Page Index Toggle Pages: 1
Topic Tools
Normal Topic .htaccess and Guardian (Read 1,803 times)
TannerLynd
YaBB Newcomer
*
Offline



Posts: 7

None
.htaccess and Guardian
Nov 20th, 2011 at 3:19pm
Post Tools
Because my forum is locally focused I use .htaccess to ALLOW only U.S. ip's, to cut down on the spam kings of Russia and China and the like.

However; if I allow Guardian to add ip's banned because of harvesting or whatever, Guardian's altering of the file seems to cause it to fail so that my Russian antagonists and all others can once again access the site. The only real thing I see Guardian do is strip some of the header, but nothing that should effect operation. However it does append its bans after the allow list in a new section.

I thought the issue was the allow/deny order within .htaccess, having "deny from all" in the list. Removing "Deny from all" and getting my order correct fixed the raw list, but any change from Guardian opens the gates across the pond again, and these guys seem to sit at the gate.

Any ideas?
  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: .htaccess and Guardian
Reply #1 - Nov 20th, 2011 at 10:41pm
Post Tools
It might be useful to see the 'before/after' and the actual .htaccess code involved.  Also - where is your .htaccess file located in your Document Root.???

Good Luck
Smiley

  

I find your lack of faith disturbing.
Back to top
IP Logged
 
TannerLynd
YaBB Newcomer
*
Offline



Posts: 7

None
Re: .htaccess and Guardian
Reply #2 - Nov 23rd, 2011 at 4:07am
Post Tools
I guess if I got into the code I might change where Guardian looks for .htaccess, but not having done that it's located where Guardian defaults to see it: .../cgi-bin/yabb2/

The premise of the .htaccess file is to lock out the world and only Allow the U.S., so all the IP's in the file make it over a meg long, so I won't post the whole file here, but I'll give you the head and foot, as that's where Guardian makes it's changes:

Quote:
Head of file:

<Limit GET HEAD POST>
order allow,deny
# Country: UNITED STATES
# ISO Code: US
# Total Networks: 40,389
# Total Subnets:  1,531,462,904
allow from 3.0.0.0/8
allow from 4.0.0.0/8
allow from 6.0.0.0/8
allow from 7.0.0.0/8
allow from 8.0.0.0/8
allow from 9.0.0.0/8
allow from 11.0.0.0/8
blah blah hundreds later...

End of file:

allow from 216.255.160.0/20
allow from 216.255.176.0/20
allow from 216.255.192.0/19
allow from 216.255.240.0/20
#
#deny from all
Deny from 129.121.96.85
Deny from 91.224.246.87
deny from 98.197.94.83
deny from 173.236.25.162
deny from 207.126.165.187
</Limit>


Above is a Guardian untouched file. I've turned off Guardian's ability to alter the file so when I get an offending user I manually add them as you see in the closing deny from's before the file end.

Crap, you know what? I just figured out what it's doing, so I beg forgiveness for not showing the Guardian alteration because you guys will back me up on this without seeing it.

Guardian, when it adds an offending user wants to deny the offenders ip. It strips the header on the file and adds its own and Guardian's ORDER statement turns around the logic so that it states:

order deny,allow;

which turns the logic around backassward and now opens the gates for the world to walk through, as it appends the offensive ip to the list.

If you guys don't agree with me on that epiphany, I'll gladly finish the work and allow Guardian to alter the file, but I think you'll agree it's not necessary.

With that, what I need to do is get into the Guardian template?, is there one?... and alter the line that writes the ORDER statement to the file and that should cure the problem.

Any dissension to the premise?
« Last Edit: Nov 23rd, 2011 at 4:09am by TannerLynd »  
Back to top
 
IP Logged
 
TannerLynd
YaBB Newcomer
*
Offline



Posts: 7

None
Re: .htaccess and Guardian
Reply #3 - Nov 23rd, 2011 at 4:45am
Post Tools
Silly, cocky me. I thought I'd find a template for Guardian and barring that the line that wrote the ORDER statement in the .pl file would just jump right out at me. If I'm in the right perl file it doesn't jump out at me. I got into GuardianAdmin.pl to look for the .htaccess write lines, which do appear to be there, but I'm not good enough with perl to figure this out it seems.

Given I'm correct on the premise, anyone feel charitable in guiding me to alter the Guardian code so it writes the ORDER  statement in .htaccess as:

order allow,deny

instead of:

order deny,allow

as it currently will do?
  
Back to top
 
IP Logged
 
TannerLynd
YaBB Newcomer
*
Offline



Posts: 7

None
Re: .htaccess and Guardian
Reply #4 - Dec 1st, 2011 at 3:22pm
Post Tools
(Raises right arm and sniffs briefly twice.)  Huh
  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: .htaccess and Guardian
Reply #5 - Dec 2nd, 2011 at 4:49pm
Post Tools
There is no need to check for offensive odors - there simply is no one qualified to respond to that.

