That's why I'd do Ban + submit as one button. Only problem is the actual banning part. Last time I looked at the code it was over complicated.

I wonder if you can inject another page after you select ban that has the submit options (e.g. post IP, registration IP, enter in alternate email addresses that may have been in the post, etc).

Don't want to submit all banned people of course as some may just be jerks and not spammers.

There are lots of things going on with the banning, like akismet submissions, lots of thread stuff etc etc. I have to make sure that I get it just right or code starts running all over the place.

My point exactly. Same goes for mass bans. I SO FRIGGIN WISH It was an option!

I think it should only be in the Mod or AdminCp. not in the inlinehook..

Often people may be banned who are not Spammers.

so, a fine balance of usability and funtionality... oh fun :)

Work so far... The template insert is all in php so it should work if the template changes, as long as it has the same fieldset/table structure.

Brilliant mod - has cut down my spam amazingly!

Installed thanks for this mod. The only thing...I followed:

4 - You can edit the default rejection message by Admin Control Panel / Languages & Phrases / Phrase Manager / Front-End Error Messages / vbstopformspam_reject and vbstopformspam_reject_connectionerror

There is no "Front-End Error Messages" there. Only "Front-End Redirect messages"

And what exactly does this edit? Is this an important edit? Thanks

Brilliant mod - has cut down my spam amazingly!

Indeed!! :)

Installed. Thanks!

Wait a minute here! Have I been missing out on some dialogue? Are we talking about adding a function to the AdminCP that submits the rejected registrars data to SFS without having to log on and fill out all three fields and submit them manually? If so, I LOVE IT! If not, that would be a great addition to the mod. This mod flippin rocks and so does the author! :)

Wait a minute here! Have I been missing out on some dialogue? Are we talking about adding a function to the AdminCP that submits the rejected registrars data to SFS without having to log on and fill out all three fields and submit them manually?Welcome to LAST YEAR :)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showp...&postcount=288
I made those code changes into a small plugin:
https://vborg.vbsupport.ru/showpost.php?p=1650801&postcount=289

Note that all of the above is mentioned in the main plugin description above.

It shows up as a box in their UserCP. What pedigree is currently talking about is adding a checkbox to the "delete post as spam" menu to make it simpler.

Welcome to LAST YEAR :)

We old guys are always behind even when we think we are not :) I can't believe that existed with out me knowing it. Well actually..............yes I can :)

Nah, it's just that Tennessee firewater getting to ya :)

Nah, it's just that Tennessee firewater getting to ya :)

LOL. We call it wildcat whiskey where I come from :)

For the rest of the world, its called Gasoline :)

Installed thanks for this mod. The only thing...I followed:

4 - You can edit the default rejection message by Admin Control Panel / Languages & Phrases / Phrase Manager / Front-End Error Messages / vbstopformspam_reject and vbstopformspam_reject_connectionerror

There is no "Front-End Error Messages" there. Only "Front-End Redirect messages"

And what exactly does this edit? Is this an important edit? Thanks

If you search for these in the phrase manager, youll find them to edit

vbstopformspam_reject
vbstopformspam_reject_connectionerror

For the rest of the world, its called Gasoline :)

HaHa. I guess you could run a car on it fairly easy :) I will have to see about that auto-reporting add on. I honestly did not know it was there. I am still doing it the old fashioned way. One positive thing about that part is that it puts me on site and I can blabber on in the SFS forum like I actually know what I am talking about :)

Well, good news, Ive had confirmation that it works in vb4 beta 3 :)

Well, good news, Ive had confirmation that it works in vb4 beta 3 :)

Great! I wonder if any of the other well-thought-out hacks will work as well.

0.61 will work with vb4 but 0.7 will not until Ive re-rewritten all of the template change code

Great! I wonder if any of the other well-thought-out hacks will work as well.

Looking at the template code, anything that changes a template, either manually or automatically, will not work in vb4

This Mod works great.

How ever I am seeing a slight issue in my logs. Since installing yesterday it shows 39 entries and says 4 of them were approved, when I search for these users they do not exists. The log entries also are not associated with a user ID.

I ran a test and registered on my own and it worked fine.

When I looked at the approved accounts a couple of them were .ru email addresses so obviously they were spammers. But when I went to stopforumspam.com I couldn't find any reference to them.

I don't think the blocked accounts were legit by any means, but they said they were allowed. Would indicate to me there is a bug in the process some where.

I am running 3.8.3

I installed it and it works like a charm, Thank you:D

This Mod works great.

How ever I am seeing a slight issue in my logs. Since installing yesterday it shows 39 entries and says 4 of them were approved, when I search for these users they do not exists. The log entries also are not associated with a user ID.

I ran a test and registered on my own and it worked fine.

When I looked at the approved accounts a couple of them were .ru email addresses so obviously they were spammers. But when I went to stopforumspam.com I couldn't find any reference to them.

I don't think the blocked accounts were legit by any means, but they said they were allowed. Would indicate to me there is a bug in the process some where.

I am running 3.8.3

This has been covered but as the thread is getting long, its not a problem :)

What happens with "approved" is really a miswording (to quote Hillary Clinton). "Approved" means that its passed all the tests done by this mod, not by vbulletin. It means that this mod hasnt found a match on any of the fields that you are testing on and has passed control back to vbulletin for all its tests (dup email, banned ip, password length, catcpha testing etc). The registrations wouldve been stopped by one of the vbulletin tests as my mods processing takes place first because of the place in the scripts that its executed at.

Hope thats clear :)

If you find, in your logs, a spammer thats banned on username/ip address but you dont find an email address for them on the website, please feel free to add them to the databases (details on how to on stopforumspam.com)

I installed it and it works like a charm, Thank you:D

Youre welcome :D

...When I looked at the approved accounts a couple of them were .ru email addresses so obviously they were spammers. But when I went to stopforumspam.com I couldn't find any reference to them.

I don't think the blocked accounts were legit by any means, but they said they were allowed. Would indicate to me there is a bug in the process some where.

I am running 3.8.3

The fact that there was no reference to them at StopForumSpam.com is the reason that they passed inspection by this plug-in. Those would be the spammers that you want to make sure you add to the SFS list.

This has been covered but as the thread is getting long, its not a problem :)

What happens with "approved" is really a miswording (to quote Hillary Clinton). "Approved" means that its passed all the tests done by this mod, not by vbulletin. It means that this mod hasnt found a match on any of the fields that you are testing on and has passed control back to vbulletin for all its tests (dup email, banned ip, password length, catcpha testing etc). The registrations wouldve been stopped by one of the vbulletin tests as my mods processing takes place first because of the place in the scripts that its executed at.

Hope thats clear :)

If you find, in your logs, a spammer thats banned on username/ip address but you dont find an email address for them on the website, please feel free to add them to the databases (details on how to on stopforumspam.com)You could replace it in the next release with a more neutral wording like "no match found". Prevents questions I suppose :)

Belated congrats on the MotM award by the way!

Barteh - its already been changed to exactly that, "no match found"

And thanks, it was a great feeling to get listed on teh motd, let alone win it.

thanks, works great; already caught a potential spammer 1 min after install:)

This Mod works great.

How ever I am seeing a slight issue in my logs. Since installing yesterday it shows 39 entries and says 4 of them were approved, when I search for these users they do not exists. The log entries also are not associated with a user ID.

I ran a test and registered on my own and it worked fine.

When I looked at the approved accounts a couple of them were .ru email addresses so obviously they were spammers. But when I went to stopforumspam.com I couldn't find any reference to them.

I don't think the blocked accounts were legit by any means, but they said they were allowed. Would indicate to me there is a bug in the process some where.

I am running 3.8.3

The first question is are you moderating new members? I would advise you to if you aren't. If you are, when they see that it requires a second step to register, they realize that you are moderating new members and do not finish the registration process for fear of being discovered. They got that far because they were NOT in the SFS database. I've said it before and I'll say it again; All spammers are not in the database so you need to investigate them if they (new registrants) look suspicious. They aquire new e-mails and IPs all of the time. SFS does not have EVERY spammer listed which is why they count on us to report them. It also pays to check against other anti-spam sites too as a back up to SFS. There are several.

Welcome to LAST YEAR :)


I made those code changes into a small plugin:
https://vborg.vbsupport.ru/showpost.php?p=1650801&postcount=289

Note that all of the above is mentioned in the main plugin description above.

It shows up as a box in their UserCP. What pedigree is currently talking about is adding a checkbox to the "delete post as spam" menu to make it simpler.

Do I need to upload your code add on in the AdminCP just like you would any other product? Or What? I have saved the files, I just need to know that tid bit of exactly what to do with them. Also, works fine in 3.8.4? One more, works alright even if moderating new members is turned on? Thanks

STopforumspam is down again .. we need an stable solution :(

STopforumspam is down again .. we need an stable solution :(

That's the first time that I have seen it down since my install. I have my new registrants set to moderation anyway and you have the option in vBSFS to deny until it is back up too. I'm sure as more people use the site, the load increases exponentially.

<a href="https://www.stopforumspam.com/forum/t1024-Sorry-downtime" target="_blank">http://www.stopforumspam.com/forum/t1024-Sorry-downtime</a>

earth.devppl.com decided to use the remaining 100gb of monthly bandwidth themselves in a denial of service attack against the webserver.

We would have a more stable solution but this service is funded out of our own pockets and ad revenue isnt enough. Unless someone fancies providing a dns round robin system with means to replicate mysql on a live cluster, its going to remain on a single server, with as much optimization as we can provide with the very limited funds available. So far, for a free service, I dont think were running too bad.

http://www.stopforumspam.com/forum/t1024-Sorry-downtime

earth.devppl.com decided to use the remaining 100gb of monthly bandwidth themselves in a denial of service attack against the webserver.

