jfb-security-antispam [Jcink.com Wiki]

This is an old revision of the document!


JFH Anti-spam Security

Under attack from banned users that won't go away? Annoyed by fishy-seeming users that keep signing up, but you're not sure what they're about? Want to further tighten security for your community? We hear you. This feature is for you.

Foreword

Firstly, this feature is not perfect. You can never 100% stop every spammer and every abusive user. Determined people, as always, will thwart detection (at least temporarily anyway). However, this will make things just that much more harder on them to do so. That aside, let's explain how this works.

What is the solution?

Because spam on the internet is such a problem, people have created authorities that track and list known sources of spam. These are known as DNS Blackhole List (DNSBL). Through a number of methods, they can tell if a user's IP address is a host to one or all of the following:

  • An unsecured proxy server
  • Part of an e-mail, blog, or forum spam “botnet”
  • A unsecured proxy chain
  • Compromised/infected servers and home computers
  • Denial of Service drone/bot
  • Generic comment/blog/forum spammers interested in spamming ads

How does it work?

These are almost never things that you want to visit your forum. Here are the services that are used to do background checks for these things when this feature is enabled:

The basic breakdown

When someone registers on your forum their IP address is cross checked via those sites to see if a blacklist entry is found. In the event that a match comes up, the board takes appropriate action of putting them in the validating user group (or if the option is enabled, blocking them from signing up entirely).

Keep in Mind

Just because an IP was caught by the blacklist does NOT necessarily mean they are a spammer. 99% of the time this is the case, which is why the DNSBL works so well. The dedicated people running these non-profit sites try to make absolutely sure that the IPs they list are indeed trouble, and that their lists are constantly being updated to protect against troublesome IPs. However, from time to time, someone may pick up a blacklisted IP innocently. (This may be due to an IP formerly having been used by a spammer and still registered in their systems. Or that IP may have been very close to a lot of known spammer IPs.)

This is why by default, if a blacklisted IP address is detected, these users get sent to your board's validating user bin. This is located in the Admin CP under Users and Groups → Manage Validating. Click on an IP address of a member there to get more information if you wish to see blacklist data. From there, you can decide if you just want to delete their account, approve it, or leave it alone.

Additional links and information

 
jfb-security-antispam.1485063913.txt.gz · Last modified: 2017/01/22 00:45 by jcink