The only thing I have seen is some people trying to register with a bogus email which they do often. Vbulletin will not allow this so they may try different emails. Just a thought

It turns out that the reason I am seeing multiple threads created on an RBL match is because they are being denied registration even though I have "Allow Registration from IPs on RBL" set to YES. I would like the registration to be successful.

Looks like a bug.

Do you have the latest version installed?

Yes, version 3.2

You guys ever come to a definitive conclusion on which proxy lists to use?

One thing I noticed. If you have this post in a forum. Then the poster shows as having posted using the IP that was denied. Which is undesirable to say the least.

I use the three mentioned a few threads back

Ha... you know I just noticed that today. I'll take a look at the code this weekend.

Does anyone have any "feature requests".

Daniel,

First off, thank you very much for this hack. I installed it on my boards recently and when I had "open" registrations, it caught over 50 people trying to register with open proxies. I followed the advice of another poster to this thread and I am NOT using any of the RBL's that include spammers. I'm using the following RBL's, in the following order:

proxies.dnsbl.sorbs.net
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org

I have found that about 90% of the open proxy IP's are being caught by list.dsbl.org

One thing I was wondering, I have the hack set to allow rbl ip's to complete the registration, then ban those users to a group I created specifically for this hack. I tried it myself and the "error message" I got, was:

"You have been banned for the following reason:

Date the ban will be lifted:
Never"

As you can see, no reason is given for why the user is being banned.

Is there a way to make it so that when a user registers with a "banned" RBL IP, it would give a user defined reason, such as "registering via an Open Proxy IP"?

I checked the vbulletin phrases and I'm guessing it uses the $vbphrase[nopermission_banned] variable.

Is there any way I can add a "reason" to that and have it display in conjuction with the RBL hack? I've gotten a few angry emails and I think it's because the people saw they were banned after registering, but it gave them no reason.

Any ideas on how to adjust that? I hope you can see what I'm talking about here. I'm fairly good at tweaking vbulletin the way I like it, but having a specific reason for this hack show up in the error message has me stumped.

Thank you again for an excellent hack and if there's any more info you need from me about this, please ask.

Corporal Clegg

This is my first kill.

I have a question. I received the PM from the program with this alert, but it was also supposed to post it in a hidden forum for the moderators.
Can this send the message to PM's and a forum, or just one or the other?
Do I use the full url of the forum or do I just write in the forum name and the ID number?

It will do both thats how I currently have it set up.
"ForumID For RBL reports
The forum you want RBL reports to be posted into. " In this option field put your forum id where you would like the post to go.

I just recieved four of these identical PMs at the same time (2:25 pm), but it still hasn't posted anything in the special forum.
I copied and pasted the forum url from the browzer bar into the forum ID box.
I have all the permissions set so that it can access the hidden forum and make posts and threads.
I will have to re-check everything to see if I missed something.

Hmmmmm...I usually don't post images of my Admin CP, but in this case it may help.

I have mine setup to post in the moderator's private forum (24), as well as send me (The Finman) a PM.

I would check yours against mine, as that would probably be the easiest way to find the problem.

http://www.ronaldreagan.com/temp/rbl2.jpg

Let me know if that helps. :)

I see it.
You have the forum number (24) where I pasted the entire url into the box.
I'le just put in the forum number and see if it works.
By the way, it just killed another spammer a few minutes ago.
This program is great!

It works now, thanks Finman.:)
It blocked this spammer this morning.

It blocked it four times in a row with each registration attempt being one minute apart.
I assume this was an automated spam bot?

If you're getting multiple hits that close together I'm going to assume you're getting hit by a spam bot as I haven't had too many other reports of multiple hits like that... I've looked through the code and can't see anything that would cause it.

Glad to hear its helping out!!!

Yes, that is what it was.

I don't get too many of those, but I have had a couple try three times in under a minute.

This hack addresses the unique ability of bots to try and register using abilities beyond that of an ordinary human.

I've downloaded it, but I haven't had a chance to install it. If any of you try it before I do. I would very much like some feedback on it. :)

Sincerely

~Fin

I'm using

proxies.dnsbl.sorbs.net
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org
sbl-xbl.spamhaus.org

Is this overkill?

I'm primarily concerned with people who use fake IPs and such.

I have all of these on my list.

sbl-xbl.spamhaus.org
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net
http://www.ahbl.org
dnsbl.ahbl.org
tor.ahbl.org
ircbl.ahbl.org
opm.tornevall.org
list.dsbl.org

So far the only one that has blocked them is sbl-xbl.spamhaus.org.
Whether or not it is over kill to have this many on the list, it doesn't hurt to have a big arsenel.
Block this IP number ---> IP# 209.67.219.98

Blocking this IP blocks all of these proxy servers.

http://www.proxypanther.com/
http://www.doggyproxy.com/
http://www.elephantproxy.com/
http://www.monkeyproxy.net/
http://www.rainbowproxy.com/
http://www.thruzilla.com/
http://www.anonymizator.com/
http://www.anonymitor.com/
http://www.passthem.com/
http://www.sneakover.com/

I completly ruined a forum invasion with this one.:)

That's because as soon as it matches one it stops processing ... if you move another one to the top of the list you'll see it show up in the reports.