We would have a more stable solution but this service is funded out of our own pockets and ad revenue isnt enough. Unless someone fancies providing a dns round robin system with means to replicate mysql on a live cluster, its going to remain on a single server, with as much optimization as we can provide with the very limited funds available. So far, for a free service, I dont think were running too bad.

Free is hard to beat no matter how you look at it. I'll take what I can get as compared to what I had :) any day of the week.

Why not to prvide a spammer database , which updated on daily bases or weekly bases ?
Thanks ,
Zi5

@Zi55: real time checks allow you to get matches on new spammers as they are attacking. The vB SFS plugin does cache data locally to avoid the SFS round trip if the spammer is in your local cache.

That being said, a spammer database is available for download here:

http://www.stopforumspam.com/downloads/

Love this. Been using it since May, and it stops 10-15 spammers a day. Only 3 have gotten through since install.

I would guess it is because we updated to vb3.8.4, but I don't see the "sumbit user to StopForumSpam" interface in the admincp when editing a user. Do I need to reinstall the mod? Is this a problem others have had?

Again... LOVE THE MOD!

the current version of the mod does not have a "submit user to SFS" interface. That is a hack to the mod discussed inline within this thread and not a part of the official download.

0.7 (codenamed: unicorn) will have the ability to submit as part of the official download. There is currently not a release date scheduled.

I was able to submit users before without the extra mod. Regardless, I just downloaded it and installed it. Thanks.

@Zi55: real time checks allow you to get matches on new spammers as they are attacking. The vB SFS plugin does cache data locally to avoid the SFS round trip if the spammer is in your local cache.

That being said, a spammer database is available for download here:

http://www.stopforumspam.com/downloads/

Would be interesting if vBSFS would offer the possibility of synchronising the full list to a local file, the way denyhosts (http://denyhosts.sourceforge.net/) grabs new IPs from the denyhosts database (50 at a time iirc) and adds them to hosts.deny. Both vastly reduces traffic to the SFS database and offers a fallback in case of connection problems to it :)

that is what the local caching of the db does in this plugin. it only makes a call to the sfs if the registrant is not in the local file. that file is updated periodically based on settings.

Was thinking of a *full* copy being synced :)
I suppose I could increase the time limit for that, at the moment it only stores recent query results for 30 mins. A week (10080 mins) shouldn't be a problem I reckon.

Thanks for a great mod! :up:

It's working brilliantly for me. Now I need to work out the best way to do my bit to add to the SFS database.

I've installed the mod from Wired1, but is there currently any way to report spammers from the "vbStopForumSpam Log Viewer" page? I don't think so, but I may have missed something.

A checkbox for multiple selections would make it very quick to use, and would be an easy way of reporting obvious spammers that aren't in the SFS database, but don't get past the VB captcha etc.

Thanks for the feedback, Ive been a little slack over the last week in keeping up the date with the thread but I do have a bit of good news

gmail.com - I hate it. I hate it because they normalise all the email addresses. It removes all the .'s and ignores everything to the right of a + in an email address

spammer joeblogs@gmail.com registers and uses joe...b.l.o.g.s@gmail.com or joe.blogs+spam@gmail.com and it all gets delivered to the same account but this throws the api as it did a like for like comparison... until now

I spent the last week running tests on a new code and database revisions on the stopforumspam.com website

So now if joe...blogs+aaakslsl@gmail.com registers on your forum and joe..blogs+ss11.......1.1.1.1@gmail.com has been listed as a spammer, youll get a positive hit and the registration will be denied.

Nicely done! I'm new to the mod (installed yesterday) but it seems great. I appreciate all the coders work around here! This mod definitely seems like a must. :) I was unaware that stopforumspam was you though! I've been using that resource for a while now :)
Andrew

its not me as such, I just do most of the coding and database maintenance there at the moment.

Ahh I see. Well, good work on any account :) especially with gmail being such a factor of spam... and their high usage of periods in email addys so far it seems.

Im going to test install on Beta 5

Great, Ive only been able to test it on beta 3 so I look forward to being able to update the mod description with "works in 4.0 beta 5" :)

This MOD is one of the best MODs I have installed BY FAR! - Works PERFECTLY!

We went from about 8 spammer sign-ups per day (with human verification controls in place) to only one registration getting through since we have installed the MOD, and by the time I removed the user, they had already been added to the blacklist!

As of today, we have had this installed for about two weeks and have had over 840 spammer registrations blocked! - Kudos to the developer!

Scott

For me, it doesn't work on vB4, RC4. It makes anyone unable to register and I get this:

Warning: require_once(includes/functions_vbsfs.php) [function.require-once]: failed to open stream: No such file or directory in [path]/register.php(317) : eval()'d code on line 3

Fatal error: require_once() [function.require]: Failed opening required 'includes/functions_vbsfs.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home3/XXXXXXX/public_html/home/register.php(317) : eval()'d code on line 3

Any chance this product will receive a full update and compatibility fix with the vB4 suite/forums?

Thanks in advance.

@deityx, was this an upgrade or a fresh install of vb? it works perfect on vb4 rc4 for me. try uninstalling the mod from admin console, reupload the files and install and see how it goes.

Oki, thanks for reply. It was a clean install of RC2, then upgrade to RC4. I will try what you said :)

@skippybosco: THANKS, your suggestion worked like a charm! :) Registration works now and spammers are blocked \o/

For me, it doesn't work on vB4, RC4. It makes anyone unable to register and I get this:



Any chance this product will receive a full update and compatibility fix with the vB4 suite/forums?

Thanks in advance.

if looks like you didnt upload the necessary files to the necessary folders.

On multiple boards that I help administer, there have been several complaints per day that new registrations are being blocked as "spammers". I haven't reproduced it myself, but something seems to be going on.

We haven't upgraded to the .61 release, still running .6

I've had to turn off the modification in order to let people register. I have tested both their IP addresses as well as their usernames and emails with StopForumSpam, and it was negative on all counts.

@BillP: You can check your StopForumSpam logs in your vB Admin Control Panel to see why the user was blocked (IP, Email or Username depending on your configuration)

@BillP: You can check your StopForumSpam logs in your vB Admin Control Panel to see why the user was blocked (IP, Email or Username depending on your configuration)

Where do those logs show up? Sorry, don't seem to see them under Statistics and Logs on the CP.

Thanks in advance...

Never mind, when the product plug-in is disabled, the logs disappear. I enabled the product and now I can see the logs.

They were all being blocked on username. The username space got polluted with reasonable, good names.

So we're now only rejecting on IP and email

can you post a few examples of the usernames that were being rejected?

can you post a few examples of the usernames that were being rejected?

Mark
Rose
Swim
boots

bro what is problem in user profile cant show to sumbit spamer early worked now no

This may be a dumb question, but exactly how do I submit a spammer to the StopForumSpam database? I've got a valid API key entered, but I can't find any report button or similar feature anywhere in any of the admin menus.

This may be a dumb question, but exactly how do I submit a spammer to the StopForumSpam database? I've got a valid API key entered, but I can't find any report button or similar feature anywhere in any of the admin menus.

Either go to the website and submit, or install the plugin I created from pedigree's code (which is all mentioned in the first post) which allows you to submit from their user profile in the adminCP.

Just installed on 4.0 PL1 and seems to be working fine! :up:

agreed. tested on VB4 and works perfect!

Woot, good news! Ill link a post to vb4 mod section

I don't know why I didn't install this sooner! In the last two days since installing, I've caught 97 spammers! And it's allowing regular people through - just perfect so far.

The only problem I came across is Wired1's hack. The discussion said it was a product, but the Import Product panel choked and said it was a plugin. So I read the XML for the hook, and put it in as a plugin. Turned it on, and got the following error in the Member Column 1:

Parse error: syntax error, unexpected '<' in /home/curvesfo/public_html/forum/admincp/user.php(757) : eval()'d code on line 10

I'm running vbulletin 3.8.4 Patch Level 1.
Has anyone come across this? Is it just me? Should I just wait for the updated version to come out and not mess with it at this point?

I tried to upgrade and got this: Database error in vBulletin 3.8.4:

Invalid SQL:
ALTER TABLE vb3_usergroup ADD vbstopforumspamviewpermissions INT( 10 ) UNSIGNED DEFAULT '0' NOT NULL;

MySQL Error : Duplicate column name 'vbstopforumspamviewpermissions'
Error Number : 1060
Request Date : Thursday, December 24th 2009 @ 05:02:38 PM
Error Date : Thursday, December 24th 2009 @ 05:02:38 PM
Script : http://gamerzcreed.com/forums/*******/plugin.php?do=productimport
Referrer : http://gamerzcreed.com/forums/*******/plugin.php?do=productadd
IP Address : 76.***.**.***
Username : Shadow
Classname : vB_Database
MySQL Version : 5.0.85-community

what happened?

You tried to upgrade the mod or your forum to VB4?

Try uninstalling the Mod, reuploading the files and reinstalling.

I never said it was a product :)

I never said it was a product :)

OK, after 55 pages of reading, I may have misunderstood. Anyway, I can't get it to work. I guess I'll just wait.

Just install it like any other plugin and it'll work.

Just install it like any other plugin and it'll work.

OK, deleted it and pulled out just the relevant code to paste in, and it worked this time.

I tried to upgrade and got this:

what happened?

You didnt uninstall it first, like it mentions in the mod description.

If you dont want to lose your logs, then you can open the xml file in a text editor and remove the following lines, about line 49, save it and then use that XML file for upgrading/reinstalling.

