better dnsbl check

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.2.x. If you need support for phpBB 3.2.x please visit the 3.2.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Post Reply
MartinTruckenbrodt
Posts: 171
Joined: Sun Jan 29, 2006 1:00 pm
Location: Germany
Contact:

better dnsbl check

Post by MartinTruckenbrodt »

Hello,
phpBB3 Olympus is including a dnsbl check labled "Check IP against DNS Blackhole List" which can be enabled at the ACP under Secuirty settings.
This check is using the spamhaus.org DNSBL. This DNSBL contains a lot of false positives.
There are other DNSBLs which are much more usefull to prevent spam bot registrations - e.g. access.atlbl.net and opm.tornevall.org .
It would better to use mores DNSBLs and to implement a weight system with a threshold value to let work several DNSBLs together before the registration will be blocked.
Although there should be a log for administrators to be able to watch the work of the DNSBL check.
Although the registration form should not been displayed if a registration have been blocked.

Then the dnsbl check would be a good alternative for phpBB using webmasters whom don't want or can not use Captchas or Q&As.

MOD advertisement removed

Bye Martin
Last edited by ckwalsh on Sun Aug 01, 2010 7:20 am, edited 2 times in total.
Reason: Thanks for the suggestions, but advertising your MOD isn't appropriate
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs

DrStrangelove
Registered User
Posts: 13
Joined: Thu Jul 01, 2010 3:33 pm

Re: better dnsbl check

Post by DrStrangelove »

dnsbl is a convenient way to do anti-spam. however as you pointed out there's the false positives issue. i'm using your mod which is better but still not ideal.

i'll explain: DNSBL is designed for e-mail, and does a good job of recognizing known sources of spam. however on a forum the issue isn't whether or not to accept an e-mail but whether or not to accept a registration (or a post). these issues aren't the same (!). there's blacklists which covers IP ranges that has lots of valid users but still sends spam (such as dial-up, dynamic IP ranges and so on), some block-lists even lists known proxies etc. to block these wouldn't make sense.

captcha is a good way to keep script registrations out, so it should take care of the gray-area well. also your method of assigning a score to each DNSBL and assign a threshold for where the connection should be blocked takes care of most false positives.

one thing i do miss is the possibility to list what the blacklist covers and select what you want to block (perhaps the admin would like to block known proxies too?), this could also be taken into account when assigning score and would allow for auto-scoring to make things simpler for the user. all the tweaking & tuning stuff could be moved to an 'advanced' tab.

another nice thing with blocklists is that they reduce the need to do IP bans, so if you have a wild west forum, you could instead just choose to reject proxies (using a dnsbl) instead of manually editing the IP ban list putting in tons of entries by hand.

another suggestion I want to make is to cache DNSBL lookups to relieve strain on the server. typically the DNS system has too short TTLs which doesn't make it appropriate for caching purposes.

MartinTruckenbrodt
Posts: 171
Joined: Sun Jan 29, 2006 1:00 pm
Location: Germany
Contact:

Re: better dnsbl check

Post by MartinTruckenbrodt »

Hello DrStrangelove,
I would say it a little bit different: In most cases blacklists are used to block email spam. Some of the blacklists are designed to block email spam only.
But e.g. access.atlbl.net and opm.tornevall.org are designed to block forum spam(, too). And there are other lists for other jobs, too.

For me the aim was to get a good combination of blacklists and weight settings to catch most of spammers and to reduce the number of false positives to Zero. My topical list settings (ABM 1.0.6) are doing a good job (on my boards).

IMO other things are more important as CAPTCHAs are. I think Double Activation and Auto user pruning are much more important to get the last of the spammers and to get a clean memberlist.

My biggest problem is that I didn't get any feedback last months. So I'm very happy about your post.

For feature request for my MOD please use http://www.phpbb.com/customise/db/mod/a ... d/support/. For a feedback please use http://www.phpbb.com/customise/db/mod/a ... 83-t_85601 .

Thanks a lot!

Bye Martin
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs

ronled
Registered User
Posts: 1
Joined: Thu Dec 23, 2010 10:13 pm

Re: better dnsbl check

Post by ronled »

Advanced Block Mod
Advanced Double Activation Pack
by Martin Truckenbrodt

Well supported and works like a charm. Thanks Martin.

Within moments of installing this using AutoMod... you could see things tighten up and the forum is better protected. This should be included in the next release of PHPBB.

Ron

MartinTruckenbrodt
Posts: 171
Joined: Sun Jan 29, 2006 1:00 pm
Location: Germany
Contact:

Re: better dnsbl check

Post by MartinTruckenbrodt »

Hello,
about two years ago I was writing somewhere at the phpBB general discussion forum or somewhere else that the Visual CAPTCHAs thing will be a never-ending-story. Now most of or all of Visual CAPTCHAs have been cracked.
At the moment supporters are telling people to use Q&A. This would be the only one solution (at the moment). Q&A can be cracked too, at least by human spammers.
It seems that some people are using CPFs successfully. This can been cracked too, at least by human spammers.

But what's the next step?

Blacklists can not been cracked and they are blocking human spammers, too. If you are interested read my FAQs and think about it.

Bye Martin
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs

Post Reply