|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
11-09-2012, 11:46 AM
|
#1 |
|
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
|
Whats the best way to block proxy servers?
I have strongbox, but im regularly getting barraged with brute force attacks via proxies like tor.
Is there a way to deny access reliably? I looked at blackbox proxy block http://www.shroomery.org/ythan/proxyblock.php but i have no idea how to integrate that into .htaccess or whatever or if theres even a better way. I use a wordpress front end to the site I have a wordpress plugin that is supposed to deny access from selected countries but it doesnt seem to work anyone can help, I'd be most appreciative.
__________________
Mike South It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz. |
|
|
|
11-09-2012, 12:02 PM
|
#2 |
|
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
|
how would i merge this:
RewriteEngine on RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ RewriteRule ^(.*)$ - [F] into this....without breaking anything (IDKS about htaccess) # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress Options -Indexes
__________________
Mike South It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz. |
|
|
|
|
11-09-2012, 12:07 PM
|
#3 |
|
I’m still alive barley.
Industry Role:
Join Date: Oct 2001
Location: Va
Posts: 10,060
|
Couldn't you do just
RewriteEngine on RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ RewriteRule ^(.*)$ - [F] # BEGIN WordPress <IfModule mod_rewrite.c> RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress Options -Indexes
__________________
 
|
|
|
|
|
11-09-2012, 12:18 PM
|
#4 |
|
PornSiteDomains.com
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
|
Following was modified from some page which I can't remember at the moment for blocking requests from tor nodes, hope it helps.
Put the following in a file called getcache.php and add a cron job to run it every 15 minutes or so. It retrieves a list of IP addresses that people use for tor and puts them in the directory defined by $CacheDir. Code:
<?php
// Retrieves the tor exit nodes from specified servers.
// Configuration
$SourceFiles[0] = "https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[1] = "https://torstatus.all.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[2] = "https://torstatus.kgprog.com/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[3] = "https://kradense.whsites.net/tns/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[4] = "http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[5] = "http://torstatus.all.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[6] = "http://torstatus.kgprog.com/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[7] = "http://tns.hermetix.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[8] = "http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[9] = "http://tns.hermetix.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[10] = "http://kradense.whsites.net/tns/ip_list_exit.php/Tor_ip_list_EXIT.csv";
$SourceFiles[11] = "http://tor.recox.org/ip_list_exit.php/Tor_ip_list_EXIT.csv";
// These are set to the main Tor Network Status servers, but you can change them to whatever you want,
// as long as the format is one IP per line, and they are ordered
$CacheDir = "/var/www/torcache"; // Directory that the ip files are written to
// Make sure you set full write access to this directory
$sites = count($SourceFiles); // Count how many sources there are to choose from, so you don't have to
$f = false; // File handler false by default
$s = false; // Success false by default
for($i=0; $i<$sites; $i++) // For loop to make sure we get one ip list
{
$f=file($SourceFiles[$i]); // Attempt to open the file
if ($f != false) // If file was successfully opened
{
$s = true; // Set success to true
break; // Get out of the for loop
}
}
if ($s == false) die("No cache file could be retrieved."); // Die if we didn't get a file
$len = count($f); // Number of IPs retrieved
$last = 0; // Var used for changing files in the tor cache
$f2 = false; // Resource indicator for writing the file
for($j=0;$j<$len;$j++) // While we still have IPs to go through
{
$foctet = explode(".",$f[$j],2); // Get just the first octet from the IP
if ($last == 0) // This happens only the first time
{
$f2 = fopen($CacheDir . "/" . $foctet[0], "w"); // Open a new file
} else
if ($foctet[0] != $last) // If our first octet has changed
{
fclose($f2); // Close our other file
$f2 = fopen($CacheDir . "/" . $foctet[0], "w"); // Open a new one
}
fwrite($f2, $f[$j]); // Write our IP to the file
$last = $foctet[0]; // Set the last octet to this octet, so we can compare next time
}
fclose($f2); // Close the last file
//That should do the trick.
?>
Code:
<?php
// Compares Remote IP Address to a tor router list
// Configuration
$tornode=0;
$CacheDir = "/var/www/torcache"; // Directory that the ip files are contained
$foctet = explode(".", $_SERVER['REMOTE_ADDR'], 2); // Get first octet of IP address
$f=@file($CacheDir . "/" . $foctet[0]); // Open cache file, suppressing error messages
$len = count($f); // Count the amount of IPs in the cache file
$isrouter = false; // Default, as this value only changes if it is a router
if ($f != false) {
$ip = ip2long($_SERVER['REMOTE_ADDR']); // Our IP address as an integer
for ($i=0;$i<$len;$i++) // While there are still IP addresses to read
{
if ($ip == ip2long(rtrim($f[$i]))) // If the remote IP and an IP from the list match
{
$isrouter = true; // Our visitor is a tor node
break; // Continue
}
}
}
if ($isrouter) // If visitor is a tor node
{ // Put any code you want here
$tornode=1;
exit(); // Exit
}
else // If visitor is not a tor node
{ // Put any code you want here
// Do Nothing
$tornode=0;
}
//echo("Your IP address is " . $_SERVER['REMOTE_ADDR']); // Optional; removal is recommended
// That should just about do it.
