vb.org Archive - View Single Post - Blocking foreign country IP ranges to stop registration spam

Keith · #1 11-18-2012, 01:34 PM

This week there's been an enormous amount of registration spam (100+ per hour), so I took the following steps:

1. I turned on the registration moderation with manual approval, the system sends me an email when a new registration comes through.

2. I have always had human verification turned on, with simple questions/answers, including math problems. So yesterday I eliminated the math related questions, and further customized the Questions/Answers to be more applicable to the content topic of our site. Meaning, if we're running a gardening site, the QA pertains to gardening.

3. Valid email verification has always been turned on and remains active.

As a result, moderation emails telling me to look at a new registration request have been reduced dramatically since I changed the Questions/Answers, but a few still get through and placed in the moderation queue before I do in and delete them. The Who's Online screen indicates they're still trying to register or scanning over my site.

When I look at the VB Who's Online, I'm seeing IP addresses like the following, some indicate they're using a proxy or some other method like a vpn to spoof location in the US.:

18.177.76.217.akado-ural.ru (by example - resolves to an IP in Boston, MA)
127-254.nwlink.spb.ru
dynamicip-176-214-33-177.pppoe.spb.ertelecom.ru
host224-180-109-176.lds.net.ua
139.static.118-96-211.astinet.telkom.net.id

Our site is entirely local based, at the State level. Unless one of our existing members is traveling on business outside the US, there would be very few reasons for someone else in a foreign country to register or post.

So is there a way to look at the location in this same manner, and block any location ending in .ru or .ua or .id by example? I don't think I can do this in htaccess, and thought maybe there's a VB hack available to do it by looking at the end of the IP as it appears in the Who's Online list?

I'm reading up on all the anti spam hacks, but haven't found something related specifically to blocking by those last two country letters. Thanks in advance for any guidance on this particular question.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01133 seconds Memory Usage 1,766KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: