Closed andria-dev closed 3 years ago
elementalcollision
commented
3 years ago In one of the pull requests, it appears that someone has provided Google's IP address. While that's great and all, perhaps it should be randomized across known Class B/C allocations of major service providers. š
jensyfrenzy
commented
3 years ago Do they do any type of IP validation? When I was using a VPN to make fake submissions last week, it seemed like they restricted submissions from certain subsets of IP addresses (e.g., from a foreign country).
I would test this myself, but the site is pretty sluggish right now and I cannot even get the form to load.
andria-dev
commented
3 years ago I couldn't even get the site to load correctly on a VPN tbh. I do believe they restricted submissions from IPs in some other countries but I don't know if that happens when you submit your IP in the form or if the server will just refuse to serve you in the first place. I'm messing with reCaptcha right now though since that seems to be a bigger block to the Python script than anything
ghost
commented
3 years ago As far as I can tell, if your IP is being blocked the form won't load for you at all (I've had some limited/intermittent success deleting cookies and session storage to get the form to load again).
I think the IP field in the form is for the DBA to filter out users known to be problematic when reviewing the data.
coolgeek6667
commented
3 years ago The form wasn't loading for me right off the bat on my first attempt (no VPN, located in the US, outside of TX) - so far it only loaded for me once in the last hour or so.
NicktheGeek
commented
3 years ago Form not loading doesn't appear to be IP specific. The form is loaded via AJAX in a request to /wp-admin/admin-ajax.php. This is failing due to network traffic. The page loads because it's cached, but the ajax endpoint is not cached.
Direct requests to the endpoint are failing and GoDaddy Firewall is reporting a communication error.
I do agree that randomizing the IP field may be a good idea, but likely the IP is also logged via PHP, so it may not be foolproof. Already VPNs I've tried are blocked completely from accessing the site at GoDaddy Firewall level.
elementalcollision
commented
3 years ago ideally, if we could figure out known ranges for providers within Texas, we could provide a metric for spoofing. denying accessibility by residents to this service would be an added bonus. I'm going to update with the latest and see what I get for data return information.
NicktheGeek
commented
3 years ago If it helps, here is the response data for displaying the form. I'm attempting to use Charles to spoof this response so I get a valid page to submit against, but it won't help with sending a form, I suspect the submission handler is also overwhelmed and failing.
:status: 200
server: nginx
date: Thu, 02 Sep 2021 22:35:41 GMT
content-type: application/json; charset=UTF-8
x-sucuri-id: 14004
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
access-control-allow-origin: https://prolifewhistleblower.com
access-control-allow-credentials: true
x-robots-tag: noindex
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
{"success":true,"data":{"html":"<div class=\"forminator-ui forminator-custom-form forminator-custom-form-26 forminator-design--bold forminator_ajax\" data-forminator-render=\"0\" data-form=\"forminator-module-26\"><br\/><\/div><form\r\n\t\t\t\tid=\"forminator-module-26\"\r\n\t\t\t\tclass=\"forminator-ui forminator-custom-form forminator-custom-form-26 forminator-design--bold forminator_ajax\"\r\n\t\t\t\tmethod=\"post\"\r\n\t\t\t\tdata-forminator-render=\"0\"\r\n\t\t\t\tdata-form-id=\"26\"\r\n\t\t\t\t\r\n\t\t\t\tdata-design=\"bold\"\r\n\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\tdata-grid=\"open\"\r\n\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t\t\r\n\t\t\t><div class=\"forminator-response-message forminator-error\" aria-hidden=\"true\"><\/div><div class=\"forminator-row\"><div id=\"textarea-1\" class=\"forminator-col forminator-col-12 \"><div class=\"forminator-field\"><label for=\"forminator-field-textarea-1\" class=\"forminator-label\">How do you think the law has been violated?<\/label><textarea name=\"textarea-1\" placeholder=\"Please include as much detail as possible.