TPU: Detect and Block Spam Registrations 1.6.6

[popr]

I keep getting "country detected: XX" even though the country is obviously detected in the "AS." Is there a fix for this or something I need to add to my server? Please see example below. Note the Z's are to hide their real identity.

@W1zzard can you please take a look at the above issue. Any idea why the country always reports as XX on my system? Thank you.

 

[W1zzard]

@W1zzard can you please take a look at the above issue. Any idea why the country always reports as XX on my system? Thank you.

http://ip-api.com/json/184.71.zz.zz
http://api.hostip.info/country.php?ip=184.71.zz.zz

Does this work? don't forget to replace your zz's

fetch these from your server

 

[popr]

http://ip-api.com/json/184.71.zz.zz
http://api.hostip.info/country.php?ip=184.71.zz.zz

Does this work? don't forget to replace your zz's

fetch these from your server

This is what I get... ip-api.com appears to work, but not api.hostip.info.
( used random numbers for the last 2)

[root@a t]# wget http://ip-api.com/json/184.71.55.21
--2016-02-25 04:19:34-- http://ip-api.com/json/184.71.55.21
Resolving ip-api.com... 162.250.144.215
Connecting to ip-api.com|162.250.144.215|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 299 [application/json]
Saving to: “184.71.55.21”
100%[===================================================================================================================================>] 299 --.-K/s in 0s
2016-02-25 04:19:35 (81.2 MB/s) - “184.71.55.21” saved [299/299]

[root@a t]# cat 184.71.55.21
{"as":"AS6327 Shaw Communications Inc.","city":"Calgary","country":"Canada","countryCode":"CA","isp":"Shaw Communications","lat":51.0419,"lon":-114.2,"org":"Shaw Communications","query":"184.71.55.21","region":"AB","regionName":"Alberta","status":"success","timezone":"America/Edmonton","zip":"T3H"}[root@a t]#

[root@a t]# wget http://api.hostip.info/country.php?ip=184.71.55.21
--2016-02-25 04:20:48-- http://api.hostip.info/country.php?ip=184.71.55.21
Resolving api.hostip.info... failed: Name or service not known.
wget: unable to resolve host address “api.hostip.info”

http://api.hostip.info/ also does not resolve from my own computer's browser.

 

[eva2000]

Whoops my mistake

 

[popr]

@W1zzard

This is what I get... ip-api.com appears to work, but not api.hostip.info.
( used random numbers for the last 2)

[root@a t]# wget http://ip-api.com/json/184.71.55.21
--2016-02-25 04:19:34-- http://ip-api.com/json/184.71.55.21
Resolving ip-api.com... 162.250.144.215
Connecting to ip-api.com|162.250.144.215|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 299 [application/json]
Saving to: “184.71.55.21”
100%[===================================================================================================================================>] 299 --.-K/s in 0s
2016-02-25 04:19:35 (81.2 MB/s) - “184.71.55.21” saved [299/299]

[root@a t]# cat 184.71.55.21
{"as":"AS6327 Shaw Communications Inc.","city":"Calgary","country":"Canada","countryCode":"CA","isp":"Shaw Communications","lat":51.0419,"lon":-114.2,"org":"Shaw Communications","query":"184.71.55.21","region":"AB","regionName":"Alberta","status":"success","timezone":"America/Edmonton","zip":"T3H"}[root@a t]#

[root@a t]# wget http://api.hostip.info/country.php?ip=184.71.55.21
--2016-02-25 04:20:48-- http://api.hostip.info/country.php?ip=184.71.55.21
Resolving api.hostip.info... failed: Name or service not known.
wget: unable to resolve host address “api.hostip.info”

http://api.hostip.info/ also does not resolve from my own computer's browser.

http://api.hostip.info/ does not resolve from my server but ALSO does not resolve from my own computer's browser. It looks like it's down or their dns is down.

 

[Zynektic]

Due to the username thing with XF by default and SFS I have disabled that in the Spam Management options and giving this a try due to the great reviews and was wondering if out of the box...

1. The default settings are fine
2. Should I disable ProjectHoney in XF Spam Management, enable it in the add-on with the key for it?
3. 'Your server's address' - does this need my actual server or is this for the TOR part?

Anything else I need to know about it? Cheers

 

[Zynektic]

@W1zzard any reply to this please mate? Cheers

 

[W1zzard]

@W1zzard any reply to this please mate? Cheers

I assumed you've tried it by now. The defaults are reasonable but (c|sh)ould be tuned for each forum depending on the spammers you get.

 

[Zynektic]

Sorry, I have tried it, the forum is not live yet and was wondering about the projecthoney and and the server field part I mentioned above, thanks.

 

[W1zzard]

Sorry, I have tried it, the forum is not live yet and was wondering about the projecthoney and and the server field part I mentioned above, thanks.

You can leave project honeypot enabled in XF defaults, my addon works separately of it. On my forums I've disabled it in XF and enabled it in my addon that gives me more fine-grained controls.

