[TAC] Stop Country Spam

[TAC] Stop Country Spam [Paid] 3.1.5

No permission to buy ($19.00)
Is anyone running this on 1.4.x?

I'm getting fed up with Vietnam & Pakistan based human spammers at the moment. I already have a license, just never installed it.
I've answered my own question and installed it. Seems to be working fine as far as I can tell without taking a flight to either Vietnam or Pakistan!
 
So this has been great so far practically eliminating SPAM accounts being created.

However checking the logs today this came up - is this blocking Facebook sign ups as it thinks it's a proxy? Or was someone using a proxy, and using the the Facebook sign up legitimately?

EDIT: The IP address shown is a Tor exit router, so I'm guessing whoever it was is trying to maintain online anonymity

upload_2014-10-12_13-59-53.webp
 
It's looking quite likely it was a spammer trying to mask their IP with a proxy:
http://www.stopforumspam.com/ipcheck/5.9.158.75

Thats not to say all proxies will mean "spam", so use with caution. Some people don't even know they are using a proxy.
Some ISPs in certain countries will even use transparent proxies, but for the uk it's not that common

There's a list of options for which proxies types you can allow through / prevent. I would keep an eye on it

These are the transparent proxies you can turn on / off


  • Block Transparent Proxy Header: HTTP_VIA
  • Block Transparent Proxy Header: HTTP_X_FORWARDED_FOR
  • Block Transparent Proxy Header: HTTP_FORWARDED_FOR
  • Block Transparent Proxy Header: HTTP_X_FORWARDED
  • Block Transparent Proxy Header: HTTP_FORWARDED
  • Block Transparent Proxy Header: HTTP_CLIENT_IP
  • Block Transparent Proxy Header: HTTP_FORWARDED_FOR_IP
  • Block Transparent Proxy Header: VIA
  • Block Transparent Proxy Header: X_FORWARDED_FOR
  • Block Transparent Proxy Header: FORWARDED_FOR
  • Block Transparent Proxy Header: X_FORWARDED
  • Block Transparent Proxy Header: FORWARDED
  • Block Transparent Proxy Header: CLIENT_IP
  • Block Transparent Proxy Header: FORWARDED_FOR_IP
  • Block Transparent Proxy Header: HTTP_PROXY_CONNECTION
 
I can't seem to get this to work. I've selected India as a country to blacklist and have filled in JSON Request with "http://freegeoip.net/json/{$ip}" and Index Name with "country_code" but spambots from India are still registering and spamming no problem. Nothing is showing up in the StopCountrySpam Log. Any ideas?

I'm using v 2.2.09 on Xenforo 1.4.1
 
Previously "Log events", "Do not log duplicate emails", "Do not log duplicate usernames" were all checked. I've just unchecked "Do not log duplicate emails", "Do not log duplicate usernames". Waiting a while to see if anything shows up.
 
I haven't tested this with 1.4, in all honestly, since some of the TAC spam plugins we're Incorporated into the core, I wasn't planning to look into it for a while (quite busy)

See:
Not for a while, I'm working full time at the moment.
I've basically made no return on existing plugins and have to keep a roof over my head (lost about 10K taking 1-2 years to develop them),
The anti-spam methods are slipping into the core (so there will be no money for me for future development), and this plugin rarely gets purchased, so as such I'm now working full time.

I have no issues with xenforo incorporating plugins / methods into the core (in fact, it's a good idea in some areas), and I've gained quite a lot of Zend experience (which has helped get my current job), but it's at an economical loss if doing full time.

I'll update plugins, but it could be some time in the future.
Fixing bugs when I can, but that's about it at the moment.

Since I don't have time to see if this is a 1.4 issue at the moment (it's quite possible, since the registration area was changed), let me know your paypal id and I'll refund you
 
I purchased and installed earlier in the week and it appears to be working... though it's not catching Pakistan spammers using the IP starting at 39.xx - not sure if using a different location database service would help there...
 
I see you have many spam add-ons. But i have a question.

Do you have an add-on where a guest from a certain country registers and it automatically goes to the moderation queue.


