Hostname or Useragent Registration Ban
 

THIS ADD-ON IS NO LONGER AVAILABLE AND IS NOT SUPPORTED

This is an add-on that is designed with vBulletin 4.1.5. It may not work on earlier versions of vBulletin. It is known to be working on vB versions 3.8.7, 4.0.7 and 4.1.5 through 4.2.0. I don't know if it is compatable with all versions of vB or not.

On my site, I receive quite a few PMs asking me how I prevent spam from being posted there. While I can't release everything I use because some of it is server based (external from vBulletin), I can release one of the lines of defense that I use.

This mod allows you to ban Hostnames and Useragents from registering on your site.

If a hostname or useragent contains any of the words you specify and they are trying to register, they are presented with an error telling them they are forbidden from registering on your site. And no registration screen ever appears.

In the event the hostname is blank, a WHOIS can be performed to establish the identity of the system being used to register.

The 'External Content' pulled by this mod is only the WHOIS information when that is enabled.

WARNING: This mod has the potential of banning humans from registering. Choose what words you use carefully.

Personally, I am not very concerned about banning an occasional human from registering. So, from time to time my system may ban a human that uses an anonymous proxy.

NOTE: This mod has a 'Don't Ask, Don't Tell' clause. Please don't post telling people what words to ban. We don't need spammers getting around this mod by reading posts telling them what is being filtered.

REQUIREMENTS: In order for the WHOIS function used in this mod to work properly, your server must have OPENSSL installed.


* INSTALLATION *
---------------------
1) Upload the contents of the 'upload' folder to your forum's root.
(If your forum's location is http://www.example.com/forums/, the root is /forums/)

2) Import the product XML file (product-hostusercheck.xml) into the Product Manager in AdminCP.

3) Take some time to set the options in ACP->Settings->Options->Prevent Hostname or Useragent from Registering.

4) Be sure to turn on the mod when setting options in ACP->Settings->Options->Prevent Hostname or Useragent from Registering.



* History (Changelog) *
-----------------------------
1.0.3 (December 12, 2013)
- Fix hostname not being checked under certain circumstances.

1.0.2 (March 1, 2012)
- Fix error on registration page when Useragent or Hostname to ban is blank.

1.0.1 (February 24, 2012)
- Wrong hook being used for one of the plugins.

1.0.0 (January 22, 2012)
- Public Release

Love it! nominated and rated!

Working on 4.1.10

I am using 4.1.3, is it possible for me?

It hasn't been tested with 4.1.3 so I can't answer that.

If you could try it and let us know, I'd appreciate it.

EDIT: I was just able to test it on vB 4.0.7 and it worked, so I would imagine it works on 4.1.3.

Also, when I tested it on 4.0.7 I discovered a wrong hook was in the install file. So, version 1.0.1 has now been uploaded. Please update to that version if you've already downloaded it.

I do no see a pre-defined list of hostnames or useragents provided? It would be helpful to us noobs if you could provide a list to start us off?

I tagged this - looks promising.

There is a reason for that and I state it in the initial post..

But as a hint, two of the more important words are given in the option descriptions.

Also, every site will be different. Not every site will have problems from the same hostname or useragent. If you don't know which hostnames or useragents are giving your site problems, then this add-on is not for you.

after installing it i found this error.

Warning: stristr() [function.stristr]: Empty delimiter in [path]/showthread.php(123) : eval()'d code on line 35

Warning: stristr() [function.stristr]: Empty delimiter in [path]/showthread.php(123) : eval()'d code on line 46

Warning: stristr() [function.stristr]: Empty delimiter in [path]/showthread.php(123) : eval()'d code on line 46

See my post above..

Also, I tested this on vB 3.8.7 and it works there too. :D

which version. and is it for vbulletin version or this mod version. for a clear info let me tell you, i don't want to upgrade vb to higher than 4.1.3 thinking many of the mod will stop working. Please clear your solution. Thanks.

The add-on version. You have version 1.0.0. I uploaded version 1.0.1

Download the file again, and re-install the XML file. Be sure to set the 'Allow Overwrite' to yes when you update.

many thanks.

I had to uninstall this mod due to this issue Registration Page a mess

All you had to do was put something to ban in both the Useragent field and the Hostname field.

The error was because one of those fields was blank.

I'll see about a fix for that soon.

EDIT: Fix released today (version 1.0.2)

Thanks I did not know about that but I have installed the fix now and it works

Can we have this Hack for 3.8 ?

It may already work...

The fact that it worked with 3.8.7 was not expected. If it doesn't already work with earlier versions, I won't be coding for earlier versions of vB.

If you tell them they are blocked from registering, they will know there some detection method involved and find a way to work around it. Why not just have the standard vBulletin message, "The Administrator has Disabled Registration" come up, instead of the gotcha?

This is the same thing, but also allows redirect off-site with no 'gotcha' either:

https://vborg.vbsupport.ru/showthread.php?t=268208

I've been running this for a very long time (as in years) on a few different sites. Nobody has gotten around it yet.

And it's not quite the same as the mod you posted. This one also bans hostnames, which is a HUGE difference that works wonders.

