on those IPs? what OS are they ? what's running on those ports?

 

[Xon]

Have you done a portscan on those IPs? what OS are they ? what's running on those ports?

IPv6 connections are proxied via Cloudflare and I don't currently have an IPv6 capable machine which isn't heavily firewalled by someone else.

 

[Xon]

Have you done a portscan on those IPs? what OS are they ? what's running on those ports?

I just realised, because the webserver doesn't have native IPv6 connectivity; the Open Port scan should fail.

It looks like it was mangling the ipv6 address into an ipv4 address and not failing correctly.

 

[W1zzard]

If you proxy IPv6 via Cloudflare and your server has no IPv6, then your server should receive a connection from an IPv4 IP instead, which is probably one of Cloudflare's servers?

 

[W1zzard]

W1zzard updated TPU: Detect and Block Spam Registrations with a new update entry:

Bugfixes and preliminary IPv6 support

• Fixes forum registrations through 3rd party providers (Google+ etc) not working
• Adds most basic support for IPv6 in some tests, other tests have checks now whether IPv6 is used and will be disabled, to avoid error messages.

Read the rest of this update entry...