Checking Black Lists

dad7732 · Posted: Thu Jun 18, 2009 1:38 pm

Whenever I have prospective users apply for registration (admin approval enabled), I always check to see if they are included on any BL's. Currently I use

Only registered users can see links on this board!
Get registered or login to the forums!

to check the IP and if on several I deny the application.

What would be neat is if there was a feature in RNYA to do an auto-BL lookup on the applicant's IP, then they could be "approved" or not depending on an admin-selected threshold much like SpamAssassin's default of 5. If I set the max number of BL's to 5 for example, the application would automatically be "denied" along with a message to the effect that "We do not allow Black Listed users to register".

Cheers

duck · Worker Joined: Jul 03, 2006 Posts: 247

sounds like a nice feature but one would spend far more time building such a project that the blocked would getting around it. Plus it has potential for abuse .

dad7732 · Posted: Thu Jun 18, 2009 3:02 pm

Abuse? by who? It's an admin function only and that's why I suggested a threshold that would be admin-set. Much the same as setting the SpamAssassion threshold to reject/not spam email and RBL checks, etc.

No doubt about the time spent building it. Smile

If the threshold is set properly, how is someone that is "denied" going to get around it? The same applies to manually denial I would guess.

Cheers

Note: There would have to be built in "If you dispute this then email the webmaster for an explanation".

duck · Worker Joined: Jul 03, 2006 Posts: 247

What I mean by get around is it is impossible to block someone from your site who wants in. The only way is to black the entire world and only allow your IP and even then they'd likely find a way in. lol It aint hard. You could spend more time trying to block em than they will getting around your measures is what I meant. Still every little annoyance to the bad guys helps.

But what I meant by abuse is if you had something like this who manages the black list? If you leave that to Site owners then everyone who enjoys power-tripping (like hackers do) or hates a particular person will try putting innocent people on the black list thereby blocking them from hundreds or thousands of sites. That would be what I mean by abuse.

eldorado · Involved Joined: Sep 10, 2008 Posts: 366 Location: France

I really like this idea of blacklist. You guys know the concept of ppbans or steambans? where you need to submit a demo/screenshot of a potential offender and they get on the MBL?That wouldn't count as abuse because the ban would be reviewed.

I think this would be a good thing to implement throughout rn sites...This way you can ban spammers and hackers on thousand of website.however someone needs to host the list or make it available for downloads.

dad7732 · Posted: Thu Jun 18, 2009 4:56 pm

duck wrote:

But what I meant by abuse is if you had something like this who manages the black list? If you leave that to Site owners then everyone who enjoys power-tripping (like hackers do) or hates a particular person will try putting innocent people on the black list thereby blocking them from hundreds or thousands of sites. That would be what I mean by abuse.

I am THE "admin", nobody else has rights. Smile

Cheers

evaders99 · Posted: Thu Jun 18, 2009 6:26 pm

IF you have the manpower to manage such a list, go ahead... Smile

Guardian2003 · Posted: Thu Jun 18, 2009 11:33 pm

There was a module I wrote that would do this called Spam Stopper, which amongst other things, checked the incoming IP and referring link against a configurable array of blacklists but unfortunately, to maintain it's effectiveness it relied on the webmaster making one click with the mouse to pass a pre-populated form to me so I could then review the 'baddie' for future inclusion in a new blacklist which would then update all the sites using the module.
Despite hundreds of downloads, very few actually bothered to use the 'report' feature so the module was withdrawn.

evaders99 · Posted: Thu Jun 18, 2009 11:43 pm

It worked quite well too. But yes, reporting is always the big hump as is any other process requiring human intervention

eldorado · Involved Joined: Sep 10, 2008 Posts: 366 Location: France

Why have a reporting button then? Can't it be automatic ? And on registration , download the latest?

Guardian2003 · Posted: Fri Jun 19, 2009 10:16 am

eldorado wrote:

Why have a reporting button then? Can't it be automatic ? And on registration , download the latest?

I just didn't want users getting the impression that the module was sending me data without their knowledge and also, some webmasters might want to block some referers etc as a personal choice (like a site linking to your downloads etc), therefore, it was more appropriate to have a 'Report this' link for each row of data.

dad7732 · Posted: Fri Jun 19, 2009 10:30 am

evaders99 wrote:

IF you have the manpower to manage such a list, go ahead... Smile

I don't think it has to be "managed" as per the link that I provided in my OP. Querying the various BL providers such as bl.spamcop.net or Spamhaus for instance is what I am suggesting. As far as I know, you can't simply ADD a site to an established BL such as Spamhaus, etc.

My suggestion is to automatically query a set number of BL providers to determine if the applicant's IP is listed on x number of lists and if so then it's up to the admin to have set a threshold after which the user is automatically denied registration with an included pre-written note as to why.

Example: a user applies, the IP is queried on 100 BL's and the return is the IP is listed on 10 lists. The admin has the threshold set at 5 the result being an auto-deny. The caveat to this is that a "dynamic" IP can be listed without fault to the user in question. That's why I suggest setting the threshold to at least 3.

There will be some interaction on the part of the admin, yes of course. I do this manually every time someone applies for registration followed by an approval OR a deny.

Cheers

Guardian2003 · Posted: Fri Jun 19, 2009 10:52 am

Hosts using mod_security and Apache 2.x can do this automatically with some blacklists.
As you rightly point out though, it can cause problems for users of dynamic IP's or ISP's who periodically change the IP like my own ISP which has given me a blacklisted IP and prevented me from accessing all my sites Sad

What you propose is certainly do-able though due to the actual time needed to query RBL's, I don't think you would be able to query more than 3 or 4 without severe lag issues *unless* it was to run off and do it's own thing and then come back and impose sanctions on the user afterwards, rather than waiting to 'check' the user before allowing access.

dad7732 · Posted: Fri Jun 19, 2009 11:06 am

I use sendmail.cf to query 3 RBL's, more than that there is a noticeable lag only if you're looking for the lag which doesn't seem to affect site access or checking email. It's really transparent to the user(s) since the RBL query is "before the fact".

If you enter an IP at the site I included above, it usually takes less than 5 seconds to come back with the results. One IP I entered came back with 22 hits out of the 110 the site checks and that also took around 5 seconds.

Cheers