\" id=\"forminator-field-textarea-1\" class=\"forminator-textarea\" rows=\"6\" style=\"min-height:140px;\" ><\/textarea><span class=\"forminator-description\"><span data-limit=\"500\" data-type=\"words\">0 \/ 500<\/span><\/span><\/div><\/div><\/div><div class=\"forminator-row\"><div id=\"text-1\" class=\"forminator-col forminator-col-12 \"><div class=\"forminator-field\"><label for=\"forminator-field-text-1\" class=\"forminator-label\">How did you obtain this evidence?<\/label><input type=\"text\" name=\"text-1\" value=\"\" placeholder=\"\" id=\"forminator-field-text-1\" class=\"forminator-input forminator-name--field\" data-required=\"\" \/><span class=\"forminator-description\"><span data-limit=\"200\" data-type=\"words\">0 \/ 200<\/span><\/span><\/div><\/div><\/div><div class=\"forminator-row\"><div id=\"text-6\" class=\"forminator-col forminator-col-12 \"><div class=\"forminator-field\"><label for=\"forminator-field-text-6\" class=\"forminator-label\">Clinic or Doctor this evidence relates to<\/label><input type=\"text\" name=\"text-6\" value=\"\" placeholder=\"\" id=\"forminator-field-text-6\" class=\"forminator-input forminator-name--field\" data-required=\"\" \/><span class=\"forminator-description\"><span data-limit=\"20\" data-type=\"words\">0 \/ 20<\/span><\/span><\/div><\/div><\/div><div class=\"forminator-row\"><div id=\"text-2\" class=\"forminator-col forminator-col-12 \"><div class=\"forminator-field\"><label for=\"forminator-field-text-2\" class=\"forminator-label\">City<\/label><input type=\"text\" name=\"text-2\" value=\"\" placeholder=\"\" id=\"forminator-field-text-2\" class=\"forminator-input forminator-name--field\" data-required=\"\" maxlength=\"30\" \/><span class=\"forminator-description\"><span data-limit=\"30\" data-type=\"characters\">0 \/ 30<\/span><\/span><\/div><\/div><\/div><div class=\"forminator-row\"><div id=\"text-3\" class=\"forminator-col forminator-col-12 \"><div class=\"forminator-field\"><label for=\"forminator-field-text-3\" class=\"forminator-label\">State<\/label><input type=\"text\" name=\"text-3\" value=\"\" placeholder=\"\" id=\"forminator-field-text-3\" class=\"forminator-input forminator-name--field\" data-required=\"\" maxlength=\"30\" \/><span class=\"forminator-description\"><span data-limit=\"30\" data-type=\"characters\">0 \/ 30<\/span><\/span><\/div><\/div><\/div><div class=\"forminator-row\"><div id=\"text-4\" class=\"forminator-col forminator-col-12 \"><div class=\"forminator-field\"><label for=\"forminator-field-text-4\" class=\"forminator-label\">Zip<\/label><input type=\"text\" name=\"text-4\" value=\"\" placeholder=\"\" id=\"forminator-field-text-4\" class=\"forminator-input forminator-name--field\" data-required=\"\" maxlength=\"5\" \/><span class=\"forminator-description\"><span data-limit=\"5\" data-type=\"characters\">0 \/ 5<\/span><\/span><\/div><\/div><\/div><div class=\"forminator-row\"><div id=\"text-5\" class=\"forminator-col forminator-col-12 \"><div class=\"forminator-field\"><label for=\"forminator-field-text-5\" class=\"forminator-label\">County<\/label><input type=\"text\" name=\"text-5\" value=\"\" placeholder=\"\" id=\"forminator-field-text-5\" class=\"forminator-input forminator-name--field\" data-required=\"\" maxlength=\"30\" \/><span class=\"forminator-description\"><span data-limit=\"30\" data-type=\"characters\">0 \/ 30<\/span><\/span><\/div><\/div><\/div><div class=\"forminator-row\"><div id=\"checkbox-1\" class=\"forminator-col forminator-col-12 \"><div role=\"group\" class=\"forminator-field\" aria-labelledby=\"forminator-checkbox-group-613151bd290d9-label\"><h4 id=\"forminator-checkbox-group-613151bd290d9-label\" class=\"forminator-label\">Are you currently elected to public office?<\/h4><label for=\"forminator-field-checkbox-1-1-613151bd290d9\" class=\"forminator-checkbox\" title=\"Yes\"><input type=\"checkbox\" name=\"checkbox-1[]\" value=\"yes\" id=\"forminator-field-checkbox-1-1-613151bd290d9\" data-calculation=\"0\" \/><span class=\"forminator-checkbox-box\" aria-hidden=\"true\"><\/span><span class=\"forminator-checkbox-label\">Yes<\/span><\/label><label for=\"forminator-field-checkbox-1-2-613151bd290d9\" class=\"forminator-checkbox\" title=\"No\"><input type=\"checkbox\" name=\"checkbox-1[]\" value=\"no\" id=\"forminator-field-checkbox-1-2-613151bd290d9\" data-calculation=\"0\" \/><span class=\"forminator-checkbox-box\" aria-hidden=\"true\"><\/span><span class=\"forminator-checkbox-label\">No<\/span><\/label><\/div><\/div><\/div><div