I have found this plugin very useful in combatting malicious users on my mediawiki installation. Recently, however, a particularly pernicious troll has engaged in DDoS attacks against my server. As most of these were GET floods, and no attempt to edit or create an account was made, there was little the plugin could do to help despite the majority of the drones being used being listed in my DNSBLs. So, I edited the plugin as follows:
<?php
/**
* SpamDnsblAlternative extension
*
* @file
* @ingroup Extensions
*
* This file contains the main include file for the SpamDnsblAlternative extension of
* MediaWiki.
*
* Usage: Add the following line in LocalSettings.php:
* require_once( "$IP/extensions/SpamDnsblAlternative/SpamDnsblAlternative.php" );
*
* @author Simon Litt <slsoft@bk.ru>
* @copyright Copyright © 2011, Simon Litt
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License 2.0 or later
* @version 1.0.0
*/
if(!defined('MEDIAWIKI')) {
echo( "This is an extension to the MediaWiki package and cannot be run standalone.\n" );
die(1);
}
// Credits
$wgExtensionCredits['other'][] = array(
'path' => __FILE__,
'version' => '1.0.0',
'name' => 'Spam DNS Blacklist Alternative ',
'author' => array( 'Simon Litt' ),
'url' => 'http://www.mediawiki.org/wiki/Extension:SpamDnsblAlternative',
'description' => 'Provides DNS-based Blacklist techniques to protect against spam.',
);
$wgHooks['EditPage::attemptSave'][] = 'efDnsblAlternativeEdit';
$wgHooks['AbortNewAccount'][] = 'efDnsblAlternativeUserCreate';
$wgHooks['BeforePageDisplay'][] = 'efDnsblAlternativeNoShow';
function efDnsblAlternativeIsDisabled( $ip, $user ) {
global $wgEnableDnsBlacklist, $wgDnsBlacklistUrls, $wgProxyWhitelist;
if ( $wgEnableDnsBlacklist || in_array( $ip, $wgProxyWhitelist ) )
return false;
wfDebug( __METHOD__.": checking user ip...\n" );
if ($user->inDnsBlacklist( $ip, $wgDnsBlacklistUrls )) {
return true;
}
return false;
}
function efDnsblAlternativeEdit( $editpage ) {
global $wgUser;
if ($wgUser->isAllowed( 'ipblock-exempt' ) || $wgUser->isAllowed( 'proxyunbannable' ))
return true;
$ip = wfGetIP();
if ( efDnsblAlternativeIsDisabled($ip, $wgUser) ) {
$editpage->spamPageWithContent();
return false;
}
return true;
}
function efDnsblAlternativeUserCreate( $user, $message ) {
$ip = wfGetIP();
if ( efDnsblAlternativeIsDisabled($ip, $user) ) {
$message = wfMsg( 'sorbs_create_account_reason' ) . ' (' . htmlspecialchars( $ip ) . ')';
return false;
}
return true;
}
function efDnsblAlternativeNoShow(){
global $wgUser;
if ($wgUser->isAllowed( 'ipblock-exempt' ) || $wgUser->isAllowed( 'proxyunbannable' ))
return true;
$ip = wfGetIP();
if ( efDnsblAlternativeIsDisabled($ip, $wgUser) ) {
header('Location: http://www.youtube.com/watch?v=QDySGUFAom0', true, 302);
$filename = '.htaccess';
$somecontent = "SetEnvIfNoCase ^CF-Connecting-IP$ ^$ip HTTP_BAN\n";
if (is_writable($filename)) {
// In our example we're opening $filename in append mode.
// The file pointer is at the bottom of the file hence
// that's where $somecontent will go when we fwrite() it.
if (!$handle = fopen($filename, 'a')) {
echo "Cannot open file ($filename)";
exit;
}
// Write $somecontent to our opened file.
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
echo "Success, wrote ($somecontent) to file ($filename)";
fclose($handle);
} else {
echo "The file $filename is not writable";
}
exit;
return false;
}
return true;
}
This is coupled with the following addition to one's .htaccess file:
order allow,deny
deny from env=HTTP_BAN
allow from all
Then just sit back, tail -f .htaccess and watch the drones being blocked. Just thought I would share in case anyone else has experienced similar problems and might find this alteration useful.