Add-on Trust+ - Intelligent Security Service

[naia]

Hello,

I am currently working on developing a security and risk assessment service called Trust+, and I intend to release an add-on for Xenforo which utilizes the service. Trust+ will be launched with the following features;

• The ability to intelligently detect and block disposable email address domains.
• The ability to intelligently detect and block users using a proxy service.
• The ability to block users consistently identified by other Trust+ users as spammers, trolls, or spammers.
• The ability to use client-assisted verification to stop ban evasion, duplicate registrations, or other abuse.
• The ability for users to report DEA providers, proxies, or abusive users to the Trust+ service.

The idea of this service is to prevent abusive users from reaching your community without having to manually approve registrations or annoy them by using CAPTCHA. Our API will provide a pass/fail value as well as a risk score, allowing communities the flexibility to choose the level of security they wish to employ.

I am accepting suggestions and comments currently, and will eventually be accepting beta testers for the service. If you are interested in testing or have a suggestion for the service, please post below.

 

[Mouth]

How does this differ from the combination of StopForumSpam, DNSBL, and Project Honey Pot already within XF?

 

[naia]

How does this differ from the combination of StopForumSpam, DNSBL, and Project Honey Pot already within XF?

Project Honey Pot, StopForumSpam, and other DNSBLs are generally static blacklists. StopForumSpam is an unmoderated list where anybody with an email address can list a user as a spammer. ProjectHoneyPot is focused primarily on botnets and malware distribution. Our service is much more robust, and we aim to avoid false positives.

In addition, we offer the following:

• The blocking of disposable email addresses. Disposable email addresses are found via our crawler (ran on Trust+'s server), manual submission by participating communities, and manual discovery by Trust+ staff. All aliases of a DEA are also blocked, if mailinator.com is blocked, for example, anyone who's MX forwards to mailinator.com is blocked.
• Intelligent risk analysis. This is done via a variety of methods in attempt to determine if a user is on a proxy service, is likely to be abusive, and so forth. In addition to standard methods (checking common proxy ports, DNSBLs, etc), we utilize an intelligent client-assisted validation library. This enables us to detect abusers even if they haven't been blacklisted.
• We also host a troll/abuser DNSBL. Other services do not allow the listing of abusive users who are not spammers. We are focused on preventing all types of abuse.

Unlike StopForumSpam:

• We do not automatically list users who are submitted to us. Submissions are processed by either automated screening, or manual verification. Users who are submitted as abusers by multiple communities will have a higher 'risk score' than users submitted by one community. We take active measures to prevent and remove false positives.
• We do not publish our full blacklist. We feel publishing the entire list of blocked domains, behaviors, and IP addresses allows abusers to more effectively plot their attack. Instead, we allow access via a json-based API.

In addition to returning the risk score, we return a list of flags to a community. This enables them to know exactly why a score is what it is.

 

[jauburn]

The real issue today, so far as I can see from my forum, is dealing with the influx of human spammers. Apparently there are legions of poorly-paid individuals in developing countries that are able to defeat just about any spam prevention system because, well, they're humans!

How do you deal with that?

 

[naia]

The real issue today, so far as I can see from my forum, is dealing with the influx of human spammers. Apparently there are legions of poorly-paid individuals in developing countries that are able to defeat just about any spam prevention system because, well, they're humans!

How do you deal with that?

As I said to you in the other thread, we block fraudulent registrations regardless if they are human or bot in origin. We also provide you with methods to customize this experience. We block proxies, VPNs, disposable email addresses, and identity masking services commonly used by spammers. We also perform various client side validations that attempt to measure user behavior and the likelihood of them being abusive.