XF 2.3 Discourage countries by IP

[JackieChun]

Lately there has been an increase of spam from certain countries, and the solution I've been using has always included adding the offending subnet to the 'discouraged' list. I'm also aware of the following add-ons:

Country Registration Ban by @Ozzy47
Country access check by @AndyB
Geoblock Registration by @Sim

When you block a spammer's registration, he realizes it's probably due to an IP block, connects to a VPN, and proceeds to spam. I think a savvier solution would be to discourage IPs from specified countries. That would make spammers not only unable to register or post but cause frustration and waste spammer resources, with most human and bot spammers not realizing what's actually happening. Does anyone know of a good way to implement this?

 

[Sim]

Most spam we get is automated - or at least the registration part of it is. Discouragement wouldn't have much impact in that case.

I doubt it would have much impact on a human trying to post spam either. They're already going to the trouble to get past any barriers you put in place, dealing with a "flakey" system is unlikely to slow them down much in my opinion.

 

[JackieChun]

Human spammers in India and Bangladesh get paid per hour. A site that makes these workers waste time would get crossed off their list, and they'd move on to the next site. In practice, manually discouraging IPs has worked really, really well. That's why I want to take it to the next level and start discouraging preemptively.

 

[Paul B]

Use cloudflare.

 

[JackieChun]

Use cloudflare.

Again, I don't want to block those IP ranges. I want to discourage them.

 

[digitalpoint]

Again, I don't want to block those IP ranges. I want to discourage them.

You could discourage them by using Cloudflare to present every page view with a captcha they need to first solve before viewing the page. That would be annoying.

 

[JackieChun]

What I'm proposing is a superior solution, because:

1. It uses XenForo's excellent, built-in 'discourage' feature

2. It doesn't leave us dependent on a benevolent tech giant. Yes, CloudFlare is excellent, free, and growing bigger every day, which only makes it more likely to turn "evil" and/or expensive in the future, as often happens.

3. It casts a wider net and is more effective against both human and bot spammers

Right now, spammers usually act in this order:
- A person uses a U.S. or European VPN to register for the forum
- He then uses his local Bangladeshi IP to log in and post spam
- CloudFlare denies him
- He uses VPN again, logs in successfully, posts the spam, and leaves.

Instead, it could go like this:
- A person uses a U.S. or European VPN to register for the forum
- He then uses a Bangladeshi IP to log in and gets flagged with a XenForo 'discouraged' flag
- He can't figure out why the site keeps timing out on him
- He either gives up or tries using VPN again
- Because his account is already flagged, he will still fail, even if logged in from a clean IP
- Game over for this spammer

TL;DR Layered deterrence works better than clearly marked obstacles for human spammers and many bots.