EDIT: The only reason for the 2 updates to this were...
Update 1) I exported from my development server which I forgot was set to a different hook.
Update 2) I never expected anyone to leave a field blank.

I`m missing the upload folder in the download file, is there one or works now without?

I see just the xml and txt file

Sorry about that!

Download it again. I re-uploaded the zip file with the upload folder.

I bet that makes all the difference!

EDIT to ask: Upload the individual files in the "phpwhois-4.2.2" folder? Or just upload the folder itself, to root?

Upload the whole folder 'phpwhois-4.2.2' to the root. Not just the files.

Root
---- phpwhois-4.2.2

Yep that's what I assumed and did, just wanted it clarified for the peeps.

Has anyone got this working for v4.1.12?

It works with 4.1.12.

So it does. :D

Marked as installed. Very neat and very impressive. Thankyou for releasing it.

I'm experimenting with a few registration restriction mods as a means of limiting the incessant spamming from some wannabe revolutionaries on our site (using alt accounts of course... wouldn't want to sully their real identity).

Essentially, I'm wanting to block people from using a proxy at the point of registration (not bothered if they use a proxy to browse or post thereafter), so that they can't maintain their complete anonymity. I know that's an almost impossible task and fraught with difficulty.

I've managed to limit some tor hostnames (in less than an hour) using your mod and that's working well and slowed the problem, but most web proxies don't seem to have an identifiable hostname.

Any advice on how your mod can be used to tackle these, from your experience? Or if I should be looking at another solution to plug that gap, like LordOfWAR_PC's "Registration CIDR/IP" mod?

I've thought about using some port scanning mods as well, but they don't seem surgical enough.

I can't go into too much detail as it would reveal the info to spammers, etc.

But, this does take some work on your end. You'll need to look up the IP owner for those that don't show a hostname. Make note of the NETNAME of the owner. (IE: DARL-TELECOM)

To do this I always start with ARIN and go from there...
ARIN - https://www.arin.net/
RIPE - https://apps.db.ripe.net/search/query.html
ASIA - http://wq.apnic.net/apnic-bin/whois.pl
LATIN AMERICA - http://lacnic.net/cgi-bin/lacnic/whois?lg=EN

There are a couple of others like AFRINIC and Japan, but I don't use those very often.

Then enable Do Whois in the mod and add the netname to hostnames that are banned.

Also keep in mind that no registration should ever come from a 'dedicated server' ip address (such as a 'rackcentre' address). That's a dead giveaway that it's a proxy.

not working for me (vBulletin 4.2.0 Patch Level 2) help me !!

It does work on 4.2 PL2.

Make sure you've turned it on in ACP->Settings->Prevent Hostname or Useragent from Registering. And make sure you're entered the hostnames and useragents you want banned.

this is an image..

http://windos.me/test/pm-7RWQ.html

rtrtr.com is neither a hostname or a useragent it is a TLD name.

If that is what is showing in the hostname or useragent in who's online, then just put rtrtr in the hostname or useragent box.

Does this support wildcards? For example if I want to block any hosting ending with .ru, will this allow me to do it? Or will it wind up blocking things like 123.rummy.au ? Pretty important to know!

If you ban ru, rummy will be banned.

I suggest using the full useragent or hostname minus any TLD extension such as .ru, .com, etc.

I see, but I may *WANT* to ban something line .ru or .cn from registering.. That could be very effective for me. :) Seems to me it's just an issue of how the wildcards are set up (if the program accepts them, etc)..

This mod is not to ban TLDs.

What you enter is automatically wildcarded. That is why you can't enter .ru and expect .rummy not to be banned.

From the settings screen for the mod..

The same holds true for useragents.

EDIT:

As an example, let's use googlebot.
It has a hostname of..
So, all you would enter is googlebot in the hostname setting. Then all hostnames that have 'googlebot' in them will be banned from registering no mattter what else in in the hostname.

Thanks for your responses... Is there anyway for me to easily modify the code so that it only looks at the last part of the hostname? I've ok with PHP editing.

Is there a log in vbulletin somewhere that shows the useragent (and not who's online because I'm not online all the time)? Or do we have to go digging through raw http log files?

Thank you!!

Again, this is not a mod to ban TLDs.

All of the code is in the plugins for the mod. However, I will not assist in changing the code for what you want to do. That is not the purpose of this mod.

You will need to look through your http logs. There's no log in vB of hostnames or useragents.

Nice mod, thank you for releasing and your continuous work on it.

I have not downloaded/tested it yet, but I've got one little question; is it possible to like edit the message that will be shown once a username/hostagent has been blocked?

Basically, like you mentioned, it wouldn't be too bad if an occasional human would be prevented from registering. But if it would happen often, for example if you choose to prevent people using proxies when registering (but fine when browsing), the message could show something along the lines of "If you are trying to register and feel you are wrongfully being blocked, feel free to message support[at]host[dot]com"?

In the above case, you're not immediately allowing people to register anyway and can verify a 'legitimate' user by the correspondence with him/her. At least, that's what I'm thinking :).