Permalink
Browse files

RSS banning stuff

  • Loading branch information...
1 parent 8c0caf6 commit 1249a179f418e1dd120e2e67a8f98fd4ea5209d1 @pudge pudge committed Mar 25, 2003
@@ -6,10 +6,14 @@
package Slash::Apache::Banlist;
use strict;
-use Slash::Utility;
-use Slash::Display;
-use Digest::MD5 'md5_hex';
use Apache::Constants qw(:common);
+use Digest::MD5 'md5_hex';
+
+use Slash;
+use Slash::Display;
+use Slash::Utility;
+use Slash::XML;
+
use vars qw($VERSION);
($VERSION) = ' $Revision$ ' =~ /\$Revision:\s+([^\s]+)/;
@@ -29,20 +33,73 @@ sub handler {
my $slashdb = getCurrentDB();
$slashdb->sqlConnect();
-
- my $banlist = $slashdb->getBanList();
+ my $is_rss = $r->uri =~ m{(
+ \.(?:xml|rss|rdf)$
+ |
+ content_type=rss
+ )}x; # also check for content_type in POST?
+
+ # check for ban
+ my $banlist = $slashdb->getBanList();
if ($banlist->{$cur_ipid} || $banlist->{$cur_subnet}) {
+ return _send_rss($r, 'ban') if $is_rss;
+
$r->custom_response(FORBIDDEN,
- slashDisplay('bannedtext_ipid', { ip => $cur_ip },
- { Return => 1} )
+ slashDisplay('bannedtext_ipid',
+ { ip => $cur_ip },
+ { Return => 1 }
+ )
);
return FORBIDDEN;
}
+ # check for RSS abuse
+ my $rsslist = $slashdb->getNorssList();
+ if ($is_rss && ($rsslist->{$cur_ipid} || $rsslist->{$cur_subnet})) {
+ return _send_rss($r, 'abuse');
+ }
+
return OK;
}
+
+sub _send_rss {
+ my($r, $type) = @_;
+ $r->content_type('text/xml');
+ $r->status(200);
+ $r->send_http_header;
+ $r->print(_get_rss_msg($type));
+ return DONE;
+}
+
+{
+# templates don't work with Slash::XML right now,
+# and redirecting will cause *more* traffic than
+# just spitting it out here; so cache it in $RSS_*
+my(%RSS);
+
+sub _get_rss_msg {
+ my($type) = @_;
+ $type ||= 'abuse';
+
+ return $RSS{$type} if exists $RSS{$type};
+
+ # template puts data in $items
+ my $items = [];
+ slashDisplay('bannedtext_rss', {
+ items => $items,
+ type => $type,
+ }, { Return => 1 });
+
+ return $RSS{$type} = xmlDisplay(rss => {
+ rdfitemdesc => 1,
+ items => $items,
+ }, { Return => 1 } );
+}
+
+}
+
sub DESTROY { }
1;
View
@@ -612,6 +612,7 @@ INSERT INTO vars (name, value, description) VALUES ('admin_formkeys', '0', 'Do a
INSERT INTO vars (name, value, description) VALUES ('admin_secure_ip_regex', '^127\\.', 'IP addresses or networks known to be secure.');
INSERT INTO vars (name, value, description) VALUES ('admin_timeout','30','time in minutes before idle admin session ends');
INSERT INTO vars (name, value, description) VALUES ('adminmail','admin@example.com','All admin mail goes here');
+INSERT INTO vars (name, value, description) VALUES ('adminmail_ban','admin@example.com','All admin mail about users being banned goes here');
INSERT INTO vars (name, value, description) VALUES ('adminmail_mod','admin@example.com','All admin mail about moderation goes here');
INSERT INTO vars (name, value, description) VALUES ('adminmail_post','admin@example.com','All admin mail about comment posting goes here');
INSERT INTO vars (name, value, description) VALUES ('allow_anonymous','1','allow anonymous posters');
View
@@ -1395,3 +1395,6 @@ INSERT INTO vars (name, value, description) VALUES ('adminmail_last_run','2003-0
ALTER TABLE accesslist ADD COLUMN adminuid mediumint(8) unsigned NOT NULL default '0' AFTER id;
# DEVCHANNEL LAST UPDATED HERE
+
+# CHANGE THIS TO YOUR OWN ADMIN EMAIL ADDRESS
+#INSERT INTO vars (name, value, description) VALUES ('adminmail_ban','admin@example.com','All admin mail about users being banned goes here');
@@ -17,18 +17,16 @@ __template__
<HTML>
<HEAD><TITLE>BANNED!</TITLE></HEAD>
<BODY BGCOLOR="pink">
-<H1>Either your network or ip address has been banned
-from this site</H1><BR>
-due to script flooding that originated
-from your network or ip address
--- or this IP might have been used to post comments designed to break
-web browser rendering.
-If you feel that this is unwarranted, feel free to include your IP address
-(<b>[% ip %]</b>) in the subject of an email, and we will examine why
-there is a ban. If you fail to include the IP address (again,
