Thread:Extension talk:SpamDnsblAlternative/Changes for use against DDoS drones

I have found this plugin very useful in combatting malicious users on my mediawiki installation. Recently, however, a particularly pernicious troll has engaged in DDoS attacks against my server. As most of these were GET floods, and no attempt to edit or create an account was made, there was little the plugin could do to help despite the majority of the drones being used being listed in my DNSBLs. So, I edited the plugin as follows:

 * @copyright Copyright © 2011, Simon Litt * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License 2.0 or later * @version 1.0.0 */ if(!defined('MEDIAWIKI')) { echo( "This is an extension to the MediaWiki package and cannot be run standalone.\n" ); die(1); }

// Credits $wgExtensionCredits['other'][] = array(	'path'          => __FILE__,	'version'        => '1.0.0',	'name'           => 'Spam DNS Blacklist Alternative ',	'author'         => array( 'Simon Litt' ),	'url'            => 'http://www.mediawiki.org/wiki/Extension:SpamDnsblAlternative',	'description'    => 'Provides DNS-based Blacklist techniques to protect against spam.', );

$wgHooks['EditPage::attemptSave'][] = 'efDnsblAlternativeEdit'; $wgHooks['AbortNewAccount'][] = 'efDnsblAlternativeUserCreate'; $wgHooks['BeforePageDisplay'][] = 'efDnsblAlternativeNoShow';

function efDnsblAlternativeIsDisabled( $ip, $user ) { global $wgEnableDnsBlacklist, $wgDnsBlacklistUrls, $wgProxyWhitelist;

if ( $wgEnableDnsBlacklist || in_array( $ip, $wgProxyWhitelist ) ) return false;

wfDebug( __METHOD__.": checking user ip...\n" ); if ($user->inDnsBlacklist( $ip, $wgDnsBlacklistUrls )) { return true; }

return false; }

function efDnsblAlternativeEdit( $editpage ) { global $wgUser;

if ($wgUser->isAllowed( 'ipblock-exempt' ) || $wgUser->isAllowed( 'proxyunbannable' )) return true;

$ip = wfGetIP;

if ( efDnsblAlternativeIsDisabled($ip, $wgUser) ) { $editpage->spamPageWithContent; return false; }	return true; }

function efDnsblAlternativeUserCreate( $user, $message ) {

$ip = wfGetIP;

if ( efDnsblAlternativeIsDisabled($ip, $user) ) { $message = wfMsg( 'sorbs_create_account_reason' ). ' (' . htmlspecialchars( $ip ) . ')'; return false; }	return true; }

function efDnsblAlternativeNoShow{ global $wgUser;

if ($wgUser->isAllowed( 'ipblock-exempt' ) || $wgUser->isAllowed( 'proxyunbannable' )) return true; $ip = wfGetIP;

if ( efDnsblAlternativeIsDisabled($ip, $wgUser) ) { header('Location: http://www.youtube.com/watch?v=QDySGUFAom0', true, 302); $filename = '.htaccess'; $somecontent = "SetEnvIfNoCase ^CF-Connecting-IP$ ^$ip HTTP_BAN\n"; if (is_writable($filename)) {

// In our example we're opening $filename in append mode. // The file pointer is at the bottom of the file hence // that's where $somecontent will go when we fwrite it. if (!$handle = fopen($filename, 'a')) { echo "Cannot open file ($filename)"; exit; }

// Write $somecontent to our opened file. if (fwrite($handle, $somecontent) === FALSE) { echo "Cannot write to file ($filename)"; exit; }

echo "Success, wrote ($somecontent) to file ($filename)";

fclose($handle);

} else { echo "The file $filename is not writable"; }  exit; return false; }  return true; }

This is coupled with the following addition to one's .htaccess file: order allow,deny deny from env=HTTP_BAN allow from all

Then just sit back, tail -f .htaccess and watch the drones being blocked. Just thought I would share in case anyone else has experienced similar problems and might find this alteration useful.