don't count open proxies, etc. as "unique" IP addresses #489
2 participants
I had this on the todo list:
3) Better open proxy detection to prevent Bui style floods in inc/dnsbls.php. Involves implementing a port scanning service and considering users with ports 80, 8080, 3128, et cetera to be possible open proxies and forcing them to do the 24 hour DNSBL CAPTCHA
https://8ch.net/operate/res/8575.html#8575
I got quite far with it, but it suffers from a few problems:
1) users running legitimate web services would be automatically caught by the portscan block;
2) the portscanning service could simply be DDoSed and then the site would be spammed, making it ineffective.
Here's how nmap.sh works...
1) Validate $QUERY_STRING to be a valid IPv4 address (8chan only allows IPv4 for the time being, it's disabled both in CloudFlare and at the DC network level)
2) Run nmap:
NMAPOUT=`nmap -oX - -T5 --host-timeout 4s -n -sS -PN -p80,8080,8000,1080,3128,8123,8001 "$QUERY_STRING" 2>&1`
3) If any of those ports is open, cache results as a known possible open proxy for a week. If the portscan service does not return with a true/false in 2 seconds, post.php will ignore the first result (continue with the post) but on the second request to the portscan service it will be reject and direct users to dnsbls_bypass.php which will set a cookie in their browser like for Tor.
What do you think?
vpngate
Already b& (to my knowledge) by BBQ.2ch, one of the DNSBLs we use: http://info.2ch.net/index.php/BBQ
hola
This one is quite a challenge because from what I read about its operation how it works is by using the IPs of every user with it installed as exit nodes. Thankfully there's no automated way to post from it...yet.
1) users running legitimate web services would be automatically caught by the portscan block;
in those instances, maybe consider checking if it actually is an open proxy running. I'm sure there's a way to do that without wasting too much time
2) the portscanning service could simply be DDoSed and then the site would be spammed, making it ineffective.
but could it really be attacked? what if you cache "clean" IPs too?
thanks https://8ch.net/operate/res/14718.html#14782
the filter for non-counted IP addresses should be stricter than the current DNSBL block, preferably a popular/accurate DNSBL. I will soon test the IPs 8chan didn't catch when I posted against some DNSBLs and see which one works best
other sources that should be accounted for:
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.