Check Proxy RBL on New User Registration
 

The following mod was removed due to security concerns (please do not reveal any specific security holes in this thread).

Check Proxy RBL on New User Registration.
https://vborg.vbsupport.ru/showthrea...hreadid=131852

As it had 173 installs and was vital to reduce spam for many forums, I'm sure many of you are wondering what is next. I was surprised a thread about this didn't already exist.

Since the original mod thread was closed (???) I thought this could be the place to discuss alternatives or how/when the mod might be patched.

MANY forums were using this mod to greatly reduce spam and have no viable alternative (captcha/nospam only works for bots -- much spam is now coming from humans in China/etc). Perhaps this could spur development of a new/better mod or someone to offer to patch it. I thought about writing something using a mod alongside project honeypot. Project Honeypot seems to be a lot more accurate for forum type spam -- though it isn't available without registration.

-vissa

Why not just use the akismet mod coupled with a promotion strategy.

Thank you. Very interesting mod I never noticed before (it says its 3.5x, but posts say it works with 3.6x) . I'll have to check it out. What do you mean by "coupled with a promotion strategy?"

This is one reason why I created this thread -- some useful info for those of us looking for spam solutions.

-vissa

you move all existing users with more than 1 post to a usergroup called registered promoted or what ever you want. then set up the registered usergroup with limited permissions and to be monitored by akismet. Make it so they have to make like 5 posts to be promoted to the second usergroup.

This will contain your spam sign ups, monitor them and give them reduced privileges such as not b3eing able to edit their posts, or having reduced number of PM's etc.

I'd rather prevent them registering at all...

Agreed. Just returned from holiday to find one of the most important hacks removed.
It blocked most of our spam - which was several every day. It's so important.
Do the rules prevent someone from fixing it?

People may fix insecure mods (assuming they know what the problem is of course) but they cannot release the fix themselves, it must be posted (by staff, in the main post) as either a find/replace file, or as a fixed full copy - the same as if it had been fixed by staff.

I would like to know why it was specifically removed, so I can make a much more informed decision, rather than question whether or not it's really insecure. Having it removed due to unspecified security concerns, and not even allowing others to post a fix, is extremely bad policy in this day of age.

If we used that general of a reason for everything, I wouldn't be using vBulletin at all. In fact, the saving grace with vBulletin itself is at least they publish their security issues, and either advise on additional action, or issue a patch/new version.

d8tabyte's suggestion wouldn't work for us, given that we can't have someone monitoring registrations 24/7. In fact, the moderators and I we have were getting burnt out on dealing with the advertising that was posted by spambots. That is why we started to employ the blacklist, with great success.

Sorry, but I desperate need that mod. I once installed it but then uninstalled it, but it seems that there are some leftover codes somewhere that has been continuing to place registering members on the moderation list. Unless I get the original code, I won't be able to revert the changes done to my forum.

Anyone who still kept a copy of it, please send me a copy. I'm seriously in need of it.

It's surprise for me two. I'm using this plug-in & I don't download the last 4.0 update.
Where can I download this update? Can anybody help?