XF 1.5 DNSBLs

PaulB

PaulB

Well-known member
In XenForo_DnsBl, the necessary code for three blacklists exists:
  • Spamhaus
  • Tornevall
  • Project Honey Pot
The method for Spamhaus isn't referenced anywhere, so that leaves Project Honey Pot and Tornevall. This is what the control panel says on those:

1528356885449.webp

Looking at the code, that description is kinda-sorta accurate. Here's what that looks like, in friendly table form:
Code: 
╔═══════════════════╤═══════════════╗
║     Enabled?      │ DNSBL Queried ║
╟─────┬───────┬─────┼───────┬───────╢
║ SFS │ DNSBL │ PHP │ Tnvl  │ PHP   ║
╠═════╪═══════╪═════╪═══════╪═══════╣
║ No  │ No    │ No  │ No    │ No    ║
║ No  │ No    │ Yes │ No    │ No    ║
║ No  │ Yes   │ No  │ Yes   │ No    ║
║ No  │ Yes   │ Yes │ Yes   │ Yes   ║
║ Yes │ No    │ No  │ No    │ No    ║
║ Yes │ No    │ Yes │ No    │ No    ║
║ Yes │ Yes   │ No  │ No    │ No    ║
║ Yes │ Yes   │ Yes │ No    │ Yes   ║
╚═════╧═══════╧═════╧═══════╧═══════╝

That means Tornevall is only queried if SFS is disabled. Is that intentional? It seems to be, but it's kind of odd. Also, Tornevall doesn't have a privacy policy, so it can't possibly be GDPR-compliant.

If Stop Forum Spam is enabled, only Project Honey Pot can be queried. The DNSBL toggle is exclusively for Project Honey Pot, which doesn't seem all that intuitive. If not Project Honey Pot key is provided, then the DNSBL toggle has no effect.

Am I understanding this correctly? Is this behavior intentional?
 
Sort by date Sort by votes
As a side note, both Tornevall and Project Honey Pot seem to be in pretty bad shape. PHP doesn't even support login over HTTPS at the moment, which is a red flag. Stop Forum Spam appears alive and well.
 
Upvote 0 Downvote
SFS shares data with Tornevall so we only need to query that if SFS is disabled.

That checkbox in options by the way will disable all DNSBL checks.
 
Upvote 0 Downvote
Got it, thanks. The DNSBL checkbox doesn't seem to disable SFS, though I don't think XF queries that via DNS, but rather HTTP. (They do have a DNS interface, I believe.)
 
Upvote 0 Downvote
That's correct, the SFS integration is entirely through their HTTP API and you can only enable/disable it using the "Stop Forum Spam" option.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

B
  • Question Question
XF 2.2 StopForumSpam has stopped working
Replies
5
Views
930
FTL
FTL
Ricsca
  • Solved
XF 2.2 Xenforum automatically subscribed to StopForumSpam?
Replies
16
Views
930
Ricsca
Ricsca
Black Tiger
  • Solved
[Solved] Ban user and report to stopforumspam and sometimes remove posts
Replies
6
Views
735
Black Tiger
Black Tiger
benFF
[FF] StopForumSpam Flag Selector
Replies
8
Views
835
creativeforge
creativeforge
Hall of Famer
  • Question Question
XF 2.2 Prevent registrations of 'Stopforumspam' IPs?
Replies
3
Views
832
Paul B
Paul B
Top Bottom