$db->query_write("ALTER TABLE " . TABLE_PREFIX . "usergroup ADD vbstopforumspamviewpermissions INT( 10 ) UNSIGNED DEFAULT '0' NOT NULL");
$db->query_write("ALTER TABLE " . TABLE_PREFIX . "usergroup ADD vbstopforumspamsubmitpermissions INT( 10 ) UNSIGNED DEFAULT '0' NOT NULL");

I love vbStopForumSpam! Thank you so much for providing this plugin!!

I recently added a vBulletin forum to my site and the accursed spamers had me considering to take down the forum.

I found your stopforumspam.com website and it was great for manually checking regesistrations. I am so thankful that you also provide this fabulous automated soltution with your plugin!

My forum currently only has one valid post but it will eventually have many more. I can't imagine running the forum without your plugin.

My site is http://www.personal-development-tv.com/
It's a personal development site with RTMP streaming videos and a blog. Any feedback about the site is appreciated.

Thanks again and Happy Holidays!

Jerry

@Jerry: Great looking site!

@Skippybosco:
Thank you! I'll skin the forum at some point. I'm just glad I got the forum to work. It's the first forum I ever worked with. So far, so good. :D

Hi,

Can't seem to get it working on 3.6.5...

Uploaded contents of the Upload folder to their appropriate folders via ftp...then Imported the product...

I used a blocked e-mail address from stopforumspam.com and when I completed the registration form and clicked 'Complete Registration'...it gave me a blank white page, but the registration was there anyway.

No log was created.

Any suggestions?

Thanks

As an update to my previous post...

I got the mod working by disabling the ISBOT Mod :)

Thanks...and on behalf of my staff, they thank you for not having to use all their online time banning spammers :)

Thanks for the update tigrattack!

Trying to get this working on 3.8.4 and all I get is 'invalid file specified' when trying to import it in the AdminCP. Have uploaded the files a second time with no luck. Never had any previous versions of this file installed.

Any ideas?

Youre not importing the correct file then

Using the xml file in the root of the zip file :confused:

If youre importing product-vbstopforumspam.xml and its giving you that error, then I cant help as I cant reproduce your forum to get it to error.

Here's a short code to incorporate vbstopforumspam to the One-touch Ban and Clean (https://vborg.vbsupport.ru/showthread.php?t=156444) hack.

You have to have vbstopforumspam and One-touch Ban and Clean already installed before performing the steps below.

As always, I am not to be held liable on any disaster to your data and/or forum settings so proceed at your own risk.

I also don't visit very often so those who understand PHP, please help others with their problems.

Instructions:
Sign-up (http://www.stopforumspam.com/signup) for a Stop Forum Spam API key. Keep the key handy since you'll need it on step 5.
In AdminCP->Plug-ins & Products->Plugin Manger, look for Product : One-touch Ban & Spam Cleanup, and click Form Actions.
For easy editing, you need to copy the contents of the Plugin PHP Code field on to your favorite text editor (Notepad, TextMate, etc).
Almost towards the end of the script, look for:
$message .= ($deletedthreads > 0) ? construct_phrase($vbphrase['onetouchspamban_threads_deleted'], $deletedthreads) : null;

Above, add the following (note that you need to replace XXXXXXXXXXX with your API key from step 1 -- make sure that the key is inside the double quotes):
/* Stop Forum Spam Routine - Start */
/* http://www.stopforumspam.com/apis */
$spammer = $vbulletin->db->query_first("SELECT username, ipaddress, email FROM ". TABLE_PREFIX . "user WHERE userid = $banuserid");
// check to see if user was manually added (no ip)
if (!empty($spammer['ipaddress']))
{
// specify your API key below
$api_key="XXXXXXXXXXX";
$url_parms="?username=". urlencode($spammer['username'])."&ip_addr=". $spammer['ipaddress']."&email=". urlencode($spammer['email'])."&api_key=".$api_key;
$url="http://www.stopforumspam.com/add.php".$url_parms;
$ret = file_get_contents($url);
}
/* Stop Forum Spam Routine - End */

Copy back the whole code to the Plugin PHP Code field and hit Save.
That's it! Now every time you do a One-touch Ban and Clean, you also add that user to the Stop Forum Spam database for everyone to use. :)


I hope this helps.

-- Reggie

Wow! Fantastic! One touch no doubt.

Top help Reggie :)

I installed it and works perfectly.

Thanks for the great job.

FYI db->query is depreciated as of 3.6. You should be using db->query_read and db->query_write. Not that this changes functionality but sticks with the vBulletin coding style.

I also noticed that you don't free the result of the database queries with db->free_result. db->query_first should be used in a number of places since you only want the value of one field. This will make remove the need for db->fetch_array and db->free_result.

Please use db->escape_string instead of addslashes. addslashes doesn't catch all cases nor does it take into account the SQL connection encoding.

For the datediff consider db->query_first_slave as we don't need to be hitting the master db server with that query.

rsw686 thanks for the heads up :)

Excellent with 4.0.1 Thank you.
I had similar experience with 3.84
J.R.

I installed this, on multiple forums, and it's working great! I've had a couple spammers slip through, but it has drastically slowed them down.

I do have a problem though, and I don't know what's causing it. Many of my members are now complaining that they need to log in daily, or sometimes even every time they visit the forum now. I don't know how it could be related, but it started afer installing this plug-in. Anyone else seen this? Anyone have a clue how to fix it?

I'm running 3.84 patch level 2

Gotta say, thanks!
In 2 days, this plugin caught 88 spammers trying to register!

As of today I have had 25+ new members complain that the plugin isn't working. The stop forum spam database check step doesn't complete and registration is blocked.

I wonder if we're blocked, the database down, or the plugin needs an update or whatever?

I for now have turned off this mod so I do not lose 50 potential registrations in a day from valid members.

There are two settings in case of connection errors: "Query Connection Errors" (What should happen if the remote connection times out when querying the new registration?) and "Data Fetching - Cache" which help to identify these type of errors.

I've just installed StopForumSpam. It was super-easy. After carefully studying what it does, I realized it essentially automates most of the successful bot-blocking strategies I've been using manually here for over 2 or 3 years. Wish I'd found this add-on l-o-n-g ago. Duhhh!

It has blocked a dozen spambot registrations in its first hour. I have every expectation it will eliminate 99% of all spambot registrations and cut the risk of spam-posts to a minimal level. I suspect I'll be able to stop moderating new registrations almost completely. We'll see. But that's my guess.

Thanks a lot! :)

Here's a very minor bug in vbstopforumspam.php

Database error in vBulletin 3.8.2:

Invalid SQL:

SELECT * FROM vb3_vbstopforumspam_log AS logs

ORDER BY ip ASC, date DESC
LIMIT 0, 15;

MySQL Error : Unknown column 'ip' in 'order clause'
Error Number : 1054
Request Date : Monday, January 25th 2010 @ 04:50:55 PM
Error Date : Monday, January 25th 2010 @ 04:50:56 PM
Script : http://myforums.com/forums/admincp/vbstopforumspam.php?do=view&pp=15&orderby=ip&page=1
Referrer : http://myforums.com/forums/admincp/vbstopforumspam.php?do=view
IP Address : xx.xxx.xxx.x
Username : webmaster
Classname : vB_Database
MySQL Version : 5.1.30

The column-name reference in this query should be to "ipaddress" and NOT to "ip". I fixed it here. But it should be fixed in the released code too.

Unistalled, the server seems to be down most of the time now causing no one to be able to register. This works really well!
https://vborg.vbsupport.ru/showthread.php?t=183917

@Floris / @TheInsaneManiac:

There is an option in the configuration of the plugin:

"What should happen if the remote connection times out when querying the new registration?" Allow Registration / Block Registration

...which will first check your local cached copy of the stop forum spam dataset (ie. you are still protected from most recently known spammers in your local cache) and then allow registration if there is no response from the stop forum spam.

As the site has had a 3x+ traffic increase from January 2009 - January 2010, scaling and DDOS attacks are always a challenge. That being said, there is much effort happening behind the scenes to increase the robustness / speed of the stop forum.

@TheInsaneManiac, the plugin you suggested can certainly be run in combination with the SFS plugin as they compliment each other well. That being said, it only prevents automated (bot) not human spammers.

I see that Floris and Insane Maniac and perhaps others are reporting experiencing problems with accessing the database that support this add-in. Yet, as far as I can tell, I'm not having any problems in doing so.

Can someone comment about these reported problems? Is this an issue you are working on or is it one you can't fix or is it perhaps related to loads on your current server? This is a great and very effective mod. I'd hate to see it vanish because the database we all rely on has become unreliable.

Thanks!

Oops. I see that between the time I read InsaneManiac's post and the time that I got around to replying to it, skippybosco has commented. Sorry I didn't notice that before I posted this request. :(

@websissy: I'm also not having the problems that folks are reporting here, but I make use of the cached database whenever possible and set the plugin to allow registration if not in local cache AND can not reach SFS server for some reason.

As I eluded to in my previous post, there are backend enhancements that are being implemented that will certainly increase the robustness of the server requests, but for the most part tuning the configuration of the mod on your local server will greatly improve the experience for both you and your users.

Here's a very minor bug in vbstopforumspam.php

The column-name reference in this query should be to "ipaddress" and NOT to "ip". I fixed it here. But it should be fixed in the released code too.

I thought I had fixed that, grr, its certainly posted back in the thread. Ive gone back, changed it and reuploaded the zip file again. I have no idea how that got back into the upload

Unistalled, the server seems to be down most of the time now causing no one to be able to register. This works really well!
https://vborg.vbsupport.ru/showthread.php?t=183917

Im not aware of any server down time recently.

As of today I have had 25+ new members complain that the plugin isn't working. The stop forum spam database check step doesn't complete and registration is blocked.

I wonder if we're blocked, the database down, or the plugin needs an update or whatever?

