![]() |
|
zenHttpbl Refreshed! - Printable Version +- ZenphotoCMS Forum (https://forum.zenphoto.org) +-- Forum: Support (https://forum.zenphoto.org/forum-1.html) +--- Forum: General support (https://forum.zenphoto.org/forum-4.html) +--- Thread: zenHttpbl Refreshed! (/thread-10990.html) |
zenHttpbl Refreshed! - micheall - 2013-04-12 So, as I had a bit of time tonight, I dusted off the old coding fingers and dabbled with the zenHttpbl plugin. I did make a few minor changes (See Changelog) and I also moved the plugin to a GitHub repository. [b]What is zenHttpbl?[/b] So if a malicious IP attempts to access your site, not only will it stop them from accessing your site, it stops the traffic completely that would be generated from loading the pages. [b]Download[/b] [b]Changelog[/b] Version update after testing with 1.4.4.4 build. Please feel free to respond if you have any questions or notice any errors. Edit: zenHttpbl Refreshed! - jphilbert - 2013-04-12 SWEET! zenHttpbl Refreshed! - vincent3569 - 2013-04-12 hi in admin/logs/security, I regularly see attempts to connect to my site. is that this plugin will block access to the connection url to identified spammers ? btw, there was a ticket on bugtracker (I don't remerber ticket number) to implement a honeypot on comment post (a hidden field that allows to detect spammer if it is filled). zenHttpbl Refreshed! - acrylian - 2013-04-12 I think it might also catch spam by human spammers like Akismet if they post from a know IP. Btw, note for EU based users that sending (and possibly storing) IPs to US servers for checking can be a privacy and legal issue. Akismet for example is a bit problemtic in German law. zenHttpbl Refreshed! - micheall - 2013-04-12 @acrylian - Good note there, I will put a disclaimer on the readme for that as I had forgotten about that. @vincent This is a bit different than an anti-spam plug-in like Akismet. By the time those plug-ins have checked to see if the IP is a spammer etc, your site has already served traffic (images etc) to the spammer. If any of that traffic contains email addresses, harvesters & spammers grab that info no problem. What the Project Honey Pot plugin does happens before any webpage traffic is sent to the user(or malicious bot). Then if the IP is in the database, it is then diverted to either a honeypot, or simply exits() the php call stopping the remaining traffic. zenHttpbl Refreshed! - acrylian - 2013-04-12 Since you are not in the EU it is probably nothing you directly have to be concerned about. I just wanted to mention it and if you put a note there great. People should know about their law if using such services. zenHttpbl Refreshed! - micheall - 2013-04-12 @acrylian - Question about the German privacy laws. How would this plugin be doing anything different than say "OpenID" login where the data is checked against another server (often US based)? Could you link me to a good reference of the priv laws? When I google I get a bunch of blogs about Germany and the Facebook and Google stuff but no actual links to the laws. zenHttpbl Refreshed! - acrylian - 2013-04-12 It is EU in general. I have to look for references btu as said anyone using things needs to know a few things themselves. You cannot do all for them. The difference is that if you use OpenID or any other service to log in you do it yourself on purpose. If this honey pot does do this without the visitor knowing it is problematic. We have strict laws here in the EU..;-) zenHttpbl Refreshed! - micheall - 2013-04-13 I'd be interested to see how zenHttpbl affects sites getting hit with spammers repeated (such as zenphoto itself). If you are receiving spam traffic and test out this plugin, please leave some comments here to let me know how well it helped! zenHttpbl Refreshed! - sbillard - 2013-04-13 So, I took a look at the code. Very nice and simple. I have an observation for acrylian and his paranoia on IP addresses. First, as I have said many times before, if the EU laws are as he says (I have not looked) then the internet itself is in violation: DNS servers in particular. Probably that is the case, I have often noticed that legislators write laws about things for which they know nothing, thus bollixing everything. But back to the plugin. It does not send an a users IP address anywhere, so would not be in violation. It does send a transformation of the IP address, but that is not the address. If the legislation prohibits sending 4 octet number sets then it it indeed quite expansive and overstepping. There are any number of legitimate uses for octet sets that some suspicious bureaucrat could decide was someone's IP address. If the EU will permit such laws to be valid then they well deserve that the Internet should not work for them. zenHttpbl Refreshed! - micheall - 2013-04-13 Good point sbillard, that's why I was hoping to locate the legislation to read over. To see what it did and did not prohibit. Also, are you interested in trying it on the Zenphoto.org site to see if it eliminates the forum spammers? I'd bet that it drops the amount of spam drastically (I hope). As my site has never had intense spam traffic, I haven't noticed a difference. However seeing the projecthoneypot dashboard I've blocked 2000+ visits since I implemented it. zenHttpbl Refreshed! - sbillard - 2013-04-13 Most traffic on Zenphoto.org is the forum, which unfortunately this will not help. I have modified the forum akismet spam plugin to help make the spam load much less demanding on the moderators and Tris has applied some IP based filtering that has also reduced similar traffic. Tris did say what he installed, but I have forgot. zenHttpbl Refreshed! - micheall - 2013-04-14 Is the /support not a zenphoto page with an include as I assumed? If the /support page is still zenphoto with the forums embedded by some method the plugin should be able to stop the traffic as the plugin is called before the page data is sent. zenHttpbl Refreshed! - fretzl - 2013-04-14 The /support page (forum) is actually separated and uses an independent theme to match the main site layout. zenHttpbl Refreshed! - micheall - 2013-04-14 Ahhh that would make sense then. zenHttpbl Refreshed! - acrylian - 2013-04-14 Quote:I have an observation for acrylian and his paranoia on IP addresses. Here is a lenghtly text about for example how to use the Akismet filter correctly: Quote:The /support page (forum) is actually separated and uses an independent theme to match the main site layout. zenHttpbl Refreshed! - sbillard - 2013-04-14 I never said that the law was not existent, only that it is not enforceable. As described in the article you reference, every Domain Name Server, Router, and Switch are in violation of the law. All store and forward IP addresses. Are these exempt from the law? (The article is a Wordpress interpretation, so may, as it says, not represent the real law.) So, Europe, feel free to enforce this law, you will just not get any content from the US. Or do not enforce the law. But if the law is not uniformly enforced then there is a serious issue with your legal system. BTW, if DNS servers are exempt, then this plugin is also legal since it uses DNS to provide the information. See how slippery such laws are? zenHttpbl Refreshed! - acrylian - 2013-04-14 I think the problem is that these services set up a kind of database ( and that they often keep the right to use and give these to third parties). Over here you have to agree to that explicitly, it cannot be done just so by surfing by (Opt in instead of apparently loved Opt out by basically all US services). Normal DNS-Servers etc. don't do that exactly. But it does not matter if you or I think these laws are slippery or whatever (There are quite few things in the US that look weird from this side of the pond as well..;-)). They exist and we or specifially EU citizens have to live with it (they had a weird idea about cookies as well that was even less practicable...I think that didn't get through - keyword bureaucracy) |