XF 1.5 DNSBLs

PaulB

PaulB

Well-known member
In XenForo_DnsBl, the necessary code for three blacklists exists:
  • Spamhaus
  • Tornevall
  • Project Honey Pot
The method for Spamhaus isn't referenced anywhere, so that leaves Project Honey Pot and Tornevall. This is what the control panel says on those:

1528356885449.webp

Looking at the code, that description is kinda-sorta accurate. Here's what that looks like, in friendly table form:
Code: 
╔═══════════════════╤═══════════════╗
║     Enabled?      │ DNSBL Queried ║
╟─────┬───────┬─────┼───────┬───────╢
║ SFS │ DNSBL │ PHP │ Tnvl  │ PHP   ║
╠═════╪═══════╪═════╪═══════╪═══════╣
║ No  │ No    │ No  │ No    │ No    ║
║ No  │ No    │ Yes │ No    │ No    ║
║ No  │ Yes   │ No  │ Yes   │ No    ║
║ No  │ Yes   │ Yes │ Yes   │ Yes   ║
║ Yes │ No    │ No  │ No    │ No    ║
║ Yes │ No    │ Yes │ No    │ No    ║
║ Yes │ Yes   │ No  │ No    │ No    ║
║ Yes │ Yes   │ Yes │ No    │ Yes   ║
╚═════╧═══════╧═════╧═══════╧═══════╝

That means Tornevall is only queried if SFS is disabled. Is that intentional? It seems to be, but it's kind of odd. Also, Tornevall doesn't have a privacy policy, so it can't possibly be GDPR-compliant.

If Stop Forum Spam is enabled, only Project Honey Pot can be queried. The DNSBL toggle is exclusively for Project Honey Pot, which doesn't seem all that intuitive. If not Project Honey Pot key is provided, then the DNSBL toggle has no effect.

Am I understanding this correctly? Is this behavior intentional?
 
Sort by date Sort by votes
As a side note, both Tornevall and Project Honey Pot seem to be in pretty bad shape. PHP doesn't even support login over HTTPS at the moment, which is a red flag. Stop Forum Spam appears alive and well.
 
Upvote 0 Downvote
SFS shares data with Tornevall so we only need to query that if SFS is disabled.

That checkbox in options by the way will disable all DNSBL checks.
 
Upvote 0 Downvote
Got it, thanks. The DNSBL checkbox doesn't seem to disable SFS, though I don't think XF queries that via DNS, but rather HTTP. (They do have a DNS interface, I believe.)
 
Upvote 0 Downvote
That's correct, the SFS integration is entirely through their HTTP API and you can only enable/disable it using the "Stop Forum Spam" option.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

E
  • Question Question
XF 2.2 StopForumSpam and DNSBL checks for guest posts
Replies
2
Views
98
EchoRomeo
E
VisEntities
  • Question Question
XF 2.3 Should I Allow a User Flagged by StopForumSpam to Register?
Replies
4
Views
66
apathy
apathy
BasilFawlty
  • Question Question
XF 2.2 StopForumSpam matched (email) but not found when searching StopForumSpam
Replies
2
Views
48
Chris D
Chris D
BasilFawlty
Exponential incease in "StopForumSpam" registrations
Replies
2
Views
52
BasilFawlty
BasilFawlty
B
  • Question Question
XF 2.2 StopForumSpam has stopped working
Replies
5
Views
935
FTL
FTL
Back
Top Bottom