[The Finman]

Quote:

First, I appreciate the update, I'll give it a try as soon as I get a chance.

How about this idea:
It could come, preconfigured, with a good number of common SBLs. For each of these, the admin has the ability to choose open proxies, spammy servers, dial-up networks, etc etc. Additionally, give the ability to add their own SBLs with their own options for matching against there.

I think it might give many admins a false-sense of accomplishment once they install this and start blocking lord knows what, but believe that they're only bad things (The plugin name says block proxies, but in reality it is blocking far more than just proxies). It's widely known that large American broadband networks are responsible for a great deal of spam, and a good number of these block-lists include those subnets. I'm afraid of doing a disservice to the users if we choose to just blindly block everything. I think that for this plugin to truly be successful, the admin should be able to finely tune what is and isn't blocked. If you've got a forum with tens of thousands of users, with hundreds of signups a day, whitelisting things would be almost certainly unmaintainable.

As for trolls and whitelisting, how are you going to know if someone is a troll or not before they've even posted anything? What indicators should be used to go ahead and whitelist one IP over another? I think that in order for our individual communities to grow, it's like dealing with spam in that it's important that we make sure that all the good guys can get in, even if that means some cruft gets in on occasion. I'd rather ban 2 or 3 trolls a month, than waste my time trying to figure out if 233.44.23.XX is going to be a troll or not, over and over and over again.

You know, I had the exact same concerns when I first installed this hack almost a month ago, and I have carefully examined EVERY alert.

I would take the IP address and I would go over to DnsStuff.com and run it through WHOIS and the Spam Database Lookup, to get a clearer picture of who or what was trying to register.

I run a 10,000+ member board and the only IP denial from the RBL Checker I have ever recieved that was questionable, was an IP address that was of a grade school that that was apparently running a proxy. However the DnsStuff.com Spam Database Lookup had multiple reports from the many various spam moniter services that tended to indicate that even if if the school was legit (as it seemed to be), what the school's proxies had been used for apparently wasn't. It's very possible that the schools proxy servers may have been infiltrated and they were being abused without the school even being aware of it.

I also modified the xml file to include a link to the "Contact Us" section of the board I run.

I haven't had anyone contact me except for the troll for which I primarly installed it for...and yes, he was hoping mad that he couldn't get back in using the rotating proxy software he had been able to use to bypass our ban. He literally spent almost two days of what seemed like non-stop trying. That is why I asked Daniel to be able to change the notification system from PMs to a thread (preferably in the private forum for Mods & Admins) notification, as some of my Mods that aren't always around were having their PM boxes filled to the brim, as it took this idiot several days to finally give up.

I actually figured that once I got rid of him that I would disable it...until if I got another problem poster using proxies to bypass our ban again.

Anyway, like I said I monitored the alerts very closely, and from that most of the blocked IPs were from places like India, China, Brazil, Hungary, Saudi Arabia, Russia Etc. Now then you may have members from those countries, but out of our 10,000+ members...none of ours that are legitimate are from those countries. Could there be?...of course, but very doubtful. Now I have several alerts a day from those countries as they are spam bots who normally made it to the Captcha system before getting denied. The Proxy RBL checker now was stopping them at the front door instead, thus triggering an alert.

Also, seeing the sheer amount caused by spam bots was also a real eye opener, as since the new vBulletin 3.6+ version we haven't been getting many spam bots as the new Captcha system has made a big difference.

Anyway, even though it was interesting seeing just how many spam bot attempts were actually made, it was starting to get annoying which is also why I'm glad that Daniel moved the RBL checker back a little bit to "register_addmember_process", thus allowing the Captcha system to deny them...thus cutting down on the alerts.

Anyway, like I said I only installed this mod because of a very determined troll who was using rotating proxies to get back in. I was having to go into either the AdminCP or the server itself (to access my .htaccess forwarding to another place based on IPs) two or three times a day to add whatever new proxy address he was using. It was a real "cat and mouse" game, as I woud block him and then he would simply switch IPs and re-register and not only was it annoying, but it was taking up a good bit of my time, as I had to verify that the IP was a proxy or spam IP, and then login to the either the AdminCP or the .htaccess file on the server to ban that IP. Once I got rid of him, I planned to disable this mod, but I decided to leave it on (mostly if he back) and monitor it closely. With that one questionable denial, the other have been shown to be either spam or proxy registration attempts.

I think the changes in this updated version of the RBL checker will really give Admins the necessary controls to be either agressive or leniant in the registration process.

I suggest people who are skeptical like I was, to try it and monitor it and verify the registration information against WHOIS, known proxy and spam lists (such as those at DnsStuff.com). If after examinning the RBL Checker Alerts, you think that legitimate users are being denied, then either disable it (like I had planned to do) or simply uninstall it.

I honestly am not trying to be a cheerleader for Daniel or this mod, but I think this approach on an old problem is fresh and unique (I also like Paul M's Real IP Detection for a 1, 2 punch).