Replace RDAP/ipwhois signup-IP classifier with ipapi.is
Flags datacenter, vpn, proxy, tor, and independently-scored abuser signals instead of regex-matching RDAP org names; anonymous tier covers 1000 req/day, well above signup volume.
This commit is contained in:
@@ -8,9 +8,10 @@ Guidance for Claude Code when working on **yttrx-welcomebot** (the welcome bot
|
||||
A FastAPI webhook server. One Mastodon admin webhook delivers `account.created`,
|
||||
`account.approved`, and `report.created` to `POST /webhook`; the app dispatches:
|
||||
|
||||
- **account.created** → classify the signup IP (RDAP org lookup); flagged
|
||||
(datacenter/hosting) signups get more scrutiny (held welcome, ip_blocks
|
||||
registration, DM to moderator) before falling through to a normal welcome.
|
||||
- **account.created** → classify the signup IP via ipapi.is; flagged
|
||||
(datacenter/vpn/proxy/tor/abuser) signups get more scrutiny (held welcome,
|
||||
ip_blocks registration, DM to moderator) before falling through to a normal
|
||||
welcome.
|
||||
- **account.approved** → always DM the welcome (dedup-safe; this is what
|
||||
releases a held welcome once a human clears the approval queue). Also where
|
||||
a held, flagged signup's suspicious-watch baseline gets captured.
|
||||
|
||||
Reference in New Issue
Block a user