Geoblock Registration

Geoblock Registration 1.2.2

No permission to download
Overview FAQ Updates (5) Reviews (5) History Discussion
Hello.
I encountered an odd issue today. Got a moderation warning about a user, which wondered me.
1738594192664.webp

So it says "ip country was neither allowed nor denied" which means "not present". However this is in my blocking list:
AL, AM, AR, AZ, BA, BG, BR, BY, CA, CN, DZ, EE, EG, etc.

Brazil is BR.
Then I checked the IP:
Hostname: 181.215.16.38
ASN: 61317
ISP:IPXO
Services: Datacenter
Country: Brazil
Click to expand...
So did I do something wrong or why was this not recognized as Brazil?

P.s. I didn't bother to mask ip or mail address since it's a spammer anyway.
 
Black Tiger said:
Hello.
I encountered an odd issue today. Got a moderation warning about a user, which wondered me.
View attachment 318486

So it says "ip country was neither allowed nor denied" which means "not present". However this is in my blocking list:
AL, AM, AR, AZ, BA, BG, BR, BY, CA, CN, DZ, EE, EG, etc.

Brazil is BR.
Then I checked the IP:

So did I do something wrong or why was this not recognized as Brazil?

P.s. I didn't bother to mask ip or mail address since it's a spammer anyway.
Click to expand...

This is a case where the IP address has likely recently been re-assigned to a new provider and so GeoIP databases haven't been updated yet.

We're using Maxmind's database, which believes the IP address in question is used by a business in the UAE - which is why it doesn't detect it as Brazil or any other country in your block list.

GeoIP web services demo | MaxMind

Demo MaxMind’s GeoIP web services by entering up to 25 IP addresses. Instantly access IP geolocation data from our most accurate API solution.
www.maxmind.com

1738611531674.webp

There is a "Submit a data correction" button on that page which it might be worth using to prompt Maxmind to update this address.

It's rare that this happens - but IP address blocks do get reassigned fairly regularly, so it is quite likely to happen at some point.
 
Alvin63 said:
Does this still work if you use Cloudflare please?
Click to expand...

Yes, I use Cloudflare and it works.

You do need to make sure that your web server is passing on the real IP address to XF and not just the Cloudflare IP addresses - XF should do that automatically, but you can also configure that at the web server level.
 
Sim said:
Yes, I use Cloudflare and it works.

You do need to make sure that your web server is passing on the real IP address to XF and not just the Cloudflare IP addresses - XF should do that automatically, but you can also configure that at the web server level.
Click to expand...
Following on from this - where would I check that please? Within Cloudflare or within Xenforo?

Also I'm not quite clear about the Maxmind integration. Is there a need to create an account there, obtain a key and then enter it in your addon?
 
Alvin63 said:
Following on from this - where would I check that please? Within Cloudflare or within Xenforo?

Also I'm not quite clear about the Maxmind integration. Is there a need to create an account there, obtain a key and then enter it in your addon?
Click to expand...

Have a look in XenForo at the current visitors to your site - look at the IP addresses being reported - if they are not cloudflare addresses, then you're good. If everyone is from cloudflare - further configuration is required.

Yes you'll require a Maxmind account to use the Geoblock registration functionality - the addon automatically downloads the latest database from Maxmind via cron task, which requires an account.

Register for an account and obtain a license key to download GeoLite2 databases:

 
This might sound dumb but how can I tell if they're Cloudflare addresses? :-) I can see some IP's next to guests and it just gives an IP address when clicked on. Although a google one says ip address googlebot.com.

Also when registering for Maxmind there;s an option to opt out for "Please do not sell data associated with my IP address". Assume that's a good idea to opt for? I've done the limited opt-out.
 
Last edited:
Ok so IP's between 100 and 198 are cloudflare IP's is that right? I have "guests" viewing at the moment - most seem to be in that range, except google bot which is 66. So assume those are Cloudflare IP's then?
 
Alvin63 said:
Ok so IP's between 100 and 198 are cloudflare IP's is that right?
Click to expand...

Not exactly - those are IP ranges, not every address starting with 103 is a Cloudflare address.

You need to use an IPv4 calculator to tell you exactly which addresses are in the range - for example:

mxtoolbox.com

Subnet Calculator - CIDR - IP ADDRESS CALCULATOR - MxToolbox

mxtoolbox.com mxtoolbox.com

Enter 103.21.244.0/22 (from the Cloudflare page I linked to) and his calculate, it will tell you that the CIDR IP Range is: 103.21.244.0 - 103.21.247.255 ... meaning that if you have someone visiting using an address between those two addresses, it's coming from Cloudflare and is not their real IP. You then need to do that with all of the other ranges.

However, it's probably easier to just copy and paste the IP addresses you actually have into a site like:


... indeed if you just add the IP address to the end of the URL as such: https://whatismyipaddress.com/ip/49.237.40.74 ... it will tell you where that address is located and who controls it.
 
Don't know if anyone encountered this too, but this popped up on our board regarding this add-on v1.2.2:

1772275965550.webp

Maybe something to look into :)
 
Cyberkef said:
Don't know if anyone encountered this too, but this popped up on our board regarding this add-on v1.2.2:

View attachment 334494

Maybe something to look into :)
Click to expand...

