Opened 7 years ago

Closed 6 years ago

#1607 closed improve feature (wontfix)

log ip and username on signup if their ip are on any dns block lists

Reported by: coroa Owned by: coroa
Priority: major Milestone: unassigned
Component: BW Profile Keywords:
Cc:

Description

at the end of the signup the user's ip check against lists commonly used by email spam filters (http://cbl.abuseat.org/) and create a log entry, if the check returns positive. Also add a new configuration item to the ini:

[dnsblock] dns="dnshost1.fqdn,dnshost2.fqdn,..." Config fallback should be checking sbl.spamhaus.org and sbl-xbl.spamhaus.org. Dynamical ips are only listed in xbl, we may or may not want to check against both.

Change History (11)

comment:2 Changed 7 years ago by planetcruiser

it's on alpha since a couple of days. where is this logged to? i mean, how can we see the entries?

comment:3 Changed 7 years ago by coroa

the logs can in general be accessed by http://alpha.bewelcome.org/bw/admin/adminlogs.php using Type "Signup" and setting one of the having fields to "dnsblock".

but, as the code is only logging signups on alpha.bewelcome.org there has no data been gathered so far.

all the more, as, when we just tried, it turned out, that i introduced a typo in a last minute clean-up of my code, so that the signup on alpha was even aborting with a failure. :((

Fixes of my code have just been committed to
https://gitorious.org/bewelcome/rox/commit/04547a6e84784f666a605dd572fb5f7b9d525eb9
(and https://gitorious.org/bewelcome/rox/commit/ebb5405c8ee79e687c1ffeb575a09e3331be449e)

if we found a proxy which returns as blocked on http://www.spamhaus.org/lookup.lasso, we would be able to test it then on alpha. but we sooner or later have to push it to production to get any realworld data.

comment:4 Changed 7 years ago by planetcruiser

hm, i am not sure if i am so happy about the real-time checking. what if the servers are blocked, down or slow? what time-outs do we have?

ideally this would be run as a cron job, eating away a queue. it makes it more complex, i know, but the experience for the user will be greatly improved

comment:5 Changed 7 years ago by planetcruiser

  • Owner changed from coroa to planetcruiser
  • Status changed from new to accepted

will implement time-outs before letting this go live

comment:6 Changed 7 years ago by planetcruiser

  • Milestone changed from 0.5.8 - bugfixing to unassigned
  • Owner changed from planetcruiser to coroa
  • Status changed from accepted to assigned

sorry, i didn't find a way to define time-outs for checkdnsrr() and i don't think this is possible.

in my network here (turk telekom) sbl.spamhaus.org and sbl-xbl.spamhaus.org don't even resolve on the local dns (see http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#261). the sign-up page times out after 30s or so. i know the situation on deer (alpha, www) is different, but we can not tell for how long..

this is potentially slowing down every new user because of a few spammers, which i don't think is acceptable. hence i removed the dns check via https://gitorious.org/bewelcome/rox/commit/b06f00ff010ff4685da56dac800ddd6c5a110278

sorry, but i think we need to find a different solution.. :-/

comment:7 Changed 6 years ago by TimLoal

  • Component changed from unknown to BW General
  • Type changed from unknown to improve feature

comment:8 Changed 6 years ago by TimLoal

  • Component changed from BW General to BW Profile

comment:9 Changed 6 years ago by jsfan

  • Milestone Future deleted

Milestone Future deleted

comment:10 Changed 6 years ago by shevek

  • Milestone set to unassigned

I don't like the idea to block based on lists at all. That normally fails...

Anyway as there wasn't any new idea how to handle this in the last 10 months: Close?

comment:11 Changed 6 years ago by planetcruiser

  • Resolution set to wontfix
  • Status changed from assigned to closed

looks like coroa is busy with other things. we could consider some sort of ranking if a user ip is in a blacklist, but at the moment we don't have a big spam problem. so, i'd close for now.

Note: See TracTickets for help on using tickets.