[XTR] IP Threat Monitor

[XTR] IP Threat Monitor 1.0.5

No permission to buy ($30.00)
Overview FAQ Updates (5) History Discussion

1.0.5

New
  • Added "VPN Check Mode" option with 3 modes: Aggressive, Moderate, and First Visit
  • Moderate mode allows balanced API usage while maintaining security
  • First Visit mode provides proactive VPN detection for high-security sites
Fixed
  • Fixed IPv6 address validation error ("String offset cast occurred")
  • Cloudflare IPv6 addresses are now properly checked against IP ranges
Improved
  • Test Configuration page now includes VPN detection status
  • Test Configuration shows VPN Check Mode with API usage warnings
  • Added recommendation when "First Visit" mode uses high API quota
This update introduces a new "VPN Check Mode" setting that gives you control over when VPN/Proxy checks are performed. You can now choose between minimal API usage (Aggressive), balanced approach (Moderate - recommended), or maximum protection (First Visit).

An important bug fix resolves an error that occurred when checking IPv6 addresses such as Cloudflare IPs.

1.0.4

Fixed
Critical Performance Fix: VPN/Proxy API check no longer runs on every HTTP request
API Quota Exhaustion: System now gracefully handles ProxyCheck.io quota limits without hammering the API
Auto-Ban in Captcha Modes: Fixed issue where Auto-Ban rules were not working when protection mode was set to "Captcha (Soft)" or "Captcha (Hard)"

Changed
  • VPN check now only executes when an IP exceeds the rate limit threshold
  • API errors are now cached for 1 hour to prevent repeated failed calls
  • API quota exhaustion triggers a 1-hour cooldown instead of continuous retries
  • Consecutive API errors (5 within 5 minutes) trigger a 30-minute API cooldown
  • Auto-Ban now works in all protection modes, not just "Block Only"
Improved
  • Reduced API calls by 90-99% for typical forum traffic
  • Added global API health monitoring
  • Better error handling with three-state cache (VPN/safe/pending)

This release focuses on performance optimization and bug fixes related to the VPN/Proxy detection feature. Users experiencing high API usage with ProxyCheck.io will see a dramatic reduction in API calls.

Key Highlights
Performance Optimization
The VPN/Proxy detection system has been completely rearchitected for efficiency:
  • Before: API was called on every HTTP request for every unique IP
  • After: API is only called when an IP actually exceeds the rate limit threshold
This change reduces API usage by 90-99% for typical forum traffic, making the free ProxyCheck.io tier (1,000 requests/day) viable for most forums.
Improved Error Handling
The system now intelligently handles API failures:
  • Individual IP errors are cached for 1 hour
  • Global quota exhaustion triggers a 1-hour cooldown
  • 5 consecutive errors within 5 minutes triggers a 30-minute cooldown
  • Your forum continues to work normally even when the API is unavailable
Auto-Ban Fix
Fixed a critical issue where the Auto-Ban feature was not working when using Captcha protection modes. Now, repeated violators will be permanently blacklisted regardless of which protection mode you use.

1.0.3

[NEW] Bot IP Range Detection
  • Added primary bot detection using official IP ranges (Google, Bing, Yandex, Baidu, DuckDuckBot)
  • Instant bot verification without DNS lookup overhead
  • 99% coverage of legitimate search engine traffic
  • New BotIPRanges service with CIDR matching support
[IMPROVED] Multi-Layer Bot Protection
  • 3-tier bot detection: IP Range → User-Agent → rDNS
  • Bot rDNS Verification remains as secondary protection layer
  • Reduced false positives for legitimate crawlers
  • Enhanced SEO safety with faster bot recognition
[NEW] Admin Tools
  • Added "Bot IP Range Detection" test in Test Configuration page
  • Added "Bot rDNS Verification" test with clear recommendations
  • New CLI command: xentr:ipt:clear-blacklist (remove blacklisted IPs)
  • New CLI command: xentr:ipt:analyze-bots (analyze bot detection)
[ENHANCED] Performance & Reliability
  • IP range checks are instant (no DNS latency)
  • Reduced server load with cached IP range matching
  • Better handling of new bot IP addresses
  • Improved error handling in bot verification
This major update introduces a revolutionary 3-tier bot detection system that protects your SEO while blocking malicious traffic.

KEY HIGHLIGHTS:

INSTANT BOT DETECTION
No more waiting for DNS lookups! Bot IP Range Detection instantly recognizes legitimate search engine crawlers using their official IP ranges. This means:
  • Zero DNS overhead
  • 99% faster bot recognition
  • No more false positives from DNS timeouts
TRIPLE-LAYER PROTECTION
Our new system checks bots in 3 ways:
  1. IP Range (primary - instant)
  2. User-Agent (fast)
  3. rDNS Verification (secondary - for unknown IPs)
SEO BULLETPROOF
  • Google, Bing, Yandex bots are NEVER blocked
  • DNS issues won't affect your SEO anymore
  • Comprehensive coverage of all major search engines
SMART & EFFICIENT
  • Cached IP range matching for blazing-fast performance
  • Reduced server load
  • Better handling of new crawler IPs
ADMIN-FRIENDLY
  • New diagnostic tests in Test Configuration
  • Clear recommendations for optimal setup
  • CLI tools for bulk operations

1.0.2

Fixed: Duplicate entry database errors
  • Resolved race condition issues in blacklistIP(), blockIP(), and trustIP() methods
  • Improved concurrent request handling with proper error recovery
  • Enhanced database integrity with unique constraint protection
Fixed: PHP 8+ compatibility warnings
  • Eliminated string offset cast warnings in IPv6 CIDR validation
  • Added proper bounds checking for binary string operations
  • Updated CloudflareIPs and RateLimiter services
Code Quality Improvements
  • Enhanced error handling with try-catch blocks
  • Improved entity creation logic to prevent duplicate entries
  • Optimized performance by reducing unnecessary database operations
This critical update fixes severe production errors that were causing database exceptions and PHP warnings on live servers.

What's Fixed:
  • MySQL duplicate entry errors for IP addresses (Error 1062)
  • PHP 8+ string offset cast warnings in Cloudflare IP validation
  • Race condition handling for concurrent requests
  • IPv6 CIDR range validation accuracy
Impact:
These fixes eliminate all server error log entries related to IP Threat Monitor, ensuring smooth operation on production environments.

1.0.1

  • [New] Added "Enable Bot rDNS Verification" option to validate search engine bots via reverse DNS lookup and prevent User-Agent spoofing.
  • [Improvement] Enhanced logic for "Block Only (No Captcha)"mode:
    • Initial threshold breach triggers a standard 429 Too Many Requests response.
    • Persistent attacks after the 429 warning now result in a permanent 403 Forbidden ban.
This update introduces critical security enhancements to the bot verification process and improves the blocking logic for aggressive requesters.

New Feature: Bot rDNS Verification We have added a new security layer to prevent User-Agent spoofing. The "Enable Bot rDNS Verification" option ensures that visitors claiming to be major search engine bots (Googlebot, Bingbot, Yandex, etc.) are legitimate.
  • How it works: It performs a Reverse DNS (rDNS) lookup to verify the hostname.
  • Why it matters: Attackers often spoof User-Agent headers (e.g., pretending to be "Googlebot") to bypass rate limiting. This feature blocks those attempts effectively.
Back
Top Bottom