Hey Daniel... thanks for all the work you've done. I don't think we've mentioned that You've helped make our forums quieter.

Here's all the BLs I use...

dnsbl.ahbl.org
list.dsbl.org
sbl-xbl.spamhaus.org
cbl.abuseat.org
bl.spamcop.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
zen.spamhaus.org

I don't understand why people are using spam blacklists to block proxy servers. I think this post needs to be read again:

proxies.dnsbl.sorbs.net
dnsbl.ahbl.org

I only use 2 lists... 99% of blocks are from proxies.dnsbl.sorbs.net...

As Tom said, you should make sure you avoid some aggressive SBLs. While its logical for mailservers (the primary users of SBLs) to block traffic from IP ranges assigned by ISPs to consumer addresses (DSL, Dial-up, etc.) as they're not legitimate sources of SMTP traffic its counter productive to do so with a forum...

Obviously you'll get a lot of matches. But a lot of them might be people who actually want to get on your forum.

You should also enable reporting - and check reports regularly. 99.9% of my blocks come from registration emails that are .ru (I run a small Canadian forum....) so its easy to see that those are spammers. (Usernames like 'cheapcigarettes' are a good hint too.)

You want to make sure that you don't tighten the screws down so tight you block legitimate users... especially if your board relies on donations.

Will this mod continue to work with VB 3.7 or is there an upgrade?

I have not tested it but there has been at least 1 post in the thread confirming it does work with 3.7

It works in 3.7.0 for me no problem.

Also, with the size of our forum, using the other blacklists has helped a lot more than just sticking with two. Working in IT, I know that if you compromise any system (whether it'd be mail, proxy, web, or other server, along with desktops and laptops), you can do whatever you want with it, and that includes forum spam. Since I deal primarily with security at work, I've seen it.

Working in 3.7

However, I have the 5 threads created per action. I tried switching the hook location so they were both _complete, but when I do that I get an error upon registration. Reg goes thru, but the user gets the DB error page, not redirected to thanks message.

I have it set to complete, then ban, then alert me in staff forum. No blocking of registration.

Can I disable the register hook, or will that make it lose functionality?

Also, is there a central blacklist for web based anonymizers that we can plug into? (hidemyass.com, etc). Thats where most of my trolls are coming from, and keeping that up to date by hand is going to be a pain.

Thanks for the great hack!

I don't have that problem at all with the multiple threads. Of course, mine is set to deny registration.

As far as the proxies, I would love to see an RBL for it.

I have found that it does not work fully on 3.7. I have it set to allow then ban and the ban part never seems to work.

Only proxy based one i see in any of the ones mentioned here is proxies.dnsbl.sorbs.net. Not sure how good it is. Putting it at front of my list, with zen.spamhaus.org after it. See what picks up.

While the spam reduction is good, the HTTP, web based anonymizers is what needs to be blocked consistently. Most trolls don't understand full proxy programs or situations, they just use the web based ones found in google searches.

As for "Feature Requests"

- It would be good so that if you allow registrations, with automatic banning, if you then review the situation and decide to unban the person, you can send them an altered Email with reactivation codes. Something like:

Banning Information
Banned by RBL DoubleCheck XYZ [LIFT BAN]

Lift Ban does -
--Removes Custom User Title we just put there.
-- Moves to "Users Waiting Email Confirmation" usergroup.
-- Sends email with new activation codes
-- Additional lines in that email state (template it up so we can adjust i guess)
---- that they were originally banned due to their IP being on a Blacklist,
---- due to further review, staff has decided to approve their registration.
---- please click the link to re-confirm their account.
---- their account will be watched for X amount of time to double check for spam, trolling, or alt id abuse.

Also might be good to add links in the Edit User Page under the banned box directly to link pages for dnsstuff.com, and/or google searches on the username. That way you can quickly see if that person exists on other sites/forums, etc.

Possibly parse their email to do a search for whatever they entered before the @ symbol, and do a google search for that too. That sometimes brings up useful data.

All those searches and the data that can come back can help you discern if the person is real and/or a trouble maker elsewhere, therefore allowing a false-positive to be reversed easily.