You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 troubleshooting → Blacklisting email domains?
I'm receiving about five spambots a day who are quite intent on showing us CSS geeks Lindsay Lohan's nipples. They all come from just a handful of domains, which I'd like to block from registration. Short of manually editing the PHP, how can I do this? Is there an admin tool geared towards blacklisting?
install some antispam registarion mods then, just stop them registring before they post. simple
On an off note, one such spam message was for cannabis seeds, and I was tempted to click through :^)
Add a ban and leave the username blank, simply put the domain name under email. (Also make sure you got allow banned emails set to no in options/permissions).
I blacklist email-domains in this way, but the spammers still register. What am I doing wrong?
I have "Allow banned e-mail addresses" set to "no". I create a ban containing just the email-domain (without the "@") without any username... 
I run the latest version of PunBB.
I blacklist email-domains in this way, but the spammers still register. What am I doing wrong?
I have "Allow banned e-mail addresses" set to "no". I create a ban containing just the email-domain (without the "@") without any username...
You are entering the parent domain in the banned e-mail list? Do you have another PunBB running, using the same db?
fredrikin, someone gave me this code and it really seem to help!
plus i have rules turn on and timezone mod. with another captcha mod..
open register.php find
require PUN_ROOT.'include/common.php';
place this afterwards..
/***************************
START SPAM PROTECTION
***************************/
// Address of the blocklist server
$checkspam['blocklist'] = 'sbl.spamhaus.org';
// Build the url to check (reverse DNS query). If you want to test if it works on
// your server, replace the "get_remote_address()" part with the following: '127.0.0.2'
$checkspam['Reverse DNS'] = implode( '.', array_reverse( explode( '.', get_remote_address() ) ) ) . '.' . $checkspam['blocklist'];
// Do the actual lookup. If the users IP is listed in the blocklist, we will be given just an IP back from the queried server.
// If the user is *not* listed as a spammer, the result we get back from the server will be the same string as we sent.
if( $checkspam['Reverse DNS'] != gethostbyname($checkspam['Reverse DNS']) ) {
message('Unfortunately, it would appear that your current IP address is listed in one of the anti-spam databases we queried.
Because of this, you will not be able to register a new account at this point in time. If you believe this to
be a mistake, we urge you to read the FAQ over at <a href="http://www.spamhaus.org/faq/index.lasso">The Spamhaus Project</a>
for more details, including actions you can take to resolve this issue.',true);
}
/****************************
END OF SPAM PROTECTION
****************************/fredrikn wrote:I blacklist email-domains in this way, but the spammers still register. What am I doing wrong?
I have "Allow banned e-mail addresses" set to "no". I create a ban containing just the email-domain (without the "@") without any username...
You are entering the parent domain in the banned e-mail list? Do you have another PunBB running, using the same db?
I have a single PunBB running. I enter "domain.tld" to block "user@domain.tld", which I assume is the correct syntax.
Quaker: That's a good idea! 
/Fredrik
now u can change the level of security by replacing sbl.spamhaus.org with some other html link.
and it will stop more..
ill try to find the page on here that explains more what im talking about....
hahaa
here it is....
http://punbb.org/forums/viewtopic.php?pid=99960#p99960
Q
Here's a multi-rbl variation of that code Quaker posted.
//---------------Start of RBL lookup---------------//
$rblserver = array();
$rblserver[] = 'sbl-xbl.spamhaus.org';
$rblserver[] = 'combined.rbl.msrbl.net';
$fip = get_remote_address();
$rip = implode('.', array_reverse(explode('.', $fip)));
foreach ($rblserver as $xrbl)
{
$rblcheck = $rip.'.'.$xrbl;
if ($rblcheck != gethostbyname($rblcheck))
{
message("$fip blocked. Your I.P address is listed in the $xrbl database.");
}
}
//----------------End of RBL lookup----------------//Only lightly tested. You can add more RBL's if required, (though not necessarily a good idea), by adding more:
$rblserver[] = '[another-rbl-server]';lines below those two already there. Those two should suit for general use, however.
Just been playing around with this in PunBB itself. It needs the header/footer adding too, otherwise it will just blank screen. I assume this applies to the original code posted initially to boot.