I for now have turned off this mod so I do not lose 50 potential registrations in a day from valid members.

Are you using cURL? Are the blocks all at much the same time or scattered randomly? Maybe switch it so that it will allow registration on error?

None of us is perfect, Pedigree... least of all we software types. As far as I'm concerned this product is one of the most useful vbulletin hacks I've seen. I wasn't complaining... I just wanted to help improve it a bit.

Don't sweat the small stuff. You ROCK, friend!!

Thanks! :D

Thanks :) but I still want to try to fix anything where I can. If the script is failing for any reason that I can control, then I really want to try to fix it.

Gotta say, thanks!
In 2 days, this plugin caught 88 spammers trying to register!

I had the same result with it catching what seemed to be an extremely high number. Then I looked through the code and realized it checks the stop spam database even if the registration fields aren't validated. So if a bot submits with an invalid code or mismatch password it checks the stop spam database first. I changed the code to just let vBulletin throw the invalid registration fields error. This way I am not hitting the stop forum spam database when unneeded. All I had to do was wrap the register_addmember_process hook with if (empty($userdata->errors))

I also noticed that the cache is inserting records for the same data with a newer datestamp. However when grabbing the results from the cache it doesn't sort by date. Potentially the cached results could be around longer then the time set in the control panel. I changed this to only insert into the cache it there was not a cache hit already. This one I kind of went crazy rewriting things. pedigree if you would like I can send you the files. I want to say upfront that I am extremely picky with mods as I like to do things in a consistent way since it isn't part of the vBulletin release.

rsw686 im working on your other suggestions and Ill add this one as well.

vB.org sent out an auto-update for vBSFS last night, but I only see the 0.6.1 version... Clicked the wrong button there? ;)

Sent: Wednesday 27 January 2010 21:00
Subject: Auto-Update: vbStopForumSpam - known spammer lookup for new registrations


** DO NOT REPLY TO THIS MESSAGE **

* Automatic Update Notification *

The following modification has been updated (by pedigree) ;

vbStopForumSpam - known spammer lookup for new registrations
https://vborg.vbsupport.ru/showthread.php?threadid=176481


From vBulletin.org
================================================== ==============

To edit your Auto-Update notifications for this modification please visit the Edit Settings Page ;

https://vborg.vbsupport.ru/vborg_miscactions.php?do=editsettings&threadid=176481

@Barteh: Given the updated dates of the files in the .zip I would say it is indeed updated, but retaining the legacy version number. Pedigree eludes to the included fixes a few threads above this one.

Ah, alright. As I'm not experiencing any vBSFS problems right now, I suppose I can stick with my current installed version, then :)

It was to fix an issue with a re-install without first having removed it. There is no need to redownload and reinstall

It was to fix an issue with a re-install without first having removed it. There is no need to redownload and reinstall

Thanks for helping us to reduce spams.

FWIW, we are seeing a significant problem with vbStopForumSpam because of pollution in the www.stopforumspam.com database.

For example, the other day we found that the www.stopforumspam.com database was blocking the IP address of Sun Microsystems, definitely not a spammer.

The problem has become so bad, we have disabled all IP checking :(

Of course, this is not a problem with this great mod, but a problem with most RBL type systems where the data is user contributed and often inaccurate.

We might have to deinstall this.... unfortunately.

@imported_silkroad: What is the IP address in question? Have you reported it to the admins at Stop Forum Spam so it can be investigated and potentially removed from the database?

Consider a few possibilities:

1) The IP address has been recycled and is no longer being used by Sun MicroSystems
2) Could very well be a compromised machine of a Sun MicroSystems employee (like the 43 companies that were recently had employees computers compromised such as Google, Adobe, Microsoft, Yahoo, etc)
3) Could very well be a Sun MicroSystem employee trolling/flaming forums from their work computer. While not a traditional "bot" activity, many admins still consider this "pollution" of their forums and as such will report it.

That being said, you're correct that until the "reputation" system is in place and refined, there is a chance that someone could enter a valid IP address into the database intentionally or accidentally. There are, however, things you can do as an admin to reduce the impact of such a thing:

1) make use of the additional details available from the API such as "last seen" and "frequency reported". Unless someone is maliciously targeting a specific IP, the likelihood of multiple entries in a short period of time are fairly low.
2) set your configuration to not "block" registration but rather quarantine the "suspect" users (ie. those with matching info) to more restrictive VB usergroups and either have their posts content validated by something like AkiSmet (automated) or moderated (manually) and then make use of promotion rules within vB to automate their transition to non-quarantined. Even without fear of "data pollution" this is a sound strategy that I employ on my sites.

Installed. Good to see a coder like you Pedigree actively involved in this thread and product. As a new forum owner, I'm hoping this thing helps a LOT! :-)

-Tom

@imported_silkroad: What is the IP address in question? Have you reported it to the admins at Stop Forum Spam so it can be investigated and potentially removed from the database?

Consider a few possibilities:

1) The IP address has been recycled and is no longer being used by Sun MicroSystems
2) Could very well be a compromised machine of a Sun MicroSystems employee (like the 43 companies that were recently had employees computers compromised such as Google, Adobe, Microsoft, Yahoo, etc)
3) Could very well be a Sun MicroSystem employee trolling/flaming forums from their work computer (while not a traditional "bot" activity, many admins still consider this "pollution" of their forums and as such will report it.

That being said, you're correct that until the "reputation" system is in place and refined, there is a chance that someone could enter a valid IP address into the database intentionally or accidentally. There are, however, things you can do as an admin to reduce the impact of such a thing:

1) make use of the additional details available from the API such as "last seen" and "frequency reported". Unless someone is maliciously targeting a specific IP, the likelihood of multiple entries in a short period of time are fairly low.
2) set your configuration to not "block" registration but rather quarantine the "suspect" users (ie. those with matching info) to more restrictive VB usergroups and either have their posts content validated by something like AkiSmet (automated) or moderated (manually) and then make use of promotion rules within vB to automate their transition to non-quarantined. Even without fear of "data pollution" this is a sound strategy that I employ on my sites.

No, it was non of those scenarios.

I spoke directly to the Sun employee, who is very professional and very intelligent. They were actually kind enough to contact us and tell us of the problem.

I have a lot of experience with problems with abuse of user-generated blacklists for anti-spam, etc going back nearly 15 years.

The database used for this mod has serious problems.

I like your strategies above to reduce impact and will consider them before removing this mod, which is causing more problems than benefit as our other anti-spam plugins that do not use the Stop Forum Spam database are "pretty good" and do not lock out perfectly good registrations!

PS: There is no way we will spend time reporting problems to the Stop Forum Spam admins. This would take more time that deleting spammers!! The admins of Stop Forum Spam should validate better. Their system is really bad and does block good people consistently, we have seen this.

In addition, anyone can report an IP address and use this malicious to hurt others. It is unfair to put the validation on the end user or forums who have problems. The db should have a better validation algorithm, period!

You dont have to disable IP checking, you can drop its threshold to 5 days or something like that.

How about posting the IP numbers youre seeing as polluted so that I can check them out.

In addition, anyone can report an IP address and use this malicious to hurt others. It is unfair to put the validation on the end user or forums who have problems. The db should have a better validation algorithm, period!

Like paying someone to manually validate every entry? Right... we barely break into double digits each month in donations....

If someone finds their IP number on the database, they can remove it themselves.

So far, Ive seen no one come and say "this IP is listed and shouldnt be, its Sun" - give me the IP and I can look into it but anything past that and I dont have the time to start scanning CIDR networks for something that might not even be there. You had the time to contact Sun but not stopforumspam?

I am in the process of coding a reputation system for inclusion in the results but as I code the website in my spare time, its slow progress.

# whois 192.18.8.1

OrgName: Sun Microsystems, Inc
OrgID: SUN
Address: 4150 Network Circle
City: Santa Clara
StateProv: CA
PostalCode: 95054
Country: US


If someone finds their IP number on the database, they can remove it themselves.


You are entitled to your opinion. I am entitled to mine. You are not going to change
mine by arguing with me or acting as if you know more than people you disagree with. All you are going to accomplish is to alienate me because you disagree. So be it.


You had the time to contact Sun but not stopforumspam?


I don't like your combative tone. You can't accept a different view because you are so attached to your work. You act like it is perfectly acceptable for a professional at Sun to be locked out frustrated and that he must spend time to contact a crappy database because the database is so polluted. Nonsense, IMHO. You are free to have a less respectful opinion about your potential forum members :)

The only reason our admins (including me) got involved was because the user was kind enough to contact us (very unhappy and frustrated three times) and ask....

Why Is Your Site Blocking Us???

We apologized and disabled IP checking. I doubt we will turn it on again, and may consider de-installing the mod.

False positive blocks are not acceptable to us.

The Stop Forum Spam db is polluted.

That IP address 192.18.8.1 is in the StopForum database only once so a frequency filter would have prevented this from registering for site admins that are more sensitive to the risk of a "false positive"

That being said, a quick Google search on 192.18.8.1 (http://lmgtfy.com/?q=192.18.8.1) makes it very clear that IP address, while it may be registered to Sun MicroSystems, is not being used just for business purposes. Given the multiple users that appear to be posting from that IP address to various social forums, my guess was that it is a Proxy server or shell server.