I'll add that to the next release.

Actually, I only use sbl-xbl.spamhaus.org

I get 4-5 a day.

My original intent was simply to block people from using proxies, and as I stated in my earlier posts, I had one nut case that had been using rotating proxies and this stopped him cold. He spent two days trying to get back in, and by judging the E-mails I got from him...he was hoping mad. :D

But yeah, the pleasant side effect has been stopping the spam bots. I never realized I had so many. I rarely got them when we used UBB, and I don't know if was the CGI versus PHP thing, but I suspect it's just the difference in the popularity of vBulletin.

Nice hack, works as it should!

Saves my mod's some work deleting those spammers.
Thanks!

This hack is a god send

THANK YOU

Sounds like a great hack!!

I have a question tho, if theres a site that we know that 'anonyminizes your IPs' does that count as this ?? And do I just add the webstite url to the list in the admincp??

So : When somebody tries to register, and he is using a proxyserver, registration is denied? Am I right?

I am still seeing this problem also on most RBL matches - 4 or 5 tries usually within a minute or two of each other. I have it set to allow the registration upon an RBL match, so I don't see how it can be a spam bot. As far as they can tell, the registration is successful so further registrations using the same user name and email address should be denied, but also unnecessary.

I moderate all new registrations also. Maybe that gives a clue into the problem.

Need to change the hook the plugin is using. It is currently using register_addmember_process, but should be using register_addmember_complete. What is happening is when it hits process, and say the user puts in the wrong captcha, doesn't match their passwords, doesn't put in a required field, etc. When you use the _complete hook it fires once the user has properly filled out the registration form. Only use this hook however if you want the registration to complete, but not get multiple notifications. If you are blocking registrations, then leave it using the process hook.

I've installed this hack on our board for about a month now. It has successfully identified and blocked all 3 malicious registrations we've had so far. (We are not a large community.) It's not perfect, since it has blocked a nonmalicious one as well. But it comes in handy for us webmasters, since we no longer need to use rather subjective criteria for determining which ones are malicious. Nice mod overall. :up:

Is there any way we can get this to work for user LOGINS and not just new registrations? The problem I have is users can easily guess other's passwords and essentially hack their way in that way (sometimes with just 1 or 2 tries because VB does not enforce safe passwords). Even if it didn't ban them but just blocked them from logging in with a proxy IP that would be great.

I would be willing to donate $$$ for such a modification in the next couple days.

-vissa

Based on your configuration the RBL Checker will then perform one of these three actions:

1. Nothing, the registration continues as normal.
2. Registration is blocked, an error message is displayed to the user.
3. Registration continues as normal, but the user is automatically permanently banned.

could there be a forth option where the user is registered but the account lays dormant until and admin has aproved it?

YOu mean to option to move the user into a moderation que?

or two a group when an admin would have to aprove thier account before it could become active

yes, also i noticed this overrides the VB registration defaults with regards to banend email addies

I have banned all email addresses ending in @mail.ru but if they using a proxy they get passed that ban for some reason the proxy checker then bans their account.

i would not minde this but we get between 5 to 20 bots registering a day with the @mail.ru and we feel it would be better if mail.ru would not work hence forcing them to use anotehr email which they most liekly would not and there fore go else where

also what would be suefull is when it banned that user9if u selected that option) it then said banend due to proxy use or something, as wehave qutie a big list and it usefull tos ee the reasons

Hello, nice hack.
First I am not allowing registrations to complete so am not banning anyone, but get the following message posted in the designated forum:
And may I suggest that as an option, we specify a thread number and instead of new threads being created in a nominated forum, replies are posted to a nominated thread? This would keep things nice and tidy.
Thanks

sbl-xbl.spamhaus.org is the current RBL.
list.dsbl.org (can I add this in below sbl-xbl.spamhaus.org in the check proxy admin area?)

Does this mod prevent members from going to tools/internet options/connections/lan settings etc and using a proxy server to register? How about these anonomous proxy lists that can be found on tonnes of websites..how does this mod prevent them from being used to register?

hi, i want to still add members to a certain suer group, but i want it to run through the process that try and stop bots does your method allow for that

It works! :)

Suggestions:
Allowing us to enter a ban reason in the settings of the AdminCP.
Option to disable site viewing. (Simply blocks the user from the site.)

this mod would be 100 times more effective if it ran the proxy check after confirming that the person details are correct.

i.e. that the image verification word is valid, that if the person using NoSpam that the anwser is valid and that the email address has not been banned

damien

This is very useful, my friends forum always was flooded by German trolls. They came five at once and registered with different proxies and filled up all forums with spam and trojan links and with foul language and rampage posting.
God bless you for this wonderful hack! :up: