infinity icon indicating copy to clipboard operation
infinity copied to clipboard
verified publisher icon ctrlcctrlv

don't count open proxies, etc. as "unique" IP addresses

Open bui opened this issue 10 years ago • 3 comments

thanks https://8ch.net/operate/res/14718.html#14782

the filter for non-counted IP addresses should be stricter than the current DNSBL block, preferably a popular/accurate DNSBL. I will soon test the IPs 8chan didn't catch when I posted against some DNSBLs and see which one works best

other sources that should be accounted for:

  • vpngate
  • hola
  • manual proxy scraping

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

bui avatar Apr 26 '15 20:04 bui

I had this on the todo list:

  1. Better open proxy detection to prevent Bui style floods in inc/dnsbls.php. Involves implementing a port scanning service and considering users with ports 80, 8080, 3128, et cetera to be possible open proxies and forcing them to do the 24 hour DNSBL CAPTCHA

https://8ch.net/operate/res/8575.html#8575

I got quite far with it, but it suffers from a few problems:

  1. users running legitimate web services would be automatically caught by the portscan block;
  2. the portscanning service could simply be DDoSed and then the site would be spammed, making it ineffective.

Here's how nmap.sh works...

  1. Validate $QUERY_STRING to be a valid IPv4 address (8chan only allows IPv4 for the time being, it's disabled both in CloudFlare and at the DC network level)
  2. Run nmap:
NMAPOUT=`nmap -oX - -T5 --host-timeout 4s -n -sS -PN -p80,8080,8000,1080,3128,8123,8001 "$QUERY_STRING" 2>&1`
  1. If any of those ports is open, cache results as a known possible open proxy for a week. If the portscan service does not return with a true/false in 2 seconds, post.php will ignore the first result (continue with the post) but on the second request to the portscan service it will be reject and direct users to dnsbls_bypass.php which will set a cookie in their browser like for Tor.

What do you think?

ctrlcctrlv avatar Apr 27 '15 00:04 ctrlcctrlv

vpngate

Already b& (to my knowledge) by BBQ.2ch, one of the DNSBLs we use: http://info.2ch.net/index.php/BBQ

hola

This one is quite a challenge because from what I read about its operation how it works is by using the IPs of every user with it installed as exit nodes. Thankfully there's no automated way to post from it...yet.

ctrlcctrlv avatar Apr 27 '15 00:04 ctrlcctrlv

  1. users running legitimate web services would be automatically caught by the portscan block;

in those instances, maybe consider checking if it actually is an open proxy running. I'm sure there's a way to do that without wasting too much time

  1. the portscanning service could simply be DDoSed and then the site would be spammed, making it ineffective.

but could it really be attacked? what if you cache "clean" IPs too?

bui avatar Apr 27 '15 00:04 bui