Then I started looking into some of the posts:

Luzhou Guestbook Spam (http://www.google.com/url?sa=t&source=web&ct=clnk&cd=18&ved=undefined&url=http%3A%2F%2F74.125.153.132%2Fsearch%3Fq%3Dcac he%3AeyiOHADuiYIJ%3Ahk.hnsn.gov.cn%2FEnglish%2FGue stBook%2FGuestBook.asp%253FtheSort%253D%25E5%2592% 25A8%25E8%25AF%25A2%25E7%2595%2599%25E8%25A8%2580% 2526thetxthead%253D%2526thereplyed%253D%2526Page%2 53D10%2B192.18.8.1%26cd%3D18%26hl%3Den%26ct%3Dclnk %26gl%3Dtw%26lr%3Dlang_en&rct=j&q=192.18.8.1&ei=exZmS8PJL8yGkAXi1pDrDw&usg=AFQjCNFIlIgbWP9e4wm_KQrIADW4faCzJg&sig2=2n4lLnX3Dm7ozt16hOgFgg)

zL81L8 <a href="http://snmljcfzmtft.com/">snmljcfzmtft</a>, url=http://gzvucjsmhtut.com/]gzvucjsmhtut, =http://kuwbknfzbuwl.com/]kuwbknfzbuwl, nbyroolbkvfc.com

Korean University Forum Spam (http://www.edu4.co.kr/cgi-bin/imgboard/imgboard.cgi?type=grp&type_name=html&brd_code=photo&mode=brd_view&art=117&start=675&gl=0&find_item=&find_string=&ordertype=pid)

comment6, zyprexa, viagra, phentermine blue, levitra, zyprexa 5mg, protonix pricing, buy lipitor, discount cigarette, advair diskus generic, cheap american cigarettes, exact replica watches,

Thailand Message Board Spam (http://www.isit.or.th/th/multicms/popup_detail.php?id=5059)

zoloft, zyprexa, phentermine diet aid, pfizer viagra, acomplia, buy effexor, cialis, herbal replacement for plavix, klonopin, singulair, advair, rimonabant 180 pills, nexium cost, pill propecia,

Shopping Site Feedback Spam (http://www.mytoybay.net/shop/prd_view.php?prdcode=0810090002&catcode=140000)

reductil, buy zoloft, doxycycline online, who makes meridia in mexico, lipitor, cialis bloody nose, plavix, buy discount cialis, discount cigarette, singulair, accutane

...and the list goes on for pages.

And in case you're wondering *why* or *how* this could be happening to an IP address that is registered by Sun MicroSystems and whose employees confirm this?

That is because this is a shell server that was compromised in November 2009 and access to various "Premium Accounts" on it are being sold online to spammers, including the root account.

http://www.neararsan.org/karisik-premium-account-archive-by-m0g0l-5-t266276.html?

root SUN-0E4C8F148DB 2009-05-26 16:47:26 192.18.8.1
darinjanke SUN-0E4C8F148DB 2009-05-26 16:47:26 192.18.8.1
darinjanke SUN-0E4C8F148DB 2009-05-26 16:47:26 192.18.8.1
hd226724 SUN-0E4C8F148DB 2009-05-26 16:47:25 192.18.8.1
....etc

This took roughly 2 minutes of investigation to find this using just Google

We apologized and disabled IP checking. I doubt we will turn it on again, and may consider de-installing the mod. False positive blocks are not acceptable to us. The Stop Forum Spam db is polluted.

As I said in previous posts, there is a chance that someone maliciously or accidentally enters a legitimate IP address. There are existing tools to help reduce the risk of false positive on an Admin as well as more long term things such as the reputation system that Pedigree eluded to.

That being said, it is a community of Admins. It is give and take. For the thousands of spammers that don't make it on your site (and the time you save not having to clean up their mess) we ask that you add spammers that do make it back to the database. While there are other sources of the data (honeypots, etc) If Admins deinstalled the mod every time a spammer wasn't in the database the service would shut down and the spammers will have won (oh the humanity!).

The same is true for invalid IP addresses in the database (should there be any). If an admin identifies an erroneous IP, the hope is that they should report it back to Stop Forum Spam to help clean the database up for everyone. While we're working to make that an easier process (and automated validation, etc), again the time you save NOT having to clean up thousands of spammers should more than make up for the time it takes to report a false positive.

Do us both a favor, stop using the database and uninstall the mod because I certainly have better things to do that listen to you rant in whatever thread you decide to post in and I certainly dont have time to drop whatever Im doing to help fix your problem.

That IP looks like a real false positive, I mean, there is no way that a IP allocated to Sun could ever spam right? All those people that reported that box mustve been reporting it as part of some vindictive plan to undermine Sun.

I dont like your attitude, the way that you complain in most threads and the way that you think the world owes you attention. I hope you uninstall my mod and never visit this thread again. Im sure Im not the only one that would be happier not to see you around as well. Mod of the month, 2000+ installs, and Im sure that there are a lot of happy people, some that have PMed me asking (nicely) for help, whom Ive spent hours with. You however are better off without the support of the community that attempts to help others.

Next time, i suggest typing an IP into google. I mean, with your "15 years of anti-spam" experience.... I hope you dont charge by the hour...

No, it was non of those scenarios.

I spoke directly to the Sun employee, who is very professional and very intelligent. They were actually kind enough to contact us and tell us of the problem.

I have a lot of experience with problems with abuse of user-generated blacklists for anti-spam, etc going back nearly 15 years.

The database used for this mod has serious problems.

I like your strategies above to reduce impact and will consider them before removing this mod, which is causing more problems than benefit as our other anti-spam plugins that do not use the Stop Forum Spam database are "pretty good" and do not lock out perfectly good registrations!

PS: There is no way we will spend time reporting problems to the Stop Forum Spam admins. This would take more time that deleting spammers!! The admins of Stop Forum Spam should validate better. Their system is really bad and does block good people consistently, we have seen this.

In addition, anyone can report an IP address and use this malicious to hurt others. It is unfair to put the validation on the end user or forums who have problems. The db should have a better validation algorithm, period!

and

You are entitled to your opinion. I am entitled to mine. You are not going to change
mine by arguing with me or acting as if you know more than people you disagree with. All you are going to accomplish is to alienate me because you disagree. So be it.

# whois 192.18.8.1

OrgName: Sun Microsystems, Inc
OrgID: SUN
Address: 4150 Network Circle
City: Santa Clara
StateProv: CA
PostalCode: 95054
Country: US

I don't like your combative tone. You can't accept a different view because you are so attached to your work. You act like it is perfectly acceptable for a professional at Sun to be locked out frustrated and that he must spend time to contact a crappy database because the database is so polluted. Nonsense, IMHO. You are free to have a less respectful opinion about your potential forum members :)

The only reason our admins (including me) got involved was because the user was kind enough to contact us (very unhappy and frustrated three times) and ask....

Why Is Your Site Blocking Us???

We apologized and disabled IP checking. I doubt we will turn it on again, and may consider de-installing the mod.

False positive blocks are not acceptable to us.

The Stop Forum Spam db is polluted.



Im going to quote this, for future reference, should imported_silkroad decide to edit his post... =

Pedigree, you can't win against these so-called "experts." Just because someone works at Sun doesn't make him some sort of god. The Sun IP address is being used for nefarious purposes and your plugin did EXACTLY WHAT IT'S SUPPOSED TO DO. This isn't a question of a different view, as Silkroad states... The facts speak for themselves.

You can only hold your hand out to offer help so many times before something with rabies goes in for a bite. Ive had to deal with many so called "self appointed experts" before in my full time job. Having to endure someone from IBM, charging $1700 a day, coming in to provide vendor support for IBM websphere and having to show them how to do things. They are everywhere

http://www.googleisyourfriend.net/

Pedigree, you can't win against these so-called "experts." Just because someone works at Sun doesn't make him some sort of god. The Sun IP address is being used for nefarious purposes and your plugin did EXACTLY WHAT IT'S SUPPOSED TO DO. This isn't a question of a different view, as Silkroad states... The facts speak for themselves.

You and Pedigree, et al are being childish.

We talked to the person directly and they are definitely a legitimate Sun employee.

Pedigree can "Google for two minutes" all day long and still not be accurate.

StopForumSpam blocks perfectly good people from registering.

Why do you argue that point like a child with Google in your hand?

Im going to quote this, for future reference, should imported_silkroad decide to edit his post... =

Why should I edit the post?

Your product blocks professionals at Sun.

Your "two minute Google analysis" proves nothing.

We spoke directly to the Sun Employee and he is not a spammer and your software blocked him.

Why argue this point?

Do us both a favor, stop using the database and uninstall the mod because I certainly have better things to do that listen to you rant in whatever thread you decide to post in and I certainly dont have time to drop whatever Im doing to help fix your problem.

Excuse me???

I did not ask you to fix anything.

I am telling you that your software blocks perfectly good users. This makes you upset? Facts hurt your feelings?

You should accept the fact that all rule-based filters that are created by an untrusted community are inaccurate.

Or, I guess the only posts that are acceptable are "We Love You So Much Posts"?

You cannot accept a bit of facts without flying off the handle?

Pedigree, you can't win against these so-called "experts." Just because someone works at Sun doesn't make him some sort of god. The Sun IP address is being used for nefarious purposes and your plugin did EXACTLY WHAT IT'S SUPPOSED TO DO. This isn't a question of a different view, as Silkroad states... The facts speak for themselves.

Wrong.

Blocking professional, legitimate users is called a FALSE POSITIVE.

The software is not perfect and stop trying to make it out to be.

Anyone can place an entry in the dB and that does not make it perfect. Also, anyone can spoof your IP and spam 1000 people then your IP will be in the spammer database as well.

The fact is that the StopForumSpam DB blocks many perfectly legit professionals. We have seen this a number of times.

For God's sake, Pedigree. PLEASE block imported_silkroad or send him to coventry and lets move on. I installed VSFS a week ago. It has correctly blocked hundreds of bot registration attempts and so far I've not seen a single false positive. IMHO, the only thing this guy has proved is he's a flamer and spammer of a different sort.