The problem is i am getting some spam from the same person every month. He is from vietnam. I don't want to block vietnam but instead i want any ip that registers from vietnam to be sent to the moderation queue. So i would recieve an email saying someone from vietnam registered and i have to approve his account.


thanks
 
It's looking quite likely it was a spammer trying to mask their IP with a proxy:
http://www.stopforumspam.com/ipcheck/5.9.158.75

Thats not to say all proxies will mean "spam", so use with caution. Some people don't even know they are using a proxy.
Some ISPs in certain countries will even use transparent proxies, but for the uk it's not that common

There's a list of options for which proxies types you can allow through / prevent. I would keep an eye on it

These are the transparent proxies you can turn on / off


  • Block Transparent Proxy Header: HTTP_VIA
  • Block Transparent Proxy Header: HTTP_X_FORWARDED_FOR
  • Block Transparent Proxy Header: HTTP_FORWARDED_FOR
  • Block Transparent Proxy Header: HTTP_X_FORWARDED
  • Block Transparent Proxy Header: HTTP_FORWARDED
  • Block Transparent Proxy Header: HTTP_CLIENT_IP
  • Block Transparent Proxy Header: HTTP_FORWARDED_FOR_IP
  • Block Transparent Proxy Header: VIA
  • Block Transparent Proxy Header: X_FORWARDED_FOR
  • Block Transparent Proxy Header: FORWARDED_FOR
  • Block Transparent Proxy Header: X_FORWARDED
  • Block Transparent Proxy Header: FORWARDED
  • Block Transparent Proxy Header: CLIENT_IP
  • Block Transparent Proxy Header: FORWARDED_FOR_IP
  • Block Transparent Proxy Header: HTTP_PROXY_CONNECTION

Which of these would you say is "safe" to turn on if you want to be really careful about false positives? None?

Went through my logs and found a couple of false positives, that I'm pretty sure are not spam bots.

Example:
Code:
Registration Blocked: Via actionIndex() User blocked from registering, Proxy detected
49 minuter sedan
IP Address: 85.230.47.66
Proxy Details: 1Proxy Headers Found: $_SERVER[HTTP_X_FORWARDED_FOR]: 85.230.47.66
Request URL
http://ip2country.sourceforge.net/ip2c.php?format=JSON&ip=85.230.47.66
Request Response
{ip: "85.230.47.66",hostname: "c-422fe655.30469684-0-646f63736973.cust.bredbandsbolaget.se",country_code: "SE",country_name: "Sweden"}
Country Code Index
country_code
Country Code Detected
SE
 
Last edited:
I love this concept and am considering purchase. One item that would help convince me to purchase is an addon I was considering creating that should be nothing to complete for this interesting addon -- country names for every new account registered based upon their IP. So when I search users to see who has registered during the past week, I would love to see the country name in the list of results as a column instead of having the IP address hidden for each account. This way I could tell at a glance if users are getting through and what countries they seem to be registering from.

I've had a ton of registrations this past week. I know we are an extremely popular site and that our cult is growing... especially in Pakistan.
 
OK, purchased and installed on Sunday but cannot get it to work on 1.5. PM sent here to the resource author, no response. PM sent to the admin account which welcomed me on the site I was redirected to for purchase, no response. I know it's only £12 but having picked the paid version over the free version, I would hope for some sign of life @tenants :rolleyes:
 
Cool... perhaps you can help then please? When it blocks a country, say one that's NOT on the whitelist, should it prevent the registration page from appearing at all? If I only whitelist some remote country to test, it still lets me see the registration page despite my IP being from the UK.

There's nothing in the logs to say it's having problems.

Also, what settings do you use for the JSON queries? I can't get this to work based on any in the author's forum. I'd love to see the settings for a working installation (PM this if you like).
 
Done some more tinkering, just to rule out the appearance of the registration form being indicative of this not working. I set a whitelist and ticked Aarland Islands only, so it should exclude me as coming from the UK. I cut and past the JSON details from a post above which is the same as one of the ones in the author's forum (which I had already tried). It showed me the registration form and let me register :( Nothing at all in the logs.
 
Two weeks later... still no response whatsoever from the add-on author, here or on their own forum.

PayPal has ruled in my favour and given me a refund.

I understand when authors no longer want to support their products, it happens, but to still take payment surely is just plain wrong? Then no response to messages here or on their own forum, or any response to a PayPal complaint then escalation to a dispute.
 
Top Bottom