• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Lack of interest Block user from registering based on country code

Jesepi

Well-known member
#1
I would like to have support in xenforo to block visitors from specific countries from registering on my forum. Supplying a list of country codes to block at the time of registration would be wonderful.

http://www.php.net/manual/en/function.geoip-country-code-by-name.php

Blocking only at the time of registration would be much more lightweight on my server then adding massive blocks of addresses to my iptables configuration. I don't care if they browse my site, just the ones registering to spam need to be stopped in their tracks. Obviously proxies and whatnot can bypass this, but the bulk of the spammers hitting my site are not hiding where they are coming from.

This would require the geoip module to be installed, but I believe it is a pretty common thing to have already installed due to things like awstats using it.
 

Jesepi

Well-known member
#2
To elaborate on this feature further after thinking about it, perhaps outright blocking is a bit too limited. Having an option to place all "questionable" registrations based on country code into a queue to be reviewed by moderators/admins might be a good option to add to this feature if it was ever added.
 

Jesepi

Well-known member
#4
This is what I am trying to avoid. I already said I wanted to avoid using iptables for huge blocks of addresses, which is what your suggestion would be doing.
 

robdog

Well-known member
#8
Exactly what he didn't ask for.

It has a massive list of IP tables:

Code:
2.16.0.0/13
46.31.72.0/21
46.33.64.0/19
46.102.0.0/16
51.0.0.0/8
62.25.64.0/18
62.25.128.0/17
Really???

Lets get a quote from his original post which is what I responded too:
I would like to have support in xenforo to block visitors from specific countries from registering on my forum. Supplying a list of country codes to block at the time of registration would be wonderful.
I bolded the important part so you could see it was EXACTLY what he asked for in his original post.
 

Chris D

XenForo developer
Staff member
#9
Really???

Lets get a quote from his original post which is what I responded too:


I bolded the important part so you could see it was EXACTLY what he asked for in his original post.
Likewise:
This is what I am trying to avoid. I already said I wanted to avoid using iptables for huge blocks of addresses, which is what your suggestion would be doing.
 

Chris D

XenForo developer
Staff member
#11
Kudos for the find though - could easily be customised to do what he wants. Just needs to change it so the country code is fetched from that web service I posted instead of the massive static list included.
 

Arty

Well-known member
#12
I think this is a bad suggestion that should never be implemented in forum software and a horrible way to combat spam. Find other methods to combat spam.

In hands of clueless forum admin (which in my opinion will be 99% of people using such feature), it will block legitimate users from many countries that forum admin have never heard of.

Typical administrator logic: someone from IP 82.131.96.115 posted several spam messages. Administrator will check IP, see that it belongs to Estonia. Chances are, he never heard of such country, so he doesn't care about users from there and blocks whole country.

As a result of such behavior, people from small countries will be victims, they will blame it on XenForo for allowing forum admins to do such thing and XF might lose some customers.
 
#13
To clarify something: when the OP said he didn't want to use iptables, he was referring to the program called iptables which is the standard linux firewall (he was replying to a post mentioning CSF, which is a GUI/manager for the iptables firewall made for cPanel/WHM).

Using a list of IP addresses to block countries is in fact what all of the geolocation services are doing in the background, as it is possible to know from what country an IP originates by knowing which IPs are allocated to which countries. Additionally, there are reasons to block countries from being able to register/post on a board -- for example, if your site offers a product or service with country restrictions placed upon it (such as how it is against cPanel's Terms and US export restrictions to offer cPanel hosting to countries such as Iran and North Korea, so it might be understandable if a startup hosting company using cPanel would wish to disallow users from those countries from registering). However, if this isn't the case, I'd generally agree with Arty in that you should pursue alternative mechanisms to block spammers, such as StopForumSpam.
 

tenants

Well-known member
#15
StopCountrySpam might be useful: http://xenforo.com/community/resources/stopcountryspam-spam-combat.1016/

It does a look up for the country code at the time of registration (it uses the IP to look up the country code from external database .. which can be defined by you, and looks at the JSON response)

An on the fly look up makes sure you are not using an old IP address association that is no longer associated to the same location (as long as you point the plugin to an up-to-date external DB)

I've also provided links to lots of external sites that will alow you to use their JSON response for country look ups, see here

Supports white list / black list options

Supported by me, let me know if you need it to do anything else

Useful for local community forums (where the conversation is expected to be local only), but this plug-in may not be for everyone.

- This is good for stopping manual spammers from know countries (not all use proxies), but many people who use bots will use proxies, so keep that in mind
 
#16
to tenants
Disclaimer: This plugin allows a mechanism to use a third party geolocation database via a JSON request to prevent registration. The location of the JSON request is definable by you via the Admin Control Panel, free examples of such sites are mentioned in the discussion
I am looking for a complete solution.
 

Jeremy P

Well-known member
#17
to tenants

I am looking for a complete solution.
Well, the GeoIP database changes.. which is why a 3rd party service makes sense. If you want it to be completely self-hosted you'd have to download a copy of the GeoIP database and keep it updated constantly. That's not something XF can really implement.

If you want a self-hosted solution and run your own server, you could install a geoip package from your package manager and configure nginx/apache to use it. Otherwise I don't see it as a good option.
 
#19
Well, the GeoIP database changes.. which is why a 3rd party service makes sense. If you want it to be completely self-hosted you'd have to download a copy of the GeoIP database and keep it updated constantly. That's not something XF can really implement.

If you want a self-hosted solution and run your own server, you could install a geoip package from your package manager and configure nginx/apache to use it. Otherwise I don't see it as a good option.
"Сonfigure nginx/apache to use it" is too bad option at all. I want to prevent registration from "spammers country" only. Nothing else. It's so easy! Xenforo disappointed me...