For some reason, he has an axe to grind. Let's ignore him and move on. While I'll grant your code may not be perfect, it's WAY the hell ahead of whatever is in second place and you're doing what you can to fix it. It's obvious you're not going to perfect it by arguing with imported_silkroad. That's for dang sure.

After all, as he's said several time he's spoken directly to the Lord GOD Almighty who we all now know works at Sun! Arguing with him makes as much sense as arguing with Pat Robertson over whether or not the Haiti quake was Divine Retribution... :p

To HELL with Robertson and imported_silkroad too. Let's spit in their eye and go dig some innocent victims out of the rubble instead. The God I worship would approve of that! :)

My 2 cents worth: Ignore the comments from the peanut gallery!

Oh, I see... Of COURSE you can't block him. This is the vb.org site and they don't let you do that. Duuuhh! It's early here and I'm still working on my first cup of coffee. Sorry. As an alternative, I've decided to ignore future posts from this guy and move on.

Installed. Good to see a coder like you Pedigree actively involved in this thread and product. As a new forum owner, I'm hoping this thing helps a LOT! :-)

-Tom

It WILL help a LOT. Trust me. It will! :D

pedigree...

I absolutely LOVE this mod! I've had it installed for quite some time now...and it does exactly what it's supposed to do. Thank you very much!

As for those other negative posts...I would have done exactly what you have done...ignore them. It's just someone looking to get a rise out of you. No need to feed the trolls...know what I mean?

By the way...funny how your mod is to blame for blocking legitimate "professionals". I was under the impression it's not your database...but StopForumSpam's database. Shouldn't this guy be complaining to them? Duh!

There's one no matter where ya go...if not, they come looking for ya!

Great work, pedigree...keep on keepin' on!

You really have no clue, please go away...

Youre now on my ignore list, congrats, youre the first.

Anyone else here disagree with me?

Hurray! Good for you, Pedigree. Me too.

Locking out one potential legitimate forum user (a false positive) from a company like Sun Microsystems (or any good company) is not worth the benefit of the few spam posts that occasionally make it past a captcha or random question anti-spam measure.

Our forums (obviously it seems) value members and users more than those here demonizing our concerns, which we voiced here as an FYI only. Weaknesses in user generated rule-based lists are well established. Here is a statement from the user who was locked out by this software and the DB:

Re: StopForumSpam DB and Sun
Hahaha. https://vborg.vbsupport.ru/external/2010/02/14.gif Thanks for the info.

Few more in formations:

The server which I'm using a shared SunRay server. It's used for internal needs I think.

And most of my frustration was from the fact that I had no clue why my registration was invalid. I got an info that I'm a spammer and nothing else. Was that because of my login / email / IP address? I can't recall the exact error message, but I can't remember anything like this. I could overlooked something, but I don't think that the case.

Thanks for help that time. I'm not a happy camper.


Pedigree and others can demonize me (and others) for telling the truth, if it makes them feel good. However, as for us, we value our users much more than folks here, anti-spam at any cost zealots, seem to.

As I said, we have disabled IP checking in this mod and may disable the entire mod if we see more false positive complaints from our user base. We don't need a mod that locks out legitimate users via a polluted database generated.

My apologies if the developer's feelings are so fragile that he cannot deal with the fact that this mod and the DB is guilty of false positives and locking out valid forum members.

The truth is obvious and there is no reason for emotional argument and debates on this topic.

I will never understand why technical people become so in love with a technology that they will demonize anyone who does not stand up and shout "how much they love it".

This mod is useful, but it is far from a perfect system.

Locking out one potential legitimate forum user (a false positive) from a company like Sun Microsystems (or any good company) is not worth the benefit of the few spam posts that occasionally make it past a captcha or random question anti-spam measure.

Oh yes it is! Seriously if sun are going to use spammy ips then it shouldn't surprise them when they get blocked from sites online. I doubt the ip is only in one database either.

Why are you even looking at this mod if you only occasionally get spammers anyway?

INSTALLED on mousepad.mouseplanet.com (http://mousepad.mouseplanet.com) along with the "Submit (https://vborg.vbsupport.ru/showpost.php?p=1650801&postcount=289)" plugin.

Thanks!

Oh I wish I had read your forum before going to Disneyland in LA.

As I said, we have disabled IP checking in this mod and may disable the entire mod if we see more false positive complaints from our user base.

It seems that you completely missed (or ignored) post #875 (https://vborg.vbsupport.ru/showpost.php?p=1971708&postcount=875) in this thread, where someone else took the time to research the IP in question. Post #875's author not only provided proof of spamming by that IP going back to January 18, 2010, but they also gave you the Google link so that you could see it for yourself.

Therefore, the listing for that IP in the Stop Forum Spam database is a legitimate entry. Your concerns should be taken to Stop Forum Spam, not hashed with the author of this add-on.

Also, the add-on has the capability to allow or deny registration based on whether the registering person/bot is listed in the database:

If "check database for username" is selected:
Username found in database: allow or deny registration?

If "check database for email address" is selected:
Email address found in database: allow or deny registraton?

If "check database for IP address" is selected:
IP address found in database: allow or deny registration?

Pedigree specifically wrote these options so that you could configure this add-on to settings that matter to you. If you don't want to check IP, then don't check it. Same with username or email address. It's not Pedigree's fault that you selected options that were later found to be restricting registrations to your forum.

(And personally, if someone told me they were using their employer's "internal server" to access the Internet, I'd smell a fish. Isn't the whole point of an internal server to keep it isolated from the external Internet? How did a server that is isolated from the external Internet manage to reach your forum? :confused:

All this person had to do was register from their home IP, this would get them around the Sun IP ban, and then they could use your forum from work. Unless they're a spammer who's using the Sun IP as a relay -- in which case, the database worked as intended, wouldn't you agree?)

While I don't use this mod (I coded my own), I do use the stopforumspam website and have been extremely pleased with its results.

I'm actually able to catch 99.9% of the bots before I even check the SFS website. I'm not going to post exactly how because then a spammer might decide to fix their code. However I *do* double-check with the SFS website.

If a certain threshold of matches exist, the user gets auto-banned. If only one or two things match, then they go to the coppa/moderation group. In which case I look over the account manually and see what hit and make a determination from there...

I don't know why someone is whining about a SUN IP address... Is it not beyond possibility that a user's computer there has been compromised? When I worked for Verizon, there were people there that should have never been allowed to touch a computer. They would get them infected with all sorts of crap on a weekly basis (and the IT people would be cussing and swearing as they would walk down the halls)...

I often get hack attemps and port scanning from Amazon IPs... Is Amazon doing it? No... But people paying for their cloud computing services is...

*sigh*

Ra (aka Silkroad, aka the Sun god) got an irate email from one potential member. So what? If your time is SO bloody valuable that you can't deal with a blocked user, why are you out here arguing whether or not this mod, and the associated database, works properly? Can't you get it through your head that an IP being used to attack our board is a BAD THING? If it wasn't for the fact that this mod did work, I wouldn't have the spare time to be out here making comments.

If I was getting spammed from an IP address, I wouldn't care if it was Sun, the White House, or Bill Gates himself, that IP would get blacklisted. I've been running this mod for about two years now and have never had a single legitimate user blocked. More than 95% of the attempts to register on my board are spammers. I have a real job and don't have time to deal with that mess. This mod has made it possible for me to do both.

Is this mod perfect? No...I know of NO software that is perfect. I would dare say that most of us do not run boards for a living. The way you talk, it's important enough for you that you're concerned, and I'd guess that you're being paid to deal with it.

It doesn't work for you? You claim to be some kind of expert...what it the solution, then? You MUST have a viable solution! If you're not part of the solution, as they say, you're part of the problem.

Silkroad, you're mentioning "professional" and "Sun Microsystems" in every post... I'd hate to point it out but it may work the exact opposite on us mere mortals after a couple of times. Putting so much emphasis on it makes it sound like you're actually the janitor ;)

Anyway, standard practice for "professionals" (just as with mailserver blacklisting): contact the server owner, let them know their machine has been blacklisted and may have been compromised. *They* can -and have to if they want it to operate normally- deal directly with stopforumspam.com about their machine being blacklisted. And in your case it seems that thing really has been compromised, if it were mine I'd really appreciate someone telling me.
Complaining about either the forum that runs the mod, or the mod that queries the database, doesn't do anyone any good :)

Love, love, love, this mod. Installed a few weeks ago and it does a great job. Much thanks to the developer.

Is the http://www.stopforumspam.com/ website down for anyone else? I can't connect via web browser, ping, reverse lookup, nothing! :(

Is the http://www.stopforumspam.com/ website down for anyone else? I can't connect via web browser, ping, reverse lookup, nothing! :(

It's coming up normally for me.

Me it's giving me : [REMOTEERR] Unverfied and rejected by policy

and rejecting ALL my "normal" registrations... is their server down?

Great mod. Just installed it this morning and it's working already!

It wasnt down but GoDaddy (who, in my opinion are the internets biggest joke) decided to drop all the DNS for our domain and restarted returning NXDOMAIN for all queries (thats Non-existent Domain)

Its not the first time they decided to randomly screw with us and we are going to move the domain reg off NoDaddy to some company that isnt sh*t (in my opinion)

Me it's giving me : [REMOTEERR] Unverfied and rejected by policy

and rejecting ALL my "normal" registrations... is their server down?

You might want to change the policy to log and accept on connection errors.

Errors still occurring even after the DNS update.
Users attempted to register receive this:
"Registration denied. We check new registrations against a database of known forum spammers. At this time, we are unable to contact this database to verify your registration. We are sorry for the inconvenience but please do try again later."

Errors still occurring even after the DNS update.
Users attempted to register receive this:
"Registration denied. We check new registrations against a database of known forum spammers. At this time, we are unable to contact this database to verify your registration. We are sorry for the inconvenience but please do try again later."