That's a pretty simplistic system when it can't even tell the difference between a composer "require" and a "require-dev" :rolleyes:

phpunit is not a part of the Geoblock addon - it's used in my development code for testing and then removed when the addon is built.

Nobody should ever be using phpunit on a production site.

You can ignore that alert - it is meaningless and irrelevant to the Geoblock addon. You'll likely get the same alert on most of my addons because they all use phpunit for development testing - but none of them will ship with phpunit in the addon itself.
 
Thanks for your fast (but maybe a bit unnecessary snarky) reply :)

Dependabot (and many others with similar functionality) are a godsend to keep an eye on dependencies, even if the composer dev requirements are not actively used in this specific XenForo add-on (it is mentioned in the PHP lock file, it is not wrong about that). And I would rather dismiss this as a false positive (which I can do safely now) than have it escape any attention at all.
In your tuturial you mention that your build.json file contains the extra --no-dev flag, and I have a very unrealistic wish that all other developers are as smart to remember this non-default flag too for their add-ons, even more now with all the vibe coding going on.

I also did not mean this as some sort of attack against you nor this add-on. The functionality of this (free!) add-on should be build into XenForo for all I care, the amount of spammers/abusers this blocks is just onreal.

Cheers
 
Cyberkef said:
I also did not mean this as some sort of attack against you
Click to expand...
Well, honestly it reads just like that - especially your reply. It rather sounds like you used a tool in a way it is not intended to be used and then blindly reacted to it's output w/o understanding what that output means or checking if it would be valid or make sense at all on the codebase you put into it. Just to finally explain to the dev after him explaining your error why he is wrong in what he is doing and you are still right. :rolleyes:
 
  • Like
Reactions: Sim
Then you are misinterpreting my defence against the unneeded attack to "a pretty simplistic system", because that did its job correctly. It did flag a generally valid concern, because when someone installs a composer.lock file without adding the optional --no-dev flag, it will also install a potentially harmful piece of software.

However, in this specific setup it does not - which i did not know at that time and therefor asked to look into - and was quickly countered by Sim who clearly knows what he is doing... Something that I can not say of other people, and therefor I am glad guardrails like Dependabot do exist.

English is not my main language and I refuse to let things like ChatGPT go over it to sense any form of attack level, so if I came across too aggressive on the eyeroll reply, then I excuse myself for that.
 
Cyberkef said:
Thanks for your fast (but maybe a bit unnecessary snarky) reply :)
Click to expand...

You posted the output of some tool without understanding the nature of the issue or first checking for youself that the problem actually exists. I thought my response was pretty measured actually and I was happy to leave it at that.

Cyberkef said:
(it is mentioned in the PHP lock file, it is not wrong about that)
Click to expand...

Of course it is mentioned - but not everything listed in composer.lock is included in the release package because that's not how composer works. As I said - it is meaningless in the context of a production-ready XenForo addon unless you first check what is actually included in the release package. It took me all of 30 seconds to verify the non-existence of phpunit in my addon my downloading it and checking the vendor directory. You could have done the same.

Cyberkef said:
Then you are misinterpreting my defence against the unneeded attack to "a pretty simplistic system", because that did its job correctly. It did flag a generally valid concern, because when someone installs a composer.lock file without adding the optional --no-dev flag, it will also install a potentially harmful piece of software.
Click to expand...

But it is a simplistic system - it is not designed to check XenForo addons for vulnerabilities, it is a developer tool for checking your own codebase - and you posted without understanding what it was telling you.

Even if someone's addon did ship with phpunit installed - it likely wouldn't cause an exploitable vulerability. If you read the description of the vulnerability, it specifically mentions that when deserializing code coverage files, it could do so in a way that allows remote code execution if malicious .coverage files are present. But to be able to exploit this you need to have CLI access to the server to execute phpunit - which would require an attacker to have already compromised your server. Phpunit is not something that would ever get executed on a XenForo forum by users accessing the site and interacting with the addon - that's not how it works.

Addons should not be shipping with phpunit - but even if they do, I doubt that there is any risk to a XenForo forum because of the very specific nature of the vulnerability mentioned.

Cyberkef said:
However, in this specific setup it does not - which i did not know at that time and therefor asked to look into - and was quickly countered by Sim who clearly knows what he is doing... Something that I can not say of other people, and therefor I am glad guardrails like Dependabot do exist.
Click to expand...

Perhaps before posting, make sure you understand the details - including what the vulnerability actually means and whether it likely applies.

If you don't understand the details - but are still concerned about the nature of the vulnerability, perhaps post explaining that you aren't sure whether it applies and then accept the reponse from the developer when they educate you about why it doesn't.
 
You must log in or register to reply here.

Similar threads

GW2
  • Locked
Add-on Is a change needed to Geoblock Registrations 1.1.2 add-on?
Replies
1
Views
202
Paul B
P
Snog
[OzzModz] Country Registration Ban
2 3 4
Replies
67
Views
5K
JackieChun
JackieChun
Sim
GeoIP + GDPR Geoblocking [Deleted]
Replies
13
Views
2K
Sim
Sim
Stuart Wright
  • Suggestion Suggestion
Anti-spam registration moderation filter by country
Replies
5
Views
2K
mrGTB
mrGTB
Back
Top Bottom