class=\"forminator-row\"><div id=\"captcha-1\" class=\"forminator-col forminator-col-12 \"><div class=\"forminator-g-recaptcha\" data-theme=\"light\" data-sitekey=\"6LeKMiEcAAAAANvJ6vwhs9aMX5iuT4IyoOAzGz3i\" data-size=\"normal\"><\/div><\/div><\/div><div class=\"forminator-row forminator-hidden\"><input type=\"hidden\" id=\"hidden-1\" name=\"hidden-1\" value=\"73.216.252.82\" \/><\/div><input type=\"hidden\" name=\"referer_url\" value=\"\" \/><div class=\"forminator-row forminator-row-last\"><div class=\"forminator-col\"><div class=\"forminator-field\"><button class=\"forminator-button forminator-button-submit\">Submit<\/button><\/div><\/div><\/div><input type=\"hidden\" id=\"forminator_nonce\" name=\"forminator_nonce\" value=\"9fe66bf390\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/anonymous-form\/\" \/><input type=\"hidden\" name=\"form_id\" value=\"26\"><input type=\"hidden\" name=\"page_id\" value=\"27\"><input type=\"hidden\" name=\"form_type\" value=\"default\"><input type=\"hidden\" name=\"current_url\" value=\"https:\/\/prolifewhistleblower.com\/\"><input type=\"hidden\" name=\"render_id\" value=\"0\"><input type=\"hidden\" name=\"action\" value=\"forminator_submit_form_custom-forms\"><label for=\"input_11\" class=\"forminator-hidden\" aria-hidden=\"true\">Please do not fill in this field. <input id=\"input_11\" type=\"text\" name=\"input_11\" value=\"\" autocomplete=\"off\"><\/label><\/form>","style":"","styles":[],"scripts":{"forminator-google-recaptcha":{"src":"https:\/\/www.google.com\/recaptcha\/api.js?hl=en_US&onload=forminator_render_captcha&render=explicit","on":"window","load":"grecaptcha"}},"script":"","callback":"","is_ajax_load":true,"options":{"form_type":"custom-form","inline_validation":true,"print_value":false,"rules":"\"textarea-1\": {\"maxwords\": 500,},\"text-1\": {\"maxwords\": 200,},\"text-6\": {\"maxwords\": 20,},\"text-2\": {\"maxlength\": 30,},\"text-3\": {\"maxlength\": 30,},\"text-4\": {\"maxlength\": 5,},\"text-5\": {\"maxlength\": 30,},","messages":"\"textarea-1\": {\"maxwords\": \"You exceeded the allowed amount of words. Please check again.\",\n},\"text-1\": {\"maxwords\": \"You exceeded the allowed amount of words. Please check again.\",\n},\"text-6\": {\"maxwords\": \"You exceeded the allowed amount of words. Please check again.\",\n},\"text-2\": {\"maxlength\": \"You exceeded the allowed amount of characters. Please check again.\",\n},\"text-3\": {\"maxlength\": \"You exceeded the allowed amount of characters. Please check again.\",\n},\"text-4\": {\"maxlength\": \"You exceeded the allowed amount of characters. Please check again.\",\n},\"text-5\": {\"maxlength\": \"You exceeded the allowed amount of characters. Please check again.\",\n},","conditions":{"fields":[],"relations":{"textarea-1":[],"text-1":[],"text-6":[],"text-2":[],"text-3":[],"text-4":[],"text-5":[],"checkbox-1":[],"captcha-1":[],"hidden-1":[],"submit":[]}},"calendar":"{\"days\":[\"Su\",\"Mo\",\"Tu\",\"We\",\"Th\",\"Fr\",\"Sa\"],\"months\":[\"Jan\",\"Feb\",\"Mar\",\"Apr\",\"May\",\"Jun\",\"Jul\",\"Aug\",\"Sep\",\"Oct\",\"Nov\",\"Dec\"]}","pagination_config":{"has-pagination":false,"pagination-header-design":"show","pagination-header":"nav","last-steps":"Finish","last-previous":"Previous","pagination-labels":"default","has-paypal":false},"paypal_config":{"live_id":"","sandbox_id":"","redirect_url":"https:\/\/prolifewhistleblower.com","form_id":26},"forminator_fields":["address","calculation","captcha","currency","custom","date","email","gdprcheckbox","hidden","html","checkbox","name","number","page-break","password","paypal","phone","postdata","radio","section","select","stripe","text","textarea","time","upload","url","signature"],"max_nested_formula":5,"general_messages":{"calculation_error":"Failed to calculate field.","payment_require_ssl_error":"SSL required to submit this form, please check your URL.","payment_require_amount_error":"PayPal amount must be greater than 0.","form_has_error":"Please correct the errors before submission."},"payment_require_ssl":false,"fadeout":"true","fadeout_time":10000,"has_loader":true,"loader_label":"Submitting...","calcs_memoize_time":300,"is_reset_enabled":true,"has_stripe":false,"has_paypal":false}}}the form is broken on their site at the moment. Can't see it from here though I'm cautious that it could be just temporary.