No one in the project at this moment wrote that code - it goes back a long time.

You might try a request on BoardMod or Carsten's - but that 'kind of stuff' (core code) isn't usually the subject of modifications.  Maybe I am wrong too, its worth a request.

http://www.boardmod.org/yabb2/YaBB.pl

http://www.carsten-dalgaard.dk/cgi-bin/yabb2/YaBB.pl

Just from a personal view, I don't know the practical value of banning any longer in the world of freely available proxies and 'bot armies'.  Tools like Stop Forum Spam and the ilk seem better suited.  


Good Luck (in a non-sarcastic sense)
Cool
« Last Edit: Dec 2nd, 2011 at 4:50pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
TannerLynd
YaBB Newcomer
*
Offline



Posts: 7

None
Re: .htaccess and Guardian
Reply #6 - Dec 2nd, 2011 at 7:20pm
Post Tools
Thanks for the suggestions Jon. I just happened across another Guardian file, so I'll see if I can figure the code out in there to mod it. It will be a simple fix when I find the line I'm looking for.

I just happened across a saved file after Guardian had altered it, so I will show exactly how Guardian is altering the ORDER line, usurping my inverted method of .htaccess, just so all can understand this thread with all the visuals.

The comment I'd make about my method with .htaccess is that, for me, it has really slammed the door shut on 90% of the world's spammers. What I found was that most of these guys were coming to me out of Russia, China, Latvia, etc. That opened the way for me to slam the border shut to America. Once again, because I am pandering to local traffic only to begin with, I can afford to make US only access the first rule using .htaccess. This method does however necessitate the reversing of the ORDER statement to acheive desired results, and does render Guardian no more than a barking sentry until I get the code fixed. But that still has it's application. It tells me when someone imposes and I can manually take corrective action until I can employ it to do the work once again.

Interestingly, most of these guys don't seem to be employing proxies, or if they do they are choosing offshore sites or something, cause they aren't getting through. I have noticed one or two proxy hits a day now tho, but the ip's in the list still only contain US sites.

Back on track to the benefits of this method with .htaccess: Before I employed this method of shutting the spammers out I had 20 or more hits a day with Pre-registration and Validated registration of these guys. After evoking this strategy, one or two of these a day max. And... I just looked at the registration log and I had a complete lull in undesirables registering from November 29th to today, tho the traffic has picked up to previous levels of one or two beginning again yesterday.

So it's not a cure-all, but it does limit spammers to being inside the country at least anyway, and we don't have near as many active as the rest of the globe it appears.

I do intend to employee one of the other options on top of this as well, to hopefully remove the one or two a day remaining.
  
Back to top
 
IP Logged
 
TannerLynd
YaBB Newcomer
*
Offline



Posts: 7

None
Re: .htaccess and Guardian
Reply #7 - Dec 2nd, 2011 at 7:36pm
Post Tools
So I can't give a dissertation on the order of operation of deny/allow within the ORDER statement of the .htaccess file of Apache, but I can tell you the order of those two within the statement is the difference between ip allowed and ip banned, even tho the individual ip lines start with allow or deny themselves.

Guardian expects the statement to be used one way so it can ban additional ip's using the deny statement. Because I'm closing borders I have to use it inverted. If I allow Guardian to alter the file to add IP's, it rewrites the ORDER statement each time it adds a banned IP to the list, turning the order back around and rendering the borders open again somehow in the process.

You have the header of the .htaccess file that closes the borders and only allow US IP's above, earlier in the thread, below is the Guardian altered header which clearly shows Guardian turning the ORDER statement back around, re-opening the borders. I'll include the Guardian footer as well just so we can see how it adds to such a file to try and ban more IP's.

Quote:
# Last modified by The Guardian: Nov 15<sup>th</sup>, 2011 at 2:25pm #

<Limit GET HEAD POST>
order deny,allow
allow from 3.0.0.0/8
allow from 4.0.0.0/8
allow from 6.0.0.0/8
allow from 7.0.0.0/8
allow from 8.0.0.0/8
allow from 9.0.0.0/8
allow from 11.0.0.0/8
allow from 12.0.0.0/8
~~~~~

allow from 216.255.64.0/19
allow from 216.255.96.0/19
allow from 216.255.128.0/19
allow from 216.255.160.0/20
allow from 216.255.176.0/20
allow from 216.255.192.0/19
allow from 216.255.240.0/20
deny from all
</Limit>

<Files YaBB*>
Deny from 129.121.96.85
Deny from 91.224.246.87
</Files>




  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,036
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: .htaccess and Guardian
Reply #8 - Dec 5th, 2011 at 4:10pm
Post Tools
This Topic was moved here from General Usage and Feature Troubleshooting [move by] JonB.
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools