mark: A photo of Mark kneeling on top of the Taal Volcano in the Philippines. It was a long hike. (Default)
Mark Smith ([staff profile] mark) wrote in [site community profile] changelog2009-08-10 02:08 am
  • Add Memory
  • Share This Entry

[dw-free] Create a new ban type for persistent spammers

[commit: http://hg.dwscoalition.org/dw-free/rev/11050b94baf5]

http://bugs.dwscoalition.org/show_bug.cgi?id=1317

Add ability to ban an IP so the user must log in to use the site for extreme
cases of anonymous/logged out issues.

Patch by [personal profile] afuna.

Files modified:
  • cgi-bin/Apache/LiveJournal.pm
  • cgi-bin/sysban.pl
  • etc/config.pl
  • htdocs/admin/sysban.bml
--------------------------------------------------------------------------------
diff -r 4060651ad41a -r 11050b94baf5 cgi-bin/Apache/LiveJournal.pm
--- a/cgi-bin/Apache/LiveJournal.pm	Mon Aug 10 01:53:23 2009 +0000
+++ b/cgi-bin/Apache/LiveJournal.pm	Mon Aug 10 02:08:28 2009 +0000
@@ -233,6 +233,29 @@ sub blocked_bot
     return OK;
 }
 
+sub blocked_anon
+{
+    my $r = shift;
+    $r->status_line( "403 Denied" );
+    $r->content_type( "text/html" );
+
+    my $subject = $LJ::BLOCKED_ANON_SUBJECT || "403 Denied";
+    my $message = $LJ::BLOCKED_ANON_MESSAGE;
+
+    unless ( $message ) {
+        $message = "You don't have permission to access $LJ::SITENAME. Please first <a href='$LJ::SITEROOT/login.bml?usescheme=lynx'>log in</a>.";
+
+        if ( $LJ::BLOCKED_ANON_URI ) {
+            $message .= " <a href='$LJ::BLOCKED_ANON_URI'>Why can't I access the site without logging in?</a>";
+        }
+    }
+
+    $r->print( "<html><head><title>$subject</title></head><body>" );
+    $r->print( "<h1>$subject</h1> $message" );
+    $r->print( "</body></html>" );
+    return OK;
+}
+
 sub trans
 {
     my $r = shift;
@@ -378,7 +401,28 @@ sub trans
         }
     }
 
-    # check for sysbans on ip address
+    # block on IP address for anonymous users but allow users to log in,
+    # and logged in users to go through
+    
+    # we're not logged in, and we're not in the middle of logging in
+    unless ( LJ::get_remote() || LJ::remote_bounce_url() ) {
+        # blocked anon uri contains more information for the user
+        # re: why they're banned, and what they should do
+        unless ( ( $LJ::BLOCKED_ANON_URI && index( $uri, $LJ::BLOCKED_ANON_URI ) == 0 )
+                # allow the user to go through login and subdomain cookie checking paths
+                || $uri =~ m!^(?:/login|/__setdomsess|/misc/get_domain_session)!) {
+
+            foreach my $ip (@req_hosts) {
+                if ( LJ::sysban_check( 'noanon_ip', $ip ) ) {
+                    $r->handler( "perl-script" );
+                    $r->push_handlers( PerlResponseHandler => \&blocked_anon );
+                    return OK;
+                }
+            }
+        }
+    }
+
+    # check for sysbans on ip address, and block the ip address completely
     unless ( $LJ::BLOCKED_BOT_URI && index( $uri, $LJ::BLOCKED_BOT_URI ) == 0 ) {
         foreach my $ip (@req_hosts) {
             if ( LJ::sysban_check( 'ip', $ip ) ) {
diff -r 4060651ad41a -r 11050b94baf5 cgi-bin/sysban.pl
--- a/cgi-bin/sysban.pl	Mon Aug 10 01:53:23 2009 +0000
+++ b/cgi-bin/sysban.pl	Mon Aug 10 02:08:28 2009 +0000
@@ -436,6 +436,7 @@ sub sysban_validate {
                'talk_ip_test' => 'ip',
                'invite_user' => 'user',
                'invite_email' => 'email',
+               'noanon_ip' => 'ip',
                );
 
     while (my ($new, $existing) = splice(@map, 0, 2)) {
diff -r 4060651ad41a -r 11050b94baf5 etc/config.pl
--- a/etc/config.pl	Mon Aug 10 01:53:23 2009 +0000
+++ b/etc/config.pl	Mon Aug 10 02:08:28 2009 +0000
@@ -868,6 +868,10 @@
 
     # enable contextual hover
     $CTX_POPUP = 1;
+
+    # page that 'noanon_ip' sysbanned users can access to get more information
+    # on why they're banned
+    # $BLOCKED_ANON_URI = '';
 }
 
 1;
diff -r 4060651ad41a -r 11050b94baf5 htdocs/admin/sysban.bml
--- a/htdocs/admin/sysban.bml	Mon Aug 10 01:53:23 2009 +0000
+++ b/htdocs/admin/sysban.bml	Mon Aug 10 02:08:28 2009 +0000
@@ -33,7 +33,7 @@ body<=
     my @all_sb_args = qw( ip uniq email email_domain user pay_cc 
                           pay_user pay_email pay_uniq support_user 
                           support_uniq lostpassword  talk_ip_test 
-                          invite_user invite_email );
+                          invite_user invite_email noanon_ip );
 
     my $remote = LJ::get_remote();
     return "<?needlogin?>" unless $remote;
--------------------------------------------------------------------------------
  • Add Memory
  • Share This Entry
(0 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.