Regarding the server IP, that's for TOR exit node detection. The plugin will detect your server's IP automatically, which will only work if that's really the IP external users access. If you are using CloudFlare or similar services, or a reverse proxy, or a load balancer then you'll have to manually input your external IP.

 

[popr]

@W1zzard Can I please get an answer to my question above regarding country code coming back as "XX"? Does anyone else have this problem?

https://xenforo.com/community/threa...spam-registrations.70418/page-11#post-1045011

 

[popr]

So it appears http://api.hostip.info is always down or has a bad dns entry. I don't know how long it's been down for, but at least a few weeks continuously. This is going to prevent all country code lookups from working. This was the main reason I have this addon -- to block certain countries. Does anyone know of an alternative for blocking countries from registering? (I don't want to block them from viewing).


FYI: This prevents the following country lookup from working :http://api.hostip.info/country.php?ip=184.71.55.21

 

[popr]

@W1zzard I replaced the code with the updates you posted at github, and it's still producing Country Detected:XX

 

[Xon]

@W1zzard I replaced the code with the updates you posted at github, and it's still producing Country Detected:XX

The github code does work.

Please make sure DNS is working, and run the following commands and report if they fail:

curl https://freegeoip.net/json/8.8.8.8
or
wget https://freegeoip.net/json/8.8.8.8

These should output something like:

{"ip":"8.8.8.8","country_code":"US","country_name":"United States","region_code":"CA","region_name":"California","city":"Mountain View","zip_code":"94040","time_zone":"America/Los_Angeles","latitude":37.3845,"longitude":-122.0881,"metro_code":807}

 

[popr]

It seems to work from the command line -- why would it not work for the plugin?

[root@a ~]# curl https://freegeoip.net/json/8.8.8.8
{"ip":"8.8.8.8","country_code":"US","country_name":"United States","region_code":"CA","region_name":"California","city":"Mountain View","zip_code":"94040","time_zone":"America/Los_Angeles","latitude":37.3845,"longitude":-122.0881,"metro_code":807}

I get approx 10 registrations per day.. So when I look at a sample one today (below), I still get XX for country code.
(the ZZ's are me blocking out personal data -- the XX is actual output from the plugin)

greZZZZjamin - TPUDetectSpamReg checking: greZZZZjamin, azmoZZZZZarm@gmail.com, 24.119.ZZ.ZZ,
AS detected: ASN11492, CABLEONE - CABLE ONE, INC.,US,
Hostname detected: 24-119-ZZ-ZZ.cpe.cableone.net,
Country detected: XX,
Total score: +0
Today at 5:55 PM, Content: user

 

[Xon]

It seems to work from the command line -- why would it not work for the plugin?

[root@a ~]# curl https://freegeoip.net/json/8.8.8.8
{"ip":"8.8.8.8","country_code":"US","country_name":"United States","region_code":"CA","region_name":"California","city":"Mountain View","zip_code":"94040","time_zone":"America/Los_Angeles","latitude":37.3845,"longitude":-122.0881,"metro_code":807}

I get approx 10 registrations per day.. So when I look at a sample one today (below), I still get XX for country code.
(the ZZ's are me blocking out personal data -- the XX is actual output from the plugin)

greZZZZjamin - TPUDetectSpamReg checking: greZZZZjamin, azmoZZZZZarm@gmail.com, 24.119.ZZ.ZZ,
AS detected: ASN11492, CABLEONE - CABLE ONE, INC.,US,
Hostname detected: 24-119-ZZ-ZZ.cpe.cableone.net,
Country detected: XX,
Total score: +0
Today at 5:55 PM, Content: user

Try doing a curl call for the exact IP which is failing.

 

[popr]

Here's the result with the exact IP that returned XX above in the plugin.

[root@a forums]# curl https://freegeoip.net/json/24.119.ZZ.ZZ
{"ip":"24.119.ZZ.ZZ","country_code":"US","country_name":"United States","region_code":"KS","region_name":"Kansas","city":"Emporia","zip_code":"66801","time_zone":"America/Chicago","latitude":38.427,"longitude":-96.2103,"metro_code":605}

 

[ManagerJosh]

Started getting XX reports back from the servers for Country Code.

curl http://ip-api.com/json/8.8.8.8 from the server gives back the right information.



Also, side question. Has anyone seen a case where TPU is rejecting users for a score of +1 even though the score rejection level is set to +6 ?

 

[Brent W]

This add-on brought registrations down for our entire network today. Registrations would completely time out exceeding even a Max Execution time of 240 seconds with php. We were using the latest version from Github.

 

[Brent W]

Specific error log:

[07-Apr-2016 20:01:14] WARNING: [pool aspies] child 4222, script '/home/aspies/public_html/index.php' (request: "POST /index.php") execution timed out (240.665292 sec), terminating

The rest are at our default time out of 30 seconds. Only occurs on registration and problem goes away disabling this add-on.