/yakuza/ - site meta-discussion

>>1198
thank you thank you thank you

Won't work in the long run. The CP spammer will just look at this regex pattern that you've submitted to vichan publicly and figure out how to bypass it. Like I've already bypassed it in regex101.com just by adding a space in between. Or he'll just put the links in the images like he's done before.

The only ironclad solution is to block all VPNs at the firewall level (e.g. UFW, iptables). This list is accurate and regularly-updated.

https://github.com/X4BNet/lists_vpn/blob/main/output/datacenter/ipv4.txt

You would write a Python script that:

1. Downloads that text file locally (e.g. /opt/vichan/ipv4.txt).
2. If /opt/vichan/ipv4_old.txt exists, add every line to a set variable called "old_ranges" and add every line from ipv4.txt to another set called "new_ranges". Check to see if every range in "old_ranges" exists in "new_ranges", and for those match in "new_ranges" remove it from that set, and for those that don't exist in "new_ranges", add those ranges to a set variable called "to_be_deleted". Add the ranges from "new_ranges" to UFW or iptables via the correct corresponding external commands (subprocess etc.) and delete the ranges from "to_be_deleted" in UFW or iptables via the correct corresponding external commands. Delete ipv4_old.txt and rename ipv4.txt to ipv4_old.txt.
3. If /opt/vichan/ipv4_old.txt does not exist, add all the ranges from ipv4.txt to UFW or iptables via the correct corresponding external commands and then rename ipv4.txt to ipv4_old.txt.
Then you would have this Python script run as a yearly cron job.

I'm sure ChatGPT can do all of this easily within the snap of a finger, but I don't have a VM right now with vichan installed to actually test this (and verify what it does with UFW/iptables, etc.) and I'm too busy to deal with this any time soon.

In the meantime you should add this DNSBL's to your vichan config.php or instance-config.php if you haven't already, these have no false-positives and block Tor effectively.

$config['dnsbl'][] = 'rbl.efnetrbl.org';
$config['dnsbl'][] = 'dnsbl-1.uceprotect.net';
$config['dnsbl'][] = 'dnsbl.dronebl.org';
$config['dnsbl'][] = 'torexit.dan.me.uk';
$config['dnsbl'][] = 'dnsbl.tornevall.org';

>>1201
I don't think they are using VPNs, I think they are using a botnet of compromised computers. Blocking ranges would be useless. We are already using DNSBL.

They can only abstract a URL so far before it becomes unreadable. I will work around it as much as is necessary until no one could even read their URLs and their scheme is completely worthless. A war of attrition.

>>1203
>I don't think they are using VPNs, I think they are using a botnet of compromised computers.
I checked individually most of the IPs banned via https://networksdb.io/ip/[INSERT_IP] . They all belong to a data center. You can check for yourself with that link next time he spams. Packethub S.A, OVH and M247 Ltd are the most common. As well as basically all the ranges known to be used by all the ones used by NordVPN, ExpressVPN et al. So this spammer is not that sophisticated, he's using mainstream VPN services. We've already mostly eliminated his spamming just by range-banning because he's run out of ranges to use from his VPNs, I can see all the checkmark symbols on the ban list page where he's attempted to use a range-banned IP range again over the past months. I added a 16-bit rangeban button for the ban page (VICHAN_ROOT/templates/mod/ban_form.html) to make it easier for the mods to rangeban quicker instead of having to type *.* or 0.0/16 manually. Maybe not the most elegant since that's 65,535 IPs instead of the narrower ranges in that above ipv4.txt file, but we haven't had appeals complaining about false positives. Hence why I'm not bothering with that approach yet since the spam appears to be gone now (unless he's gone on vacation or something lol).

Button:

<input name="16bitrange" type="button" value="16-bit range" onclick="function t(){var i=document.getElementById('ip'),v=i.value,p=v.split('.');if(p.length>=3){i.value=p[0]+'.'+p[1]+'.*'}}t()">

In context, in ban_form.html:

<td>
	{% if not hide_ip %}
		<input type="text" name="ip" id="ip" size="20" maxlength="40" value="{{ ip|cloak_ip|e }}">
		<input name="16bitrange" type="button" value="16-bit range" onclick="function t(){var i=document.getElementById('ip'),v=i.value,p=v.split('.');if(p.length>=3){i.value=$
	{% else %}
		<em>{% trans 'hidden' %}</em>
	{% endif %}
</td>

>>1204
><
>>
These are angle brackets btw, not sure why your code tag is screwing it up.

>>1201
You can see how our strategy differs from a typical text pattern match in combination with other vichan features because we are matching spammer's endpoints, not his bait. Banned text in images is a long-ago solved problem by the vichan team. Make sure to update your software. Sei didn't.

>>1204
Would you be so kind and actually submit these changes to vichan directly, please? A dedicated range ban button (especially one with adjustable range size) would be awesome for all boards.

And while mass banning datacenters to deplete the adversary's resources is feasible (your observations match with mine, albeit I have seen posts from unmarked IPs in the Netherlands as well), it's a cat&mouse game as well and has a crossfire potential for the users that actually use such IPs legitimately such as me (e.g. those for whom this site is blocked by their ISP, country or big tech conglomerates) and would require even more human intervention in case of false positives. See >>1000 for more details.

>angle brackets
I think it's a bug where "htmlspecialchars" is performed post-wide, including code blocks. Will take a look if it's present in vanilla vichan as well.

PS: No need to sage, we love you and your posts <3

>>1206
sage is not a downvote.

>>1204
This is a neat little trick and some good info, though I'd like to see how my solution works before banning whole ranges, I will keep it up my sleeve. Thanks.

>>1206
I updated the software yesterday so that I could send my mod upstream. :v

If there is common text in the images we will get those. If it's shifting URLs, I will conjoin my unshortening solution with the OCR code and pipe extracted text through the new filter.

Hopefully it works in keeping out the pedosans but assuming they are sentient and not mechanotrons they may find a work around. I really don't get why they spam this stuff. Assuming they are commercial spammers, they can't be getting many customers from sites like these. What if we just hunt down the pedo spammers and kill them all? No man no spam.

Just checking how strict the IP filters are, non-maliciousy.

i don't think i have seen anything nasty since this!

almost two weeks without looking at cp! my psychiatrist will be in awe

>>1220
Tachibana-san :3

Sei's new anti-spam weapon seems to be working. Nice.