Last modified: 2006-12-27 23:54:32 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 8401 - false-positives on SORBS DNSBL when editing MW1.9 pages from dynamic IP's
false-positives on SORBS DNSBL when editing MW1.9 pages from dynamic IP's
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Page editing (Other open bugs)
1.9.x
PC Linux
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 8402 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-27 17:21 UTC by Carl Austin Bennett
Modified: 2006-12-27 23:54 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Carl Austin Bennett 2006-12-27 17:21:34 UTC
User blocked: Your user account or IP address have been blocked by SORBS DNSBL;
IP is listed as an SORBS DNSBL open proxy. You may contact SORBS DNSBL or one of
the other administrators... your IP address is 66.102.74.xxx...

Server configuration is: 
 MW1.9-svn (current as of yesterday), recently upgraded from MW1.8alpha
 one standalone dedicated server, Fedora5, using both memcached and squid on
same localhost (127.0.0.1)
 Apache's bound to 127.0.0.1:80, Squid is bound to :80 on one of the
datacentre's external static IP's

So, enable SORBS on MW1.9 and suddenly it won't let me edit any page from my
dynamic IP address.

This is happening only on wikis that I've upgraded to MW1.9alpha and then only
if I try to edit any page on these sites from a dynamic IP connection (PPPoE in
my case). It broke as soon as I upgraded to 1.9

If I edit by running lynx on a shell account on the server, everything works
fine and any edit appears in recentchanges as the server's external static IP. 

It just doesn't want to let me edit from a dynamic IP.

Turning off $wgEnableSorbs makes the error go away, evidently.

I'd tried looking up my own address on SORBS' site and it reports the block as a
dynamic IP range (ADSL or dialup) but not as anything else particularly nasty.
And no, I'm not seeing this on MW1.8, just on the new upgrade.
Comment 1 Carl Austin Bennett 2006-12-27 18:40:02 UTC
*** Bug 8402 has been marked as a duplicate of this bug. ***
Comment 2 Brion Vibber 2006-12-27 18:47:10 UTC
I don't get any matches testing with a few random IPs in the range you gave.

Please give an exact IP address to test.
Comment 3 Carl Austin Bennett 2006-12-27 20:35:59 UTC
My current IP is (client) 66.102.73.140 

I can edit unless $wgEnableSorbs = true; is present, using today's MW 1.9 SVN
version.
Comment 4 Tim Starling 2006-12-27 20:43:26 UTC
SORBS has many false positives, probably more than the number of true positives.
You shouldn't use it unless you don't mind blocking those people. This is not a
bug in MediaWiki, it is either a configuration problem on your wiki (i.e. the
fact that you have SORBS enabled), or a problem with the SORBS delisting policy,
depending on the way you look at it. Please address complaints about SORBS
itself to http://www.sorbs.net/ .
Comment 5 Carl Austin Bennett 2006-12-27 20:52:50 UTC
SORBS lookup directly on the http://www.sorbs.net website claims that this
address is not an open proxy.
Comment 6 Brion Vibber 2006-12-27 22:18:43 UTC
I don't get a match using the MW code either:

$ php maintenance/eval.php 
> return $wgEnableSorbs;
bool(true)
> return $wgSorbsUrl;
http.dnsbl.sorbs.net
> return $wgUser->inSorbsBlacklist( '66.102.73.140' );
bool(false)

Can you confirm?

Also try the lookup manually:

$ host 140.73.102.66.http.dnsbl.sorbs.net
Host 140.73.102.66.http.dnsbl.sorbs.net not found: 3(NXDOMAIN)

Previous versions of MW did the lookup with a hardcoded "http.dnsbl.sorbs.net.",
so also try with the extra . at the end:

$ host 140.73.102.66.http.dnsbl.sorbs.net.
Host 140.73.102.66.http.dnsbl.sorbs.net not found: 3(NXDOMAIN)
Comment 7 Carl Austin Bennett 2006-12-27 23:12:06 UTC
$ php maintenance/eval.php
PHP Warning:  posix_isatty(): cannot seek on a pipe in
/var/www/html/fr/install-utils.inc on line 66
> return $wgEnableSorbs
bool(true)
> return $wgSorbsUrl
http.dnsbl.sorbs.net
> return $wgUser->inSorbsBlacklist('66.102.73.140')
bool(true)

$ host 140.73.102.66.http.dnsbl.sorbs.net
Host 140.73.102.66.http.dnsbl.sorbs.net not found: 3(NXDOMAIN)
$ host 140.73.102.66.http.dnsbl.sorbs.net.
Host 140.73.102.66.http.dnsbl.sorbs.net not found: 3(NXDOMAIN)

(version is MediaWiki: 1.9alpha, PHP: 5.1.6 (apache2handler), MySQL: 5.0.22)
Comment 8 Carl Austin Bennett 2006-12-27 23:25:43 UTC
I'm looking at "includes/User.php" line 898 of 2519:

$ipList = gethostbynamel( $host );

on call, $host was '140.73.102.66.http.dnsbl.sorbs.net'
on return, $ipList[0] becomes '209.139.209.130' - which is the address of the
wiki server.


$ php maintenance/eval.php

> return gethostbynamel('73.65.102.66.http.dnsbl.sorbs.net')
array(1) {
  [0]=>
  string(15) "209.139.209.130"
}
Comment 9 Carl Austin Bennett 2006-12-27 23:27:39 UTC
$ php maintenance/eval.php
PHP Warning:  posix_isatty(): cannot seek on a pipe in
/var/www/html/fr/install-utils.inc on line 66
> return gethostbynamel('140.73.102.66.http.dnsbl.sorbs.net')
array(1) {
  [0]=>
  string(15) "209.139.209.130"
}
Comment 10 Brion Vibber 2006-12-27 23:28:58 UTC
Sounds like you've got a weirdly broken local DNS or something. Check
/etc/resolv.conf and /etc/hosts...?

Also check if adding the . on the end changes the result.
Comment 11 Carl Austin Bennett 2006-12-27 23:36:56 UTC
Ah, so the trailing . on .sorbs.net. is necessary, according to
http://ca.php.net/gethostbynamel

"User Contributed Notes - gethostbynamel - info at methfessel-computers.de -
29-Sep-2006 06:27
 The solution is simple. Just add a . (point) to the end of the URL for correct
name resolving.
 Without this point PHP thinks it's a subdomain of your local domain and so
returns the "local-IP"."

> return gethostbynamel('140.73.102.66.http.dnsbl.sorbs.net.')
bool(false)

Therefore, in "includes/DefaultSettings.php" line 2075 of 2343, just change from:
  $wgSorbsUrl = 'http.dnsbl.sorbs.net';
back to:
  $wgSorbsUrl = 'http.dnsbl.sorbs.net.';
and all is well.
Comment 12 Brion Vibber 2006-12-27 23:54:32 UTC
Ah I see, looks like your local domain has a wildcard of some sort, so the
negative lookups fall back to the localdomain and always come up with a positive
result. :)

Fixed in r18616.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links