Way to prevent/moderate VPN registrations?

RippC

RippC

Member
This isn't so much about spam, but scammers signing up via VPN services. In the classifieds section of my site I've been getting tons of reports of the "You're looking for X part? E-mail my friend at XXX@YYY" direct messages aimed at my users trying to get them on the hook to scam them. The common thread is that they all use some sort of VPN to hide their real location, and evade StopForumSpam, geo blocks etc. Some of them I can catch once reported bc they forget to connect to their VPN first and show up in Nigeria or Pakistan or whatever.

Is there a way to flag these VPN registrations for moderation? If you follow the baked-in link for IP information to whatismyipaddress(.)com it clearly shows that its a VPN or data center... Surely there's something I can do to curb this.

I get that VPNs are just part of the internet now, but just a way to have a look at them first to see if my spidey sense tingles at them would be epic.
 
RippC said:
Is there a way to flag these VPN registrations for moderation? If you follow the baked-in link for IP information to whatismyipaddress(.)com it clearly shows that its a VPN or data center... Surely there's something I can do to curb this.
Click to expand...
We actively block VPN's and you would need Xon's tool here: https://xenforo.com/community/resources/signup-abuse-detection-and-blocking.6812/ -- You can register the network AS numbers to be flagged when used to register an account. (You can set to moderate or flat out reject registrations on a per-network basis..) You can do what we did and just slowly build your own dataset as you discover new networks.

One thing I'd like to point out here as well, you can block the registrations but after someone registers, they can switch to a VPN. To actually cutoff those entirely, you'd have to start actively entering IP block lists based on ASN data.
 
RippC said:
I've been getting tons of reports of the "You're looking for X part? E-mail my friend at XXX@YYY" direct messages aimed at my users trying to get them on the hook to scam them.
Click to expand...
The first thing would be to nor allow private messages for new members for either an amount of time or an amount of posts or both. This alone should shrink the issue considerably.

RippC said:
Is there a way to flag these VPN registrations for moderation?
Click to expand...

RippC said:
I get that VPNs are just part of the internet now, but just a way to have a look at them first to see if my spidey sense tingles at them would be epic.
Click to expand...

ENF said:
We actively block VPN's
Click to expand...
That's what I do, based on the output of https://whatismyipaddress.com/. Sometimes I just block the host, sometimes the whole ASN. Also, geoblocking registrations from countries where you don't have users or a target group may help a bit.

Regarding VPN i explain to my users that they are free to use one but that there is no need to do so on the forum as we don't collect or sell data and do nothing illegal or politcally critical. Plus VPNs are heavily used by spammers and trolls. However: While usage of VPNs is allowed it is unsupported on my forums and may lead to all sorts of issues from not being able to register or being bocked from seing the the forum at all to posts ending up in the moderation queue, creating delays for the poster and unneccessary extra work for the admins.
 
smallwheels said:
The first thing would be to nor allow private messages for new members for either an amount of time or an amount of posts or both. This alone should shrink the issue considerably.
Click to expand...

I'd love to have this feature. What means do you implement it with? did you just write custom code or use a plugin?
 
ES Dev Team said:
I'd love to have this feature. What means do you implement it with? did you just write custom code or use a plugin?
Click to expand...
Can be done with normal user permissions (there's a permission for Start direct messages).

I have a site where users can't send direct messages to each other, but they can use for communication with mods/admins. In that case, the Registered user group can Start direct messages, but not Receive new direct messages.

If you wanted to make it so new users can't send direct messages until something else (point in time or whatever), just restrict the Registered user group, and then use user group additions/promotions to add that permission later.
 
  • Like
Reactions: Sim
You must log in or register to reply here.

Similar threads

Hareon
  • Question Question
Is there a way to prevent forum users from receiving email notifications for threads?
Replies
3
Views
67
Jeremy P
Jeremy P
GAD
  • Question Question
Way to prevent new users from bumping old threads?
2
Replies
21
Views
1K
GAD
GAD
ZeroG
  • Question Question
XF 2.2 What is the best way to prevent bots and spammers from registering CAPTCHA, questions or ????
Replies
11
Views
3K
Max Taxable
Max Taxable
B
  • Question Question
XF 2.0 Is there a way to prevent users from hiding status?
Replies
6
Views
620
Xon
X
eberkund
  • Question Question
XF 1.2 Is there a way to prevent profile links w/o minimum number of posts?
Replies
3
Views
635
eberkund
eberkund
Back
Top Bottom