//---------------Start of RBL lookup---------------//
$rblserver = array();
$rblserver[] = 'sbl-xbl.spamhaus.org';
$rblserver[] = 'combined.rbl.msrbl.net';
$fip = get_remote_address();
$rip = implode('.', array_reverse(explode('.', $fip)));
foreach ($rblserver as $xrbl)
{
$rblcheck = $rip.'.'.$xrbl;
if ($rblcheck != gethostbyname($rblcheck))
{
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_register['Register'];
require PUN_ROOT.'header.php';
message("Your I.P address: ($fip) is blocked due to it being listed in the $xrbl database.");
require PUN_ROOT.'footer.php';
}
}
//----------------End of RBL lookup----------------//mattf, what does this do? are you modifying the register.php or some sorta blockage script for those listed.
hummm that might be a good mod. a blocking script via ip address and a redirect to some stupid site.
if ip is listed then redirects.
Q
mattf, what does this do? are you modifying the register.php or some sorta blockage script for those listed.
It does exactly the same as that original code you posted, except for the fact that you can specify multiple RBL's to check against with this one. It's just a modified version of that initial code you posted. The script is placed at the same place in register.php as you mentioned above. That's why it needs the header/footer parts adding with the reject message.
MattF wrote:fredrikn wrote:I blacklist email-domains in this way, but the spammers still register. What am I doing wrong?
I have "Allow banned e-mail addresses" set to "no". I create a ban containing just the email-domain (without the "@") without any username...
You are entering the parent domain in the banned e-mail list? Do you have another PunBB running, using the same db?
I have a single PunBB running. I enter "domain.tld" to block "user@domain.tld", which I assume is the correct syntax.
Yup. That's correct.
hummm that might be a good mod. a blocking script via ip address and a redirect to some stupid site.
if ip is listed then redirects.
You could easily add a redirect inplace of the rejection message, but that wouldn't honestly be a good idea. You will get false positives on occasion. Legitimate users shouldn't be required to have to jump through hoops just to register. That idea would penalise legit users big style.
freakin sweet... a war on spam....hahaha...
Q
I have made a simple mod that disallows the user to view anything until he/she activates his account.I don't know if it will help.
here it is :
http://www.punres.org/viewtopic.php?id=3814
If their account isn't activated, they cannot login, hence they're a guest? Wouldn't just disabling guest viewing achieve the same?
Mattf, now.. here goes. is there a site that list IP to totally block user? say u go to my site and if your ip is listed it will block the site 100%?
Q
Mattf, now.. here goes. is there a site that list IP to totally block user? say u go to my site and if your ip is listed it will block the site 100%?
List the IP on what criterion? If you're going down a full access block route, you should be doing this at network level, not software level, i.e: firewall.
Edit: If you are going to do it at software level, I would presume including that script from header.php itself would do the trick. Header.php is a common requirement across all forum pages.
i mean a list of ip that has sent spam. so that when they access the website. it redirects then somewhere else. sorta like this script..
lol...
Ill try to work on what exactly im trying to say.. in a few..
Q
You mean then to create your own blacklist from IP's that have spammed your forum?
By far the best method, I would say, would be to run MJT's rbldnsd server and compile the list for that so that you have your own local RBL. I use that method for the MX, and it works a treat. It's been running several years here with never a single glitch. Just set up Bind/named to forward to it for your local zones RBL entry.
ill have to read how to setup my own bind ...
sound very good... that would be a great way to fight some spam effectively!
It's straight forward enough. All you need to do is just set it up as a caching resolver, and add an entry for your RBL. It's worthwhile having a local caching DNS server anyhow, as it will help with your DNS traffic and speed for cached lookups. All you'd need is a named.conf file consisting of roughly:
//
//
// Local rbl zone(s)
//
//
zone "spam.rbl" in // Or whatever name you use with your rbldnsd zone(s).
{
type forward;
forward only;
forwarders
{
[IP.address.of.rbldnsd];
};
};
//
// root servers
//
zone "." in
{
type hint;
file "named.root";
};
//
//
// End of file
//
//That's about all you need for a caching server and forwarding to your RBL server, (if I remember correctly). You could probably just use the IP of the RBL server in that above script instead of a hostname?, but you're getting a caching resolver to boot, so it's worth setting it up just for that. It also gives you the option of using the RBL for other servers/purposes, where as a flatfile lookup would be tied to the forum.
cache server? ok that alittle beyond my scope....
u got msn or aol yahoo?
PunBB Forums → PunBB 1.2 troubleshooting → Blacklisting email domains?
Powered by PunBB, supported by Informer Technologies, Inc.