Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 06:43 pm EDT

Geeklog Forums

New Plugin Ban


Status: offline

tomw

Forum User
Full Member
Registered: 08/12/02
Posts: 300
happy
I have created a new plugin that allows you to ban people and web bots. It allows you great flexibility in that you can ban by IP or Referer or the HTTP_USER_AGENT or the page name. All the bans use regular expressions allowing for even greater flexibility. I have included several examples to make it easier.

You may ask why you would want to ban a webbot. I ban them for several reasons 1) abuse of resources 2) idealogical differences e.g. Name Protect, or Cyveillance 3) privacy (email harvesters).

I have also included a little bonus. I put the log for the ban plugin in the normal geeklog logs directory and made a simple log viewer that will allow you to view the access, error, or ban logs.

Oh yeah you can get this plugin at the Gplugs SF Site.

Enjoy
Tom
 Quote

Status: offline

destr0yr

Forum User
Full Member
Registered: 07/06/02
Posts: 324
Tom, you kick-ass. Keep up the incredible work.

Question... that DHTML Menu thing that i have on my site... you suggested i "turn that into a plugin"... where should i start? Non-coder, etc... *shrugs*
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
 Quote

Status: offline

destr0yr

Forum User
Full Member
Registered: 07/06/02
Posts: 324
Ohh.. just installed this Ban plugin, one thing missing in the install. You may have to go into /logs/ and create a ban.log with the appropriate permissions.

Text Formatted Code
cd <geeklog_dir>/logs/
touch ban.log
chmod 755 ban.log

if 755 doesn't work, try 777.

-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
 Quote

Status: offline

tomw

Forum User
Full Member
Registered: 08/12/02
Posts: 300
caffeinated
You may have to create the ban.log but the code is set up to create the file if it is not there. The directory permissions should already be set by the Geeklog install. The program should create ban.log with the webserver as the user and the appropriate permissions the first time it is needed, but that is assumning the server is set up correctly.

TomW
 Quote

Status: offline

tomw

Forum User
Full Member
Registered: 08/12/02
Posts: 300
Turning something like the DHTML menu into a plugin can be done on several levels. Here is how I develop a plugin.

1) Get the brilliant Idea.
2) Manually add the plugin to the Geeklog system so that it will look for and load the functions.inc, config.php, language files, etc.
3) I then use the universal plugin code to flesh out the basic code.
4) Then I decide what needs to be in the admin and user pages and start coding.
5) Turn the functioning admin and user pages into template driven pages.
6) Extract the language to the language file.
7) Flesh out the install/uninstall.
8) Let it run for a few days and install/uninstall on different machines.
9) Work on the docs.
10) Release it and wait for the bug reports.

If you need specific help contact me off list.

TomW
 Quote

Status: offline

tomw

Forum User
Full Member
Registered: 08/12/02
Posts: 300
excited
I have noticed a bunch of email harvesters snooping my sites lately and so I set up a trap for them and all other bad bots. With my ban plugin installed I had the tools I needed to easily do this.

First I edited my robots.txt and at the top I put

User-Agent: *
Disallow: /guestbook

This set the bait and will prevent any good bot from biting.

Second I created the directory and created an index.php and put it in the directory. The index.php contains the following code:

Text Formatted Code
<?
require_once('../lib-common.php');
DB_query("INSERT INTO {$_TABLES['ban']} VALUES ('REMOTE_ADDR', '{$REMOTE_ADDR}')",1);
BAN_Log("Bad Bot Trapped from ip $REMOTE_ADDR");
$display = '<html><head></head><body>';
$display .= 'Bad Bot!!';
$display .= '</body></html>';
echo $display;
?>


All done. If any bot goes there and loads the page they receive a page that says Bad Bot!! and their ip is entered in the ban table so all they will ever get from my site thereafter is a blank page.

Caught two last night.

Now I just need to develop an easy way to share my ban table among several webservers.

TomW
 Quote

Status: offline

scroff

Forum User
Regular Poster
Registered: 02/19/03
Posts: 111
confused
Has anybody else seen the fake blogs (fronting for porn sites) linking to legit blogs' referrer lists? Check out this story on Idly.org if not, or for more information.
Anyway, this led me to download and install this ban plugin, which I think is working. I tried it from my job and was banned, but it seems the people I'm trying to ban get through. If someone is banned, will they still show up in the site stats? Or is it that the page I'm sending them to, although not a gl php page (forbidden.html), is in my public_html, where gl resides? I'm not sure if they're banned or not...
thanks...
 Quote

Status: offline

tomw

Forum User
Full Member
Registered: 08/12/02
Posts: 300
You can look in your ban log to see if they are banned. Have you noticed the drug ads in your comments. Check out the latest comment on this site Suggestions for ...

I have noticed several on my sites posted from Mexican dialup accounts. By the way they got there searching google for sites with comments.

TomW
 Quote

Status: offline

Tony

Site Admin
Admin
Registered: 12/17/01
Posts: 405
Location:Urbandale, Iowa
Tom, does this handle banning by username? I have a need to ban users by username (just banned a jerk on Iowa Outdoors today) and I like to keep their account around so that they can't reuse the email address. Of course the joker I'm dealing with is using an AOL proxy so banning by IP is useless and worse yet he has been registering email addresses on Yahoo to get new accounts.

Also, I'd talk to Dirk, I think the log view thingy you have is something that should be shipped with GL as part of a stock install. If you want I can mention it to Dirk. Let me know.

--Tony
The reason people blame things on previous generations is that there's only one other choice.
 Quote

Status: offline

destr0yr

Forum User
Full Member
Registered: 07/06/02
Posts: 324
Quote by Tony: Tom, does this handle banning by username?


Check this: http://www.geeklog.net/filemgmt/singlefile.php?lid=200.


-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
 Quote

Status: offline

tomw

Forum User
Full Member
Registered: 08/12/02
Posts: 300
Tony,

It doesn't handle banning by username but that would be a simple addition. I didn't consider the possibility you would want to ban someone but still keep their user account intact.

The log view is nice and very easy to implement. The way I made it lists all the logs in the log directory so that any plugin can put a log there and it will pick it up. You are welcome as always to take it, modify it and use it in the core install if you want.

TomW
 Quote

Status: offline

Tony

Site Admin
Admin
Registered: 12/17/01
Posts: 405
Location:Urbandale, Iowa
destroyer, I saw that, but I'd prefer that one plugin handle *all* the banning.

--Tony
The reason people blame things on previous generations is that there's only one other choice.
 Quote

Status: offline

destr0yr

Forum User
Full Member
Registered: 07/06/02
Posts: 324
Quote by Tony: destroyer, I saw that, but I'd prefer that one plugin handle *all* the banning.

--Tony

cool, i hear yah.

-- James.
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams
 Quote

All times are EDT. The time is now 06:43 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content