vBulletin Mods

Are you using the pro version? Need to figure out which to troubleshoot.

Never mind... you were too fast for me :o. I cleared the cookies and it's now working :up:

Okay, it does work... but I'm encountering a few problems. And one of them is a fairly serious one.

I'll start with the most serious problem. There is no combination of settings that I have been able to find which will allow registration from what I fear may be many mobile devices. For testing I'm using my own cell phone. The test is to try and use it to register as a new member on my forum site. Prior to each test, I freshly clear its cookies and other private data. The problem is that PApro persistently interprets these efforts as proxy connections and blocks me at the registration page. This happens even with the Tor, LAN, and Web Proxy options set to "no" and the Members option set to "yes". And it doesn't matter if the Registration Only option is set to "yes" or "no". The vB message with the text that I entered for the proxy_alert_registration phrase consistently appears and blocks every registration attempt from this cell phone.

I have a theory about this issue, but at the moment I have no way to test it. My theory is this: The IPs assigned to my phone (its service is through Consumer Cellular) do not have rDNS hosts. That is, none of the dhcp IPs leased to my cell phone can be reverse-resolved to host names (i.e., there are no PTR records for them). If PApro uses rDNS lookup as a criterion to approve each IP as being a non-proxy address, then this may be why these IPs are not passing. But as I've said, I have no immediate way of testing this theory, since I only have the one cell phone. I could have some of my members or staff test this theory with their mobile devices by clearing their cookies and then attempting registration. But that tends to become a bit awkward so I'm holding off for now. And of course users who contact admin due to a registration refusal are usually not the best options as test subjects.

The next matter of concern is that my testing has shown that for some reason when the Registration Only option is set to "yes", my registration attempts through Tor will randomly slip through to my forum's registration form. And this is with confirmation that my Tor exit node IP has NOT changed each time it happens. Again, this issue does seem to only occur when the Registration Only option is set to "yes". I haven't been able to duplicate it with that option set to "no"... at least yet.

My last observation is trivial... but I'll still mention it. It is that even when I have the Location option set to "no" while the Registration Only option is set to "no" as well, the PA popup message seems to only appear on the main forum index page. Isn't the Location option being set to "no" supposed to cause this popup message to appear on all pages? This is obviously not a serious problem. It's only an observation at this point.

Thanks for reading... if anyone has any thoughts I'll sure be interested.


EDIT:
I had one of my staff test the reg process using their mobile device - it acquires IP addresses which will in fact properly resolve to host names. Like my mobile IPs, hers are as well managed by AT&T Mobility; they are just different numerical blocks. She was able to get through the registration process without issue. I think that serves as fairly good evidence that the lack of PTR records for the IP blocks that my phone has access to has been responsible for PApro rejecting the registration efforts from my phone. The 2nd issue, intermittent slip throughs on Tor connections, may require some further testing on my part.

EDIT2:
Okay. I've done some more testing on the second issue. As mentioned, when the Registration Only option is set to "no", all Tor connections are blocked and the "proxy connections are not allowed" message is consistently presented as expected - i.e., registration does not occur and the proxy_alert_registration message is displayed. However, when the Registration Only option is set to "yes", the system will randomly fail to display the proxy_alert_registration phrase and instead moves to the next stage, which is the new member information entry form page. But when this happens, once the member information has been entered and the 'Complete Registration' button has been clicked, no registration occurs -which is good- but the vB message which then appears is not about proxies at all... instead it is: "Your email is marked as spam." Below is a screenshot.

https://www.vbulletin.org/forum/external/2016/03/5.pngDoing a search for phrases, the above message phrase is shown to be the contents of email_mark_as_spam. I'm unsure though why this message phrase is triggered by PApro ? So that's my first question. And my next question is why, when the Registration Only option is set to "yes", do Tor connections randomly alternate between allowing the user to reach the member information entry form stage (followed by display of the email_mark_as_spam message), or terminating immediately after the birth date is entered with a prompt display of the proxy_alert_registration message? The important thing of course is that this mod seems to block Tor users. It just doesn't do the same thing each time if the Registration Only Option is set to "yes". At least that's what I'm finding.

Any ideas as to why I'm noticing this behavior?

Regarding the problem with your phone, does this also happen when you switch from data to WiFi? A lot of providers nowadays do a lot of magic by passing it through a proxy on their own server that optimizes images/JavaScript/CSS files and add all kind of headers.

I'm not sure. I don't have a wifi-equipped router here and there are no wifi access points near enough to me to try. But I have contacted AT&T IP Support who handle their DNS servers and they have confirmed that the PTR records are missing from the IP ranges that my phone has access to. They emailed me that they have submitted a request to the team who administers the mobile ip DNS servers to add the PTR records for the affected ip blocks. They said the problem should be corrected by sometime next week. Once it is fixed (if in fact that occurs), I will test it with my phone and report back here.

AT&T came through and added the PTR records. The two /24 IP blocks that my phone's IPs come from all resolve to host names now. But unfortunately that wasn't the problem. What was, and is the problem is the fact that the only APN available to my phone through its current provider goes through a proxy. So the public IPs that it's given by the dhcp server are in fact proxy IPs. Which, of course, means that my phone being detected by PA as using proxy connections is accurate. I believe there are some comments about mobile carriers using proxy IPs earlier in this thread.

Question: Does the IP Whitelist provision in PApro allow the use of CIDR or wildcards? I'm hoping I don't have to individually allow each IP.

This is exactly the problem! The system falsely detects certain mobile carrier proxy IPs as Tor exit nodes. Therefore, you can't turn off these false detections without turning off Tor detection altogether. Personally, I could get by if there were a way to whitelist IP ranges. But it appears that there isn't. It's really a shame because this system has tremendous potential. But as it stands, auto blocking the registration efforts of legitimate potential members stands to discourage them from ever trying to register again. This problem really needs to be worked out in order to make this an outstandingly useful and dependable add-on.

It also seems difficult to get the developer to address these concerns for some reason :(

im getting an error:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

From the error you posted, it looks like perhaps the files were not all uploaded to your server. (the includes sub folder, etc)

Double check that, perhaps?

When i first read your comment i thought "how stupid does this guy think i am"...

I re-uploaded all the files and the modification works :| Thanks.

The developer should click the "Additional Files" option then, to make it more clear that files need to be uploaded to the server. :)

I know I know... egg on my face. (shamed)