EnduringBeta
commented
3 years ago I also don't know if I see the form usually, though occasionally I see the bot fill in some text boxes.
elementalcollision
commented
3 years ago If the form is working, you will see the bot fill in the fields top to bottom.
at the current moment, however, I cannot determine if the form is operational or if I have had my IP blocked. Others are reporting that the contact form is unavailable to them as well.
From: Ross Llewallyn @.> Sent: Thursday, September 2, 2021 7:33 PM To: SeanDaBlack/AbBOT @.> Cc: Dave Graham @.>; Comment @.> Subject: Re: [SeanDaBlack/AbBOT] Site is likely using form-based IP logging (#3)
I also don't know if I see the form usually, though occasionally I see the bot fill in some text boxes.
ā You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/SeanDaBlack/AbBOT/issues/3#issuecomment-912130376 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AOFRTTNKGTPAH3DMSNAYGUDUAACSHANCNFSM5DJPRAVA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub . https://github.com/notifications/beacon/AOFRTTIN24AWARHLWX3547TUAACSHA5CNFSM5DJPRAVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOGZPACSA.gif
EnduringBeta
commented
3 years ago Specifically I was seeing the page load with no form below the photo and big buttons, most of the time. Then sometimes I see the form and it fills it out.
I don't know if the Verify Not A Robot part is new, but that's there now.
elementalcollision
commented
3 years ago The re-captcha has been there all day.
The contact form is intermittent at this point. Which is great. The more frustration we can inject into the process, the more ideal of a situation it is.
From: Ross Llewallyn @.> Sent: Thursday, September 2, 2021 7:37 PM To: SeanDaBlack/AbBOT @.> Cc: Dave Graham @.>; Comment @.> Subject: Re: [SeanDaBlack/AbBOT] Site is likely using form-based IP logging (#3)
Specifically I was seeing the page load with no form below the photo and big buttons, most of the time. Then sometimes I see the form and it fills it out.
I don't know if the Verify Not A Robot part is new, but that's there now.
ā You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/SeanDaBlack/AbBOT/issues/3#issuecomment-912131920 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AOFRTTIVTANZD2NZFTLY55TUAADBVANCNFSM5DJPRAVA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub . https://github.com/notifications/beacon/AOFRTTOX6NOKKJB54V2HFHLUAADBVA5CNFSM5DJPRAVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOGZPAOUA.gif
a-voleur
commented
3 years ago I suggest using 192.124.249.104 as a fake IP address. Take a guess why :)
(add if key == 'hidden-1': info = '192.124.249.21' to line 76 in similar indentation style to the rest of the code if you don't know how)
Vigilant3
commented
3 years ago If you want to VPN into the site Surfshark still seems to be working. It won't work if you multi-hop but if you select a location in the US it will work fine.
elementalcollision
commented
3 years ago Iām getting 502 errors here in the US.
From: Vigilant3 @.> Sent: Thursday, September 2, 2021 9:43 PM To: SeanDaBlack/AbBOT @.> Cc: Dave Graham @.>; Comment @.> Subject: Re: [SeanDaBlack/AbBOT] Site is likely using form-based IP logging (#3)
If you want to VPN into the site Surfshark still seems to be working. It won't work if you multi-hop but if you select a location in the US it will work fine.
ā You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/SeanDaBlack/AbBOT/issues/3#issuecomment-912187021 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AOFRTTIPEEWAIY2I2FQGONLUAAR3TANCNFSM5DJPRAVA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub . https://github.com/notifications/beacon/AOFRTTMGIBWRUKNFP4ULQM3UAAR3TA5CNFSM5DJPRAVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOGZPN5DI.gif
Vigilant3
commented
3 years ago Some of them do seem to be blocked. But some of them are still working Try Dallas or Detroit.
Iām getting 502 errors here in the US.
andria-dev
commented
3 years ago I think we should make a GitHub Discussion for these things y'all are talking about as this issue has already been solved by #5
The website appears to be using a hidden input field that stores your IP address and sends that as part of your form data to the server (despite their claim of anonymity). If there's no other form of IP logging on the system, it would be pretty simple to either empty this out or replace it with random IP addresses.
I've put the full XPath below but you could also easily identify this input as
#hidden-1since it is the only element with that ID and it uses that ID every time.