Check existing user access rules before black- or white-listing [#568306]

I have a pernicious user who keeps visiting and creating dummy accounts on my site. Mostly he comes from blacklisted IPs, so no problem there. However, he occasionally comes from an IP not listed in Project Honey Pot (PHP). I have manually created an access rule to deny access to this host. However, this rule keeps on getting deleted, and the user keeps showing up in my logs! I can only think that http:BL is whitelisting him because he's not listed by PHP, and this is overriding or deleting my own access rule.

Comments

Comment #1

praseodym CreditAttribution: praseodym commented 6 September 2009 at 20:33

Assigned:	Unassigned	» praseodym
Category:	feature	» bug

I think that's an oversight in hook_cron(); it simply clears up everything in access table that's also in the httpbl-table (regardless if the rule was originally from http:BL).

Comment #2

praseodym CreditAttribution: praseodym commented 6 September 2009 at 20:48

Status:

Active

» Fixed

Fix is committed, please re-open if the issue is not solved.

Comment #3

bryrock CreditAttribution: bryrock commented 7 September 2009 at 17:40

I noticed today that my http error logs are full of errors like the one below, and it looks like it is related to this item.

[Mon Sep 07 11:42:18 2009] [error] [client 66.249.67.153] PHP Notice: Undefined index: httpbl_status in /home/winewords/public_html/sites/all/modules/httpbl/httpbl.module on line 679

Comment #4

praseodym CreditAttribution: praseodym commented 7 September 2009 at 17:47

I don't think that's a 'hard' error. Please try replacing line 679 by the following line to see if it makes the errors disappear.
return (isset($_SESSION['httpbl_status']) && $_SESSION['httpbl_status'] == 'white') || (db_result(db_query_range("SELECT status FROM {access} WHERE type = 'host' AND LOWER('%s') LIKE LOWER(mask) ORDER BY status DESC", $ip, 0, 1)) == '1');