?>
Code:
include('/path/to/torcheck.php');
$ipaddress = $_SERVER['REMOTE_ADDR'];
if($tornode == 1){
// tor client, do something
// uncomment to exit
// exit();
// uncomment to redirect
// header("Location:http://www.somewhere.com/");
// exit();
// uncomment to send email
// $adminemail = '[email protected]';
// $errormessage =
// 'Issue: Tor request' . "\n" .
// 'Users IP Address: ' . $_SERVER['REMOTE_ADDR'] . "\n" .
// 'User Agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\n" .
// 'Referring URL: ' . $_SERVER['HTTP_REFERER'] . "\n" .
// 'URL Clicked: ' . 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\n" .
// 'IP Info: ' . 'http://www.ip-adress.com/ip_tracer/' . $_SERVER['REMOTE_ADDR'];
// mail($adminemail, "Tor Request", $errormessage, "From: $adminemail");
// uncomment to add to iptables if you use that
// $homeip = 'your ip address you access server with';
// $serverip = 'any server ip you don't want blocked';
// if(!ereg("($homeip|$serverip)",$_SERVER['REMOTE_ADDR'])){
// exec("sudo /sbin/iptables -I INPUT -p tcp -m tcp -s $ipaddress --dport 80 -j DROP");
// }
}
__________________
PornSiteDomains.com |
|
|
|
|
11-09-2012, 12:21 PM
|
#5 |
|
I’m still alive barley.
Industry Role:
Join Date: Oct 2001
Location: Va
Posts: 10,060
|
WOW That's hot... have you tried it?
__________________
|
|
|
|
|
11-09-2012, 12:24 PM
|
#6 |
|
PornSiteDomains.com
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
|
__________________
PornSiteDomains.com |
|
|
|
|
11-09-2012, 12:46 PM
|
#7 |
|
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
|
Thats pretty brilliant but why not a simple script to just pass the IP to blackbox proxy and handle the return code...let them do all the proxy collection info stuff
Im not all that with scripting I havent coded in years blackbox works like so When you want to check if someone is using a proxy, simply request: http://www.shroomery.org/ythan/proxy...p?ip=127.0.0.1 The response is a single character and will contain one of three values: Y if it's a proxy, N if it isn't, or X if there's an error.
__________________
Mike South It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz. |
|
|
|
|
11-09-2012, 01:00 PM
|
#8 |
|
PornSiteDomains.com
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
|
Don't know anything about that blackbox service. Doing it locally though would be faster since you don't have to make requests over the Internet like you do with that one. You can update the list as often as you want with the cron job, don't know how often the list that blackbox program uses updates. While I assume it gets the list of ips from the same sources, I don't know. Also don't know what other ips are in the list that are getting blocked, where as with this script you know they are only tor ips.
__________________
PornSiteDomains.com |
|
|
|
|
11-09-2012, 01:03 PM
|
#9 |
|
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
|
good point thanks much to both of you
__________________
Mike South It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz. |
|
|
|
|
11-09-2012, 01:21 PM
|
#10 |
|
PornSiteDomains.com
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
|
your welcome, btw, I just tried about 10 tor IPs on the URL you provided and about 50% were detected. Maybe you could try using both.
Also while I only use the third bit of code I posted in one file, if anyone tries the code and wants to protect more than one file, you should put the third bit of code in a file named say includetorcheck.php and include it in the top of other pages you want to protect with include('/path/to/includetorcheck.php');
__________________
PornSiteDomains.com |
|
|
|
|
11-09-2012, 01:56 PM
|
#11 |
|
PornSiteDomains.com
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
|
For that blackbox service you could test something like the following.
Code:
<?php
$proxycheckurl = 'http://www.shroomery.org/ythan/proxycheck.php?ip=' . $_SERVER['REMOTE_ADDR'];
$proxy = @file_get_contents("$proxycheckurl");
if($proxy == 'Y'){
// proxy, do something like exit or redirect
// exit();
// header("Location:http://www.somewhere.com/");
// exit();
}elseif($proxy == 'N'){
// does not look like proxy, do nothing
}else{
// error, do nothing
}
?>
__________________
PornSiteDomains.com |
|
|
|
|
11-09-2012, 02:10 PM
|
#12 |
|
Confirmed User
Industry Role:
Join Date: Jun 2003
Location: My High Horse
Posts: 6,334
|
FWIW i used this code as a quick fix and strongbox went from blocking 3 attempts per sec down to 2 in an hour so this is catching a good many attempts
RewriteEngine on RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ RewriteRule ^(.*)$ - [F]
__________________
Mike South It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz. |
|
|
|
|
11-09-2012, 02:41 PM
|
#13 |
|
PornSiteDomains.com
Industry Role:
Join Date: Oct 2002
Location: US
Posts: 1,265
|
Good to hear, if you continue to get 3 or more attempts per second, you may want to consider temporarily blocking the IPs from future access attempts to reduce web server load instead of just dropping the connection each time. Bit more involved but following page contains info on how to implement it with the Rewrite you are using.
http://www.rlaprise.net/testing-solu...-and-iptables/
__________________
PornSiteDomains.com |
|
|
|
