diff --git a/dnsbls_bypass.php b/dnsbls_bypass.php new file mode 100644 index 00000000..a37f1ca0 --- /dev/null +++ b/dnsbls_bypass.php @@ -0,0 +1,45 @@ + array('8.8.8.8'))); +$result = $dns->query(RECAPTCHA_VERIFY_SERVER, "A"); +if ($result and $result->answer[0]) { + $RECAPTCHA_VERIFY_SERVER_IP = $result->answer[0]->address; +} else { + $RECAPTCHA_VERIFY_SERVER_IP = RECAPTCHA_VERIFY_SERVER; +} + +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + $ayah_html = recaptcha_get_html($config['recaptcha_public'], NULL, TRUE); + $body = Element("8chan/dnsbls.html", array("config" => $config, "ayah_html" => $ayah_html)); + + echo Element("page.html", array("config" => $config, "body" => $body, "title" => _("Bypass DNSBL"), "subtitle" => _("Post even if blocked"))); +} else { + $score = recaptcha_check_answer($config['recaptcha_private'], + $_SERVER["REMOTE_ADDR"], + $_POST["recaptcha_challenge_field"], + $_POST["recaptcha_response_field"], + array(), + $RECAPTCHA_VERIFY_SERVER_IP); + + if ($score->is_valid) { + $tor = checkDNSBL($_SERVER['REMOTE_ADDR']); + if (!$tor) { + $query = prepare('INSERT INTO ``dnsbl_bypass`` VALUES(:ip, NOW()) ON DUPLICATE KEY UPDATE `created`=NOW()'); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->execute() or error(db_error($query)); + } else { + $cookie = bin2hex(openssl_random_pseudo_bytes(16)); + $query = prepare('INSERT INTO ``tor_cookies`` VALUES(:cookie, NOW(), 0)'); + $query->bindValue(':cookie', $cookie); + $query->execute() or error(db_error($query)); + setcookie("tor", $cookie); + } + echo Element("page.html", array("config" => $config, "body" => '', "title" => _("Success!"), "subtitle" => _("You may now go back and make your post."))); + } else { + error(_('You failed the CAPTCHA') . _('. Try again. If it\'s not working, email admin@8chan.co for support.')); + } +} diff --git a/install.sql b/install.sql index 9a03736f..396a1ca9 100644 --- a/install.sql +++ b/install.sql @@ -331,6 +331,31 @@ CREATE TABLE `board_tags` ( PRIMARY KEY (`id`) ); +-- -------------------------------------------------------- + +-- +-- Table structure for table `tor_cookies` +-- + +CREATE TABLE `tor_cookies` ( + `cookie` varchar(255) NOT NULL, + `created` datetime NOT NULL, + `uses` tinyint(3) unsigned DEFAULT '0', + PRIMARY KEY (`cookie`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 + +-- -------------------------------------------------------- + +-- +-- Table structure for table `dnsbl_bypass` +-- + +CREATE TABLE `dnsbl_bypass` ( + `ip` varchar(255) NOT NULL, + `created` datetime DEFAULT NULL, + PRIMARY KEY (`ip`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 + /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; diff --git a/post.php b/post.php index b7661ef3..f54232b9 100644 --- a/post.php +++ b/post.php @@ -395,8 +395,14 @@ elseif (isset($_POST['post'])) { $post['password'] = $_POST['password']; $post['has_file'] = (!isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || !empty($_FILES['file']['name']))); - if ($post['has_file']) - checkDNSBL(); + // Handle our Tor users + $tor = checkDNSBL(); + if ($tor && !(isset($_SERVER['HTTP_X_TOR'], $_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] == '127.0.0.2' && $_SERVER['HTTP_X_TOR'] = 'true')) + error('To post on 8chan over Tor, you must use the hidden service for security reasons. You can find it at http://fullchan4jtta4sx.onion.'); + if ($tor && $post['has_file']) + error('Sorry. Tor users can\'t upload files.'); + if ($tor && !$config['tor_posting']) + error('Sorry. The owner of this board has decided not to allow Tor posters for some reason...'); if (!($post['has_file'] || isset($post['embed'])) || (($post['op'] && $config['force_body_op']) || (!$post['op'] && $config['force_body']))) { // http://stackoverflow.com/a/4167053 diff --git a/templates/8chan/dnsbls.html b/templates/8chan/dnsbls.html new file mode 100644 index 00000000..49c54efc --- /dev/null +++ b/templates/8chan/dnsbls.html @@ -0,0 +1,9 @@ +
+

{% trans %}Your IP is listed in our DNSBL. To stop attackers, we require users who use certain IP ranges to pass a test which proves they are human every 24 hours.{% endtrans %}

+ +

{% trans %}It is also possible that the site is currently under attack and we are requiring everyone to pass the test right now. Sorry for the inconvenience.{% endtrans %}

+ +{{ ayah_html|raw }} + + +
diff --git a/templates/mod/ban_form.html b/templates/mod/ban_form.html index bf91594e..18ec851e 100644 --- a/templates/mod/ban_form.html +++ b/templates/mod/ban_form.html @@ -12,6 +12,9 @@ {% if post and board %} {% endif %} + {% if tor %} +

Warning! This IP is a Tor exit node. Tor is a global network that allows for truly anonymous posting by obfuscating the user's real IP address. Please do not ban it, all bans on Tor exit nodes are globally undone every week. On 8chan, Tor users are allowed to post five times per CAPTCHA they complete, and image uploads are not allowed. If the global restrictions on Tor users are not enough and you would really like to stop Tor users, there is a setting in your board options. Please think carefully before enabling it.

+ {% endif %} diff --git a/templates/post/poster_id.html b/templates/post/poster_id.html index 1624b91c..75a9c1ee 100644 --- a/templates/post/poster_id.html +++ b/templates/post/poster_id.html @@ -1,5 +1,7 @@ {% if config.poster_ids or (mod|hasPermission(config.mod.show_ip_less, board.uri)) %} - {% if post.thread %} + {% if post.ip == '127.0.0.2' %} + 000000 + {% elseif post.thread %} {{ poster_id(post.ip, post.thread, board.uri) }} {% else %} {{ poster_id(post.ip, post.id, board.uri) }}