You know, I had the exact same concerns when I first installed this hack almost a month ago, and I have carefully examined EVERY alert.

I would take the IP address and I would go over to DnsStuff.com and run it through WHOIS and the Spam Database Lookup, to get a clearer picture of who or what was trying to register.

I run a 10,000+ member board and the only IP denial from the RBL Checker I have ever recieved that was questionable, was an IP address that was of a grade school that that was apparently running a proxy. However the DnsStuff.com Spam Database Lookup had multiple reports from the many various spam moniter services that tended to indicate that even if if the school was legit (as it seemed to be), what the school's proxies had been used for apparently wasn't. It's very possible that the schools proxy servers may have been infiltrated and they were being abused without the school even being aware of it.

I also modified the xml file to include a link to the "Contact Us" section of the board I run.

I haven't had anyone contact me except for the troll for which I primarly installed it for...and yes, he was hoping mad that he couldn't get back in using the rotating proxy software he had been able to use to bypass our ban. He literally spent almost two days of what seemed like non-stop trying. That is why I asked Daniel to be able to change the notification system from PMs to a thread (preferably in the private forum for Mods & Admins) notification, as some of my Mods that aren't always around were having their PM boxes filled to the brim, as it took this idiot several days to finally give up.

I actually figured that once I got rid of him that I would disable it...until if I got another problem poster using proxies to bypass our ban again.

Anyway, like I said I monitored the alerts very closely, and from that most of the blocked IPs were from places like India, China, Brazil, Hungary, Saudi Arabia, Russia Etc. Now then you may have members from those countries, but out of our 10,000+ members...none of ours that are legitimate are from those countries. Could there be?...of course, but very doubtful. Now I have several alerts a day from those countries as they are spam bots who normally made it to the Captcha system before getting denied. The Proxy RBL checker now was stopping them at the front door instead, thus triggering an alert.

Also, seeing the sheer amount caused by spam bots was also a real eye opener, as since the new vBulletin 3.6+ version we haven't been getting many spam bots as the new Captcha system has made a big difference.

Anyway, even though it was interesting seeing just how many spam bot attempts were actually made, it was starting to get annoying which is also why I'm glad that Daniel moved the RBL checker back a little bit to "register_addmember_process", thus allowing the Captcha system to deny them...thus cutting down on the alerts.

Anyway, like I said I only installed this mod because of a very determined troll who was using rotating proxies to get back in. I was having to go into either the AdminCP or the server itself (to access my .htaccess forwarding to another place based on IPs) two or three times a day to add whatever new proxy address he was using. It was a real "cat and mouse" game, as I woud block him and then he would simply switch IPs and re-register and not only was it annoying, but it was taking up a good bit of my time, as I had to verify that the IP was a proxy or spam IP, and then login to the either the AdminCP or the .htaccess file on the server to ban that IP. Once I got rid of him, I planned to disable this mod, but I decided to leave it on (mostly if he back) and monitor it closely. With that one questionable denial, the other have been shown to be either spam or proxy registration attempts.

I think the changes in this updated version of the RBL checker will really give Admins the necessary controls to be either agressive or leniant in the registration process.

I suggest people who are skeptical like I was, to try it and monitor it and verify the registration information against WHOIS, known proxy and spam lists (such as those at DnsStuff.com). If after examinning the RBL Checker Alerts, you think that legitimate users are being denied, then either disable it (like I had planned to do) or simply uninstall it.

I honestly am not trying to be a cheerleader for Daniel or this mod, but I think this approach on an old problem is fresh and unique (I also like Paul M's Real IP Detection for a 1, 2 punch). :)

Indeed ... I recommend anyone who isn't sure the RBL is granular enough to not block legitimate users configure the first three options YES - YES - NO and give the blocker a forumid to post reports.

We have not had problems with trolls as yet... although our site has only been open less than 2 months and only has about 1000 users. I'm using the multiple login detector to track when we have more than 1 user @ a given IP but my experience on other boards is that trolls use proxies to get around IP bans... I have seen the same person banned 5 or 6 times in a day, and I have seen registration turned off temporarily to stop trolls from registering... this is much more intrusive than banning their IP and blocking registration from proxies.

I'm a bit of a prick so I have the RBL Blocker configured to block registration... you could easily configure it to allow registration and only change it to block if you start to get a lot of hits in association with troll activity on the board.

In part, allowing the person to get to the "submit" portion of registration also captures and hotmail/etc. addresses they have setup to get around IP/email address bans.

Of course... you will have to manually add those email addresses to the email banning options. The other option would be to enable auto-banning.

nice mod i was wondering they had a nice way to block anonymous proxy's in phpbb via a mod which was pretty nice would you be able to see if you can work any of that into this? you can take a look on how its written here and what it does. http://web-professor.net/wp/2005/05/...mod-for-phpbb/

Oh, believe me, I'm understand the full potential of this plugin, in addition to how I might use it effectively (I work in computer security, and actually make use of DNSBL's). My only problem is that the plugin enables people to blindly use DNSBL's, assuming that they are blocking just open proxies, as the title of this entails. I, as an admin, do not want to prevent people coming from IPs associated with SPAM (or other non-proxies), as I am well aware of the fact that the majority of spam in the world comes from hosts and networks that have been compromised by worms.

My suggestion is that if you are going to create a plugin that purports to block Open proxies, and, while it does block open proxies, it also blocks lots of other things, then that's a disservice. I'm erring on the side of caution, here. Upon further investigation of my user who had a problem the other day, according to the DNSBL, she was coming from an IP that had been known to be compromised by a worm. Do I care about that? Not particularly. I only really care about whether or not it's a proxy.

After looking at the link provided by "DementedMindz", I've found that SORBs actually does something right. Check out the link, http://www.us.sorbs.net/using.shtml. I've opted to enable http.dnsbl.sorbs.net, socks.dnsbl.sorbs.net, and misc.dnsbl.sorbs.net, as they are only related to proxies, and nothing else.

Here's the deal: I don't really want to babysit my messageboard by investigating every hit that comes through. If I know definitively that a particular IP is only matching because it hosts an open-proxy, I'm fine with that. I just think that if you're going to do that, you'll end up chasing a lot of wild geese, seeing as the DNSBL that come enabled by default, and have otherwise been recommended, do a lot more than just monitor for open proxies. It's a mis-use of these DNSBLs.

ok so you just added them to the Target RBL also is there suppose to be a space between each or a line break? also check out http://www.us.sorbs.net/using.shtml#largesites for more options it seems

I did put them in the Target RBL with a newline between each one.

So, for me, it's as follows:

http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net

alternatively, you can use:
proxies.dnsbl.sorbs.net

which points to all three of those systems (it'd also mean one query as opposed to three).

yeah my main thing that i really want to block is anonymous proxys as well as other proxies too. hopefully this will work in doing that. im going to try and test it out and see. cause i have another script in thats suppose to only work on proxies but anonymous get right by it.

One on each new line...

Hmmm... I'll look into SORBS, I might make it the default.

ok so is that just going to block all proxies with proxies.dnsbl.sorbs.net and also is there any way at all to block anonymous proxies?