Maybe your servers dns server is caching a nxdomain result. try this

<?php
var_dump(@gethostbyname ('www.stopforumspam.com'));
?>

Upload that to your server and post back what results it gives

Maybe your servers dns server is caching a nxdomain result. try this

<?php
var_dump(@gethostbyname ('www.stopforumspam.com'));
?>

Upload that to your server and post back what results it gives

Sorry for the question, where do we put that? vbstopforumspam.php?

create a new file called anything, like testsfs.php, and upload it and then load it in your browser. It reports back the status of your servers DNS resolution.

OK, thanks!

I'll report back with results.

Results:

string(21) "www.stopforumspam.com"

Still getting: [REMOTEERR] Unverfied but allowed by policy

that's odd, it should have returned something like:

string(13) "208.91.135.54"

That shows that DNS isnt resolving. Try this one, which might or might not work as some hosts dont allow exec()

<?php


exec('TERM=xterm nslookup www.stopforumspam.com', $dig, $error );
echo nl2br(implode("\n",$dig));
if ($error){
exec('TERM=xterm nslookup www.stopforumspam.com 2>&1', $error );
echo "Error: ";
exit($error[0]);
}


exec('TERM=xterm dig www.stopforumspam.com', $dig, $error );
echo nl2br(implode("\n",$dig));
if ($error){
exec('TERM=xterm dig www.stopforumspam.com 2>&1', $error );
echo "Error: ";
exit($error[0]);
}
?>

Get this:

;; Got SERVFAIL reply from 209.172.41.202, trying next server
Server: 209.172.41.202
Address: 209.172.41.202#53

** server can't find www.stopforumspam.com: NXDOMAIN
;; Got SERVFAIL reply from 209.172.41.202, trying next server
Server: 209.172.41.202
Address: 209.172.41.202#53

** server can't find www.stopforumspam.com: NXDOMAIN


; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www.stopforumspam.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62401
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.stopforumspam.com. IN A

;; Query time: 0 msec
;; SERVER: 209.172.41.202#53(209.172.41.202)
;; WHEN: Thu Feb 4 10:02:06 2010
;; MSG SIZE rcvd: 39

ok, your webserver is hosted at iWeb. The server is failing to resolve the IP to the domain. There really isnt anything that you can do to hurry it up other than to ring them and give them a "oh, DNS isnt working"

Sorry :(

Most DNS can take up to 24 hours to propagate, depending on the DNS servers configurations.

ok, your webserver is hosted at iWeb. The server is failing to resolve the IP to the domain. There really isnt anything that you can do to hurry it up other than to ring them and give them a "oh, DNS isnt working"

Sorry :(

Most DNS can take up to 24 hours to propagate, depending on the DNS servers configurations.

I sure will ring them up!

Thanks!

great mod pedigree, certainly stopped all the ahole bots from signing up and trolling my board. I was getting like 10 a day! A++ :)

Here are the results:

Server: 208.116.30.21
Address: 208.116.30.21#53

** server can't find www.stopforumspam.com: SERVFAIL
Server: 208.116.30.21
Address: 208.116.30.21#53

** server can't find www.stopforumspam.com: SERVFAIL


; <<>> DiG 9.2.4 <<>> www.stopforumspam.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64946
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.stopforumspam.com. IN A

;; Query time: 92 msec
;; SERVER: 208.116.30.21#53(208.116.30.21)
;; WHEN: Thu Feb 4 18:03:30 2010
;; MSG SIZE rcvd: 39

Im hoping that some of these dns failures are fixing themselves now.

Not one bot registration got past my junk yard dogs, vBSFS and STRB in the past 10 days. Legit users got in without issues. But between them vBSFS and Stop The Registration Bots (https://vborg.vbsupport.ru/showthread.php?t=183917) stopped every single bot.

Way to kick butt, pedigree. {loud applause, cheering, foot stomping, howling and wolf whistles} I say, HELL YES!!!

Thank You!!! :D :up: :up: :up: :up: :up: :up: :up: :up: :up: :up: :D

This wasn't working on my site for the last couple of days and as a result nobody could register. I turned it off three hours ago and since have had 20 spam registrations.

Luckily the DNS now seems to be working again and so I've turned it back on again.

This little outage has made me doubly appreciate just how vital this mod is to ANYBODY running vbulletin. If you have to install just one mod, make it this one!
:D

@burlesque: While I don't suspect SFS will be moving DNS again soon, to future proof yourself, be sure to set the "on network connection issue" in the SFS Mod settings to allow registration instead of rejecting.

@burlesque: While I don't suspect SFS will be moving DNS again soon, to future proof yourself, be sure to set the "on network connection issue" in the SFS Mod settings to allow registration instead of rejecting.

That's actually a good idea.

@skippybosco: Yes, I agree with djbaxter this IS a good idea. That's why I already had my installation configured that way.

I also increased my local cache retention time from 30 minutes to 480 minutes (8 hours) and I increased my local log retention time from 30 to 60 days. increasing the cache time dramatically reduces the number of lookup requests I send to the central server and greatly reduces the likelihood I'm going to find that server too busy to handle my requests. At the moment, my server processes and rejects about 120 bot registrations a day (that's 5 per hour). By increasing my cache time from 30 minutes to 8 hours, I'm retaining just 40 records in my recent registration attempts cache rather than 3; but I've reduced my load on the central server to roughly 1/13th of what it would have been otherwise.

In short, from what I can tell by increasing my cache time to 16 times as long, I've reduced the load my site places on the central server over 92% and I've also improved the performance of SFS on my site because its getting a local cache hit in many more cases rather than waiting for 3 database queries to occur on an overloaded remote server. Frankly, I recommend those changes to EVERY site that's using SFS. I suspect we'd totally eliminate the central server performance issues if we did this.


@pedigree:

I'm confused about something here. It occurred to me this evening that I never actually saw anything that said this addon checks its own local database of rejected registrations using the registering user's email address, IP address and username BEFORE it goes off to the central server to check the database there. Yes, I realize it looks in the local cache covering the last xx (user configurable) minutes of registration attempts before it goes to check the host, but since the "standard" user-configurable cache time is set at 30 minutes whereas the local rejected user registrations table involves weeks or months of rejected registration history (I'm keeping 60 days of history) it seems to me the load on the central SFS server could be HUGELY reduced by increasing the cache time to 4 or 8 hours and then checking BOTH the cache from the last (user configurable) minutes and the local rejection log database for the last (user configurable) days rather than going off to check the central database practically everytime a bot tries to register on any site.

For example, my site receives about 120 bot registration attempts per day. That's 5 per hour or 2.5 bot registration attempts every 30 minutes. Compared to the 1,200 rejected bot registrations captured in our local SFS rejection log in the past 10 days, that suggests the 30 minute local cache is so small it's almost useless.

As I examine my own local SFS rejection log which already contains 1200 bounced registration attempts after just 10 days, I can see many of these bots come back time after time every day and try registering with the same IP address, username and email address over and over again. Furthermore, many of the bot registration attempts occur day after day several times per day and then the bot goes away and comes back again after 24 hours or so. With those behavior patterns in mind, it looks to me as if the load on your central server could be cut WAY down to maybe 5% or 10% of the current load if the hack was just modified to first check the local cache, then query the local rejection log for the last 5 or 10 or 15 or 30 (user configurable) days BEFORE going off to ask the remote server if this registrant has been reported as a spammer by any other site. If you combined this mod with a signficant increase in the cache time it looks to me like you'd eliminate most of the query requests the central server now sees -- especially on sites that have been around a while.

It's just a suggestion, pedigree, but I suspect if you'd just increase the cache time and make this one simple change to your look-up logic your problems with database and name server performance at the central server will completely disappear. As it stands now, with at least 1000 sites using your product and accessing your database and an average of lets say 120 bot registration attempts per day per site (that's my own site's average), that says at least 5,000 bot registration attempts per hour (that's up to 15,000 central database queries per hour) are being handled by your product worldwide. However, since recording the fact that they're using your software is NOT mandatory here for ANY webmaster, I'll bet that 1000 site estimate is low and the actual number is 2 or 3 times that. Even if we assume half those 5,000 bot registration attempts are never reaching your central database because the local cache is blocking them (with a 30 minute cache time I'll bet the percentage being blocked locally is much lower than 50%), that still means your local database receives up to 7,500 query requests per hour to look up the IP address, email address or username of a bot who in all probability has visited the requesting site one or more times in the past few hours, days or weeks.

If my "SWAG" is right and there are actually 2,000 or 3,000 sites using your software rather than the 1,000 sites shown as having clicked "install" here at vbulletin.org, then your central server could be receiving 15,000 - 22,500 query requests per hour. That starts to sound like a helluva LOT of database work and would certainly explain why the central server is overloaded. To make matters worse, if my guess about the local cache hit rate is correct, then you're getting a much smaller percentage of local cache hits than the 50% I assumed above. In that case, your central server's database workload could be as high as 30,000 to 67,500 query requests per hour rather than 7,500, 15,000 or 22,500.

But the good news is, if my hunch about the cache time being too short is correct, you could reduce that query load by 93% just by increasing the cache time from 30 minutes to 8 hours. That would cut a central server query load of 50,000 requests per hour to about 4,000 per hour. And if the 7,500 queries per hour request is a more accurate estimate, by increasing the cache time, you'd decrease the central server workload from 7,500 to about 600 queries per hour.

If you increase the cache time, check the local cache first and then query the local log file second BEFORE going to the central server, you are effectively spreading that 7,500 query per hour workload out across thousands of servers. In doing that I bet you'd eliminate 95% of the load on your central server and everyone who uses your product would see much better performance.

