Hey Daniel... thanks for all the work you've done. I don't think we've mentioned that You've helped make our forums quieter.

Here's all the BLs I use...

dnsbl.ahbl.org
list.dsbl.org
sbl-xbl.spamhaus.org
cbl.abuseat.org
bl.spamcop.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
zen.spamhaus.org

I don't understand why people are using spam blacklists to block proxy servers. I think this post needs to be read again:

proxies.dnsbl.sorbs.net
dnsbl.ahbl.org

I only use 2 lists... 99% of blocks are from proxies.dnsbl.sorbs.net...

As Tom said, you should make sure you avoid some aggressive SBLs. While its logical for mailservers (the primary users of SBLs) to block traffic from IP ranges assigned by ISPs to consumer addresses (DSL, Dial-up, etc.) as they're not legitimate sources of SMTP traffic its counter productive to do so with a forum...

Obviously you'll get a lot of matches. But a lot of them might be people who actually want to get on your forum.

You should also enable reporting - and check reports regularly. 99.9% of my blocks come from registration emails that are .ru (I run a small Canadian forum....) so its easy to see that those are spammers. (Usernames like 'cheapcigarettes' are a good hint too.)

You want to make sure that you don't tighten the screws down so tight you block legitimate users... especially if your board relies on donations.

Will this mod continue to work with VB 3.7 or is there an upgrade?

I have not tested it but there has been at least 1 post in the thread confirming it does work with 3.7

It works in 3.7.0 for me no problem.

Also, with the size of our forum, using the other blacklists has helped a lot more than just sticking with two. Working in IT, I know that if you compromise any system (whether it'd be mail, proxy, web, or other server, along with desktops and laptops), you can do whatever you want with it, and that includes forum spam. Since I deal primarily with security at work, I've seen it.

Working in 3.7

However, I have the 5 threads created per action. I tried switching the hook location so they were both _complete, but when I do that I get an error upon registration. Reg goes thru, but the user gets the DB error page, not redirected to thanks message.

I have it set to complete, then ban, then alert me in staff forum. No blocking of registration.

Can I disable the register hook, or will that make it lose functionality?

Also, is there a central blacklist for web based anonymizers that we can plug into? (hidemyass.com, etc). Thats where most of my trolls are coming from, and keeping that up to date by hand is going to be a pain.

Thanks for the great hack!

I don't have that problem at all with the multiple threads. Of course, mine is set to deny registration.

As far as the proxies, I would love to see an RBL for it.

I have found that it does not work fully on 3.7. I have it set to allow then ban and the ban part never seems to work.

Only proxy based one i see in any of the ones mentioned here is proxies.dnsbl.sorbs.net. Not sure how good it is. Putting it at front of my list, with zen.spamhaus.org after it. See what picks up.

While the spam reduction is good, the HTTP, web based anonymizers is what needs to be blocked consistently. Most trolls don't understand full proxy programs or situations, they just use the web based ones found in google searches.

As for "Feature Requests"

- It would be good so that if you allow registrations, with automatic banning, if you then review the situation and decide to unban the person, you can send them an altered Email with reactivation codes. Something like:

Banning Information
Banned by RBL DoubleCheck XYZ [LIFT BAN]

Lift Ban does -
--Removes Custom User Title we just put there.
-- Moves to "Users Waiting Email Confirmation" usergroup.
-- Sends email with new activation codes
-- Additional lines in that email state (template it up so we can adjust i guess)
---- that they were originally banned due to their IP being on a Blacklist,
---- due to further review, staff has decided to approve their registration.
---- please click the link to re-confirm their account.
---- their account will be watched for X amount of time to double check for spam, trolling, or alt id abuse.

Also might be good to add links in the Edit User Page under the banned box directly to link pages for dnsstuff.com, and/or google searches on the username. That way you can quickly see if that person exists on other sites/forums, etc.

Possibly parse their email to do a search for whatever they entered before the @ symbol, and do a google search for that too. That sometimes brings up useful data.

All those searches and the data that can come back can help you discern if the person is real and/or a trouble maker elsewhere, therefore allowing a false-positive to be reversed easily.

bump, request a mod like this for 3.7 !!
Anyone know if there is anything like this?

Awesome mod, I really need check proxy mod.

First I would like to say I really appreciate this hack as it saves me a lot of hassle.

I noticed that when it catches someone trying to use a hidden ip address even though the settings are set to ban user, it does not. What it does during registration is that will does not accept the human verification answer and allows them to continue to try.

If any help is available on this I would appreciate it greatly.

I have the same issue.

I just want to make sure I update the list.
The error was on my end with one of the templates and once corrected it is up and running just as described.

Thanks for such a useful tool.

Which template? Mine is still not working correctly.

Try reverting this template:

Admin CP -> Styles & Templates -> Style Manager -> « » -> Registration Templates -> register

After doing a little testing I found that banning does not occur unless the second notification window appears to the person logging in.
It would be nice to have this banning action occur on the first message of notifying the register of using a proxy server.

