Hi & Hello everyone!
This is a small post about how to re-write an anti-DDoS function in your PunBB files that makes it almost impossible to run on a tor service.
The function checks whether or not a user with the same IP has registered within the last hour, and based on if that's the case, will make the user wait an hour before being able to register. Unfortunately, PunBB treats every of your visitors using tor (regardless of whether or not they are the same person) as a localhost user (127.0.0.1) which will make everyone wait for an hour. This might work on a PunBB forum that gets 1 registration per day but isn't really good practice.
Based on that small issue, PunBB has been tagged as non-compatible with the tor network. PunBB, being a great & lightweight & highly customizable alternative to other forum software would be a great asset for tor though. So, how do we change that issue?
Check your register.php and search for this part:
Simply remove that part of the code. Alternatively, you could change
to something like
(changing the waiting time from 1 hour to 15 seconds) but this is experimental and I have never tried it out. (Let me know if you tried it though, I'd be interested if that works or not =) ).
Hope you enjoyed that quick trick!
Happy Hacking
This is a small post about how to re-write an anti-DDoS function in your PunBB files that makes it almost impossible to run on a tor service.
The function checks whether or not a user with the same IP has registered within the last hour, and based on if that's the case, will make the user wait an hour before being able to register. Unfortunately, PunBB treats every of your visitors using tor (regardless of whether or not they are the same person) as a localhost user (127.0.0.1) which will make everyone wait for an hour. This might work on a PunBB forum that gets 1 registration per day but isn't really good practice.
Based on that small issue, PunBB has been tagged as non-compatible with the tor network. PunBB, being a great & lightweight & highly customizable alternative to other forum software would be a great asset for tor though. So, how do we change that issue?
Check your register.php and search for this part:
Code:
// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
$result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.$db->escape(get_remote_address()).'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->has_rows($result))
message($lang_register['Registration flood']);
$username = pun_trim($_POST['req_user']);
$email1 = strtolower(pun_trim($_POST['req_email1']));
if ($pun_config['o_regs_verify'] == '1')
{
$email2 = strtolower(pun_trim($_POST['req_email2']));
$password1 = random_pass(12);
$password2 = $password1;
}
else
{
$password1 = pun_trim($_POST['req_password1']);
$password2 = pun_trim($_POST['req_password2']);
}
Code:
$result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.$db->escape(get_remote_address()).'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());(changing the waiting time from 1 hour to 15 seconds) but this is experimental and I have never tried it out. (Let me know if you tried it though, I'd be interested if that works or not =) ).
Hope you enjoyed that quick trick!
Happy Hacking