-<em>in the subject!</em>), then
-your message will be deleted and ignored. I mean come on,
-we're good, we're not psychic.
+<H1>Either your network or IP address has been banned from [% constants.sitename %]</H1><BR>
+Either your network or IP address has been banned from [% constants.sitename %],
+due to script flooding, or the posting of comments designed to break web browser
+rendering, that originated from your network or IP address. If you feel that
+this is unwarranted, feel free to include your IP address (<b>[% ip %]</b>) in the
+subject of an email to
+<A HREF="mailto:[% constants.adminmail_ban | strip_attribute %]">[% constants.adminmail_ban %]</A>,
+and we will examine why there is a ban. If you fail to include the IP address (again,
+<em>in the subject!</em>), then your message will be deleted and ignored. I mean
+come on, we're good, we're not psychic.
</BODY>
</HTML>
@@ -0,0 +1,45 @@
+__section__
+default
+__description__
+Set RSS items to display to users banned either for
+RSS abuse ('abuse') or by IPID/SubnetID ('ban').
+
+* type = 'abuse' or 'ban'
+* items = data structure to modify, for use by Perl
+
+__title__
+
+__page__
+misc
+__lang__
+en_US
+__name__
+bannedtext_rss
+__template__
+[% SWITCH type;
+ CASE 'abuse';
+ items.push({
+ title => "Why Do I Not Get the Latest Stories in RSS?",
+ link => "$constants.absolutedir/faq/",
+ description => "Your RSS reader is abusing the $constants.sitename server. You are requesting pages more often than our terms of service allow. Please see the FAQ for more information, or email $constants.adminmail_ban."
+ });
+
+ CASE 'ban';
+ items.push({
+ title => "Why is My IP Banned?",
+ link => "$constants.absolutedir/faq/accounts.shtml#ac900",
+ description => "Perhaps your IP was used to abuse the web site or perform a DoS attack, or you share a proxy server with someone who has. Please see the FAQ for more information."
+ });
+
+ items.push({
+ title => "How do I unban my IP?",
+ link => "$constants.absolutedir/faq/accounts.shtml#ac1000",
+ description => "Email $constants.adminmail_ban. Make sure to include the IP in question, and any other pertinent information. If you are connecting through a proxy server, you might need to have your proxy server's admin contact us instead of you. Please see the FAQ for more information."
+ });
+
+END %]
+
+__seclev__
+500
+__version__
+$Id$
@@ -16,18 +16,15 @@ __template__
<HEAD><TITLE>BANNED!</TITLE></HEAD>
<BODY BGCOLOR="pink">
<H1>Your user account has been banned from [% constants.sitename %]</H1><BR>
-Due to questionable activity from this user account, it has been
-temporarily disabled. Actions that would cause this ban are posting
-comments designed to intentionally break comment rendering for other
-users, or running some sort of script or program that loaded an
-unacceptable number of pages in a short time frame.
-<p>If you feel that this is unwarranted, feel free to include your UID
-(<b>[% user.uid %]</b>) in the subject of an email, and we will examine why
-there is a ban. If you fail to include the UID (again,
-<em>in the subject!</em>), then
-your message will be deleted and ignored. I mean come
-on, we're good, we're not psychic. Send your email to
-<a href="mailto:[% constants.adminmail | strip_attribute %]">[% constants.adminmail %]</a>.
+Your user account has been banned from [% constants.sitename %],
+due to script flooding, or the posting of comments designed to break web browser
+rendering, that originated from your network or IP address. If you feel that
+this is unwarranted, feel free to include your UID (<b>[% user.uid %]</b>) in the
+subject of an email to
+<A HREF="mailto:[% constants.adminmail_ban | strip_attribute %]">[% constants.adminmail_ban %]</A>,
+and we will examine why there is a ban. If you fail to include the UID (again,
+<em>in the subject!</em>), then your message will be deleted and ignored. I mean
+come on, we're good, we're not psychic.
</BODY>
</HTML>

0 comments on commit 1249a17

Please sign in to comment.