To test this I used this and was caught http://www.freeproxyserver.net/

and this one got through do to it not getting the second notice http://www.cantbustme.com/

I still like the hack but just wanted to pass this along as I am really getting hit hard by an idiot.

As another note I am receiving two post for every one attempt to log in.

I do not know if this link has been listed but it helps in finding the servers you want to use.

http://openrbl.org/

use the OpenRBL JS Client, it uses java and you can see which list blockers catch the ip's you want to block.
I try and limit the amount of blocking sites as possible so to avoid valid people are not affected.

oppss duplicate post #218

Dave

It seems I have my own answer here.:cool:
The reason I found why the new registrations is not being banned is because I have the Spam Hack so I can make up my own question and answer. The ones that are not being banned must be spam bots and are unable to answer the question.

The one that can answer the question but caught by the RBL Checker is banning them.:eek:

Running 3.7.1 and am also getting two pms. Also have it set to move the person into a certain usergroup how ever it seems that is not happening.

Kylek I am not sure if the same thing is occuring with mine but I found that through trail and error if they are able to registered and then banned they will be banned.

If you are unsuccessful in registering then it will not ban as the are not a member yet.

Dave

Sorry, I'm not clear, is this hack compatible with VB 3.7?

As far as I can tell no not completely. It does part of the job but fails on the auto banning. I'm using it anyways on 3.7 as one more deterrent.

Any chance of this getting a proper port to 3.7?

Thanks, on that basis I've implemented it.

A couple of other questions. The introduction gives reasons for banning proxies, but does not make it clear whether this product implements a ban, or whether the author is recommending that something else should be used to block proxies. If the latter, is there a reliable, supported proxy blocker?

With RBL implemented, it seems to be blocking only a minority of spammers. Is there anything else that can be done?

I personally use a three tier approach that catches 99% of the attempts:

Registration Attempt -> Stop Forum Spam Check -> Proxy RBL Check
Post Attempt -> Akismet Check

For RBL I'm a little more aggressive on the IPCONFIG checks that the default setting:

• dnsbl.ahbl.org
• list.dsbl.org
• sbl-xbl.spamhaus.org
• cbl.abuseat.org
• bl.spamcop.net
• dnsbl-1.uceprotect.net
• dnsbl-2.uceprotect.net
• dnsbl-3.uceprotect.net
• zen.spamhaus.org

works on 3.7.2 inc auto banning

however it makes a post twice when it catches an offender

Is there any way someone can make this script also check/block registrations from proxy IPs? Here are three big sites containing lists of proxy site IP addresses:
http://www.samair.ru/proxy/
http://www.publicproxyservers.com/page1.html (Page 1 through 5)
http://www.proxy.org/tor.shtml

Will pay a coder to make this available to everyone somehow.

Edit: Proxy.org has a blacklist of Proxy IPs that you can add to your .htaccess file here. Would still like to use the above IP addresses to be blocked by a script automatically - would be very useful if the script could auto-update itself as the sites do. The sites contain such a massive index of proxy IPs that are freshly updated it would really prevent problematic users.

Never mind... Just read post:
https://vborg.vbsupport.ru/showpost....&postcount=203

Problem is that anonymous surfing sites are not blocked. Will anxiously wait for update.

Quote:

For RBL I'm a little more aggressive on the IPCONFIG checks that the default setting: dnsbl.ahbl.org list.dsbl.org sbl-xbl.spamhaus.org cbl.abuseat.org bl.spamcop.net dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net zen.spamhaus.org

Thanks for this list... 2 of the 3 defaults are not working and the remaining one didn't list the IPs of a recent offender I've been battling with.

Also try opm.tornevall.org. That server also looks for webspamming/abuse (and updates TOR-nodes hourly). You can read about it here.

Thank you for that list! :)

What is the best list to use? I am using this now:

But there's also this one?

Should I use a combination of both?

That may be a good idea. Some of the listed rbls (tornevall.org is one of them) also support bitmasked detection, which mean you can choose what to block of the returned answers from DNS (which this plugin also supports :P).

The biggest problem with a lot of diffrent blocklists is that it may slow down the forum if resolving takes too much time. There may also be a lot of false alarms, depending on how updated the RBL is.

I don't know why today my forum http://www.webcosmoForums.com got hit by spammers all day long. They been registering one after another posting porns and links. Apparently they been using a proxy for registration. I been getting tired of deleting and banning.

So now that I have installed this, hopefully it will stop the spam flood. Great work.

I got hit today too and I have a lot of custom code added that really make it tough for the spammers to get through but I had one today really testing the site by adjusting the words and phrases in the spam.

My problem was their IP kept changing with each new post/account. I hope this fixes that issue...

Wow, worked like a charm and my spamer decided to go somewhere else! I had a real person on the site trying to get in with his bots and I could tell as they were getting some tricky spam blocks mastered but once their IPs couldn't be faked they were not getting through and gave up.

Simply awsome tool!

I am getting double posts in my reporting forum. Any ideas?

Uninstalled... it is causing me loads of unnecessary work. Since last night it has sent almost 20 legitimate users to moderation queue.

Either the program is faulty or the black lists are incorrect... either way it gets a big thumbs down from me.