In my mind, that's definitely worth thinking about.

So tell me, what have I missed here, pedigree? Where has my reasoning gone wrong?

I hope this helps.

What I might be able to do is leave blacklisted cache hits, in the cache for 24 or 48 hours, and "no result" hits for 30 minutes. That would help that a bit.

What I might be able to do is leave blacklisted cache hits, in the cache for 24 or 48 hours, and "no result" hits for 30 minutes. That would help that a bit.
I don't mean to be argumentative, pedigree, but what you seem to be saying is my estimates of central database load and the percentage of queries being blocked by the local cache are wrong somehow. You're the expert. There's no denying that. But I don't see where I went wrong. :confused: With an average of 120 blocked bot registration attempts a day (1,200 bot registrations blocked in 10 days) on my site, that's an average of about 5 bot registration attempts per hour or 2.5 every 30 minutes. If those numbers are right, and based on my log file, they certainly seem to be, how can that 30 minute local cache be blocking very many bots? :erm:

I don't get it. What have I overlooked? Is the problem that bot registration attempts tend to be concentrated (and thus are much higher) at certain times of the day? Is THAT where my logic went wrong?

Thanks!

i just want to say thank you pedigree
its awsome ,i got it running some moths and not ONE spammer came past them dogs
big big thank you ,its a true time saver

You're right, denman. This product is an absolutely great tool.

Searching back through logs = extending cache times but without the headache of parsing another table when I have the mechanism in place already.

Were working an the figures on about 6000 unique IPs generating 600,000 api calls per day. Most arent cached like my mod does. Im only aware of two that are, mine and First defense against spam for wordpress.

At the moment, Im concentrating on finishing the almost total recode of the website, api etc.

Okay. I get it. I think you're saying there's no need to add a log scan when you already have the cache scan working and can easily increase the cache time. Makes sense. Also makes sense to only keep not found items in the cache for 30 minutes or so but keep the found (blacklisted) items in the cache longer. Again, the goal is to reduce the central server load. Why waste its time and energy checking on a bot it rejected an hour or two ago trying to join the same site?

Gotcha. Over time, perhaps you should consider dynamically adjusting the size / duration of the local cache size based on time or the volume of requests processed by that site. That way smaller sites with lower volumes might be able to cache 24 or 48 hours of requests and drastically cut their reliance on the central server while larger / busier sites would not be penailzed because they receive more requests but might rely more heavily on the central server instead. For instance, you might cap the size of local cache at say 300 / 600 entries or 24 / 48 hours whichever came first. It's a thought.

600,000 calls per day is 25,000 calls per hour or 417 calls per minute. With that volume of requests, it's no wonder you're having DNS server outages and server/DB overload problems. I'll bet you cut that load in half by increasing the local server cache time to 12, 24 or 48 hours.

I'll bet Floris and other busy site operators like him would approve of this approach and small site guys (like me) will get better performance and less service outages too.

Good solution! Hope my thinking about this helped. :)

Trying to get this working on 3.8.4 and all I get is 'invalid file specified' when trying to import it in the AdminCP. Have uploaded the files a second time with no luck. Never had any previous versions of this file installed.

Any ideas?

Exact same problem here on v3.8.4 patch level 2.

Have tried browsing to the file from my local machine as well as uploading direct from server.

Trying to get this working on 3.8.4 and all I get is 'invalid file specified' when trying to import it in the AdminCP. Have uploaded the files a second time with no luck. Never had any previous versions of this file installed.

Any ideas?

Exact same problem here on v3.8.4 patch level 2.

Have tried browsing to the file from my local machine as well as uploading direct from server.

Why not try the 3.8x version? https://vborg.vbsupport.ru/showthread.php?t=222536

Why not try the 3.8x version? https://vborg.vbsupport.ru/showthread.php?t=222536

Exact same problem I'm afraid. Sorry, no idea how I ended up in this thread, thanks for the heads-up.

The 3.6 and 3.8 versions are exactly the same and the only difference between them and the 4.0 version is that the 4.0 version has a slightly different mod ID as the forums here dont allow ID duplicates.

Ive never been able to reproduce the invalid file on import as I always import

product-vbstopforumspam.xml

And I have it running myself on 3.8.4 PL2

Is there a problem with this plugin?? Did the Spammers find a way around??? I have been getting many registrations the last few days from spammers, and most of them are listed on the Stop Forum Spam site, but are still being allowed to register????

John

Is there a problem with this plugin?? Did the Spammers find a way around??? I have been getting many registrations the last few days from spammers, and most of them are listed on the Stop Forum Spam site, but are still being allowed to register????

John

There was some downtime on the sfs site which meant that if you had the mod set to allow registrations if the ip/name/email check timed out they'd get through.

Had a couple of nasties myself

Where is the vBSFS cache stored by the way, in the vB SQL db or a separate file somewhere?

vbstopforumspam_remotecache table in mysq

Ive got a small bug fix due for release shortly, that touches on the caching

the problem continues, dropped you PM with the IP of the server.

Exact same problem I'm afraid. Sorry, no idea how I ended up in this thread, thanks for the heads-up.
Try downloading the patches from this site again, Then obviously, you'll want to unzip them and then upload them to your server again. Certainly sounds to me like something got glitched somewhere.

I'm only running vb 3.8.1 on the site where I'm using this addon; but I'm not seeing any issues of the type you describe at all.

I'd say roll back and start over from the very beginning (including the download and the extract from the ZIP file) and see if that doesn't solve it. Also please note this comment from the install instructions:

If you cant see the logs in ACP/ Statistics and Logs, then you didnt upload the contents of the "upload" folder.... Its there for a reason, upload its contents to the root of your forum. This isnt an issue, its just something that 99% of the "it doesnt work" issues arise from

I doubt that it applies in your case; but it's certainly worth checking.

Good luck. Hope this helps!

Floris is all fixed so just ascender to go.

If those numbers are right, and based on my log file, they certainly seem to be, how can that 30 minute local cache be blocking very many bots?

Let me try to explain it from how I've looked over the code.

The main need for the local cache is because of where the hook location is in the registration code. Pretend a person (or bot) messes up their registration and the system throws an error (say they messed up the CAPTCHA, or forgot to fill out a required field). The hook to check SFS occurs after every "submit" is hit on the registration page, but before vB error checking and final user saving is done. Thus if a bot is pounding the registration with failed attempts it would in turn be pounding SFS with the same query over and over again. The local cache alleviates this problem since the Username/Email/IP should be the same through several attempts to get a successful registration.

I think it would be okay to cache the definite hits for the long-term, but usually after failing in that one short time-span, you won't see the same user/email/ip combo again. (especially if you already banned the user, which would also prevent the same email address from being used). And if it's a dynamic IP, eventually a legitimate user *could* get blocked because you cached results for several weeks (or are not checking how recent the last bot was seen).

But anyhow, I think having a short local cache is more than sufficient. I've seen bots pound the registration with failed attempts, but still the local cache is not allways effective since they sometimes will try different usernames/emails/IPs when the previous attempt is not successful. Fortunately for me there's tell-tale signs of being a bot (i.e. 10 registration attempts in one second) which gets them submitted to SFS. Also I have other checking that I do before querying SFS to tell if they are a bot, that helps Pedigree out in reducing load on his server.

Let me try to explain it from how I've looked over the code.

The main need for the local cache is because of where the hook location is in the registration code. Pretend a person (or bot) messes up their registration and the system throws an error (say they messed up the CAPTCHA, or forgot to fill out a required field). The hook to check SFS occurs after every "submit" is hit on the registration page, but before vB error checking and final user saving is done. Thus if a bot is pounding the registration with failed attempts it would in turn be pounding SFS with the same query over and over again. The local cache alleviates this problem since the Username/Email/IP should be the same through several attempts to get a successful registration. Aha! As a 40 year coder, this explains a lot! Very helpful. Thanks!

I think it would be okay to cache the definite hits for the long-term, but usually after failing in that one short time-span, you won't see the same user/email/ip combo again. (especially if you already banned the user, which would also prevent the same email address from being used). And if it's a dynamic IP, eventually a legitimate user *could* get blocked because you cached results for several weeks (or are not checking how recent the last bot was seen).

But anyhow, I think having a short local cache is more than sufficient. I've seen bots pound the registration with failed attempts, but still the local cache is not allways effective since they sometimes will try different usernames/emails/IPs when the previous attempt is not successful. It's interesting that you say this. Having carefully studied my log file, that's not what I see at all. I see the same bot coming back time and again using the same email, IP address and username but over gradually longer time periods (wait 1 second, wait 10 seconds, wait 30 seconds, wait 2 minutes wait 5 minutes wait 10 minutes, etc.) as though it's deliberately TRYING to figure out how long my cache lasts. Then after an hour or so of failed attempts it goes away for several hours and comes back to try again later with all the same info. That's why I figured the longer-term cache would help keep these a-holes from loading down the central server. Fortunately for me there's tell-tale signs of being a bot (i.e. 10 registration attempts in one second) which gets them submitted to SFS. Also I have other checking that I do before querying SFS to tell if they are a bot, that helps Pedigree out in reducing load on his server.

Thanks, eco_Jason. This explanation was very helpful even though it doesn't quite fit the bot behaviors I've observed. One thing I have realized over the past 3 years is that if one works out a strategy that is highly effective in defeating these borg-beasts they soon begin to deliberately study you to figure out how you're defeating them and try to devise a strategy to work around your protection technique. For example, the appeal of one of my sites is primarily U.S.-Regional So 2 years ago I decided I could block 99.999% of bots just by blocking and/or removing all registrations from anywhere in the world outside the 7 major U.S. and Canadian time zones. This was virtually 100% effective for months. In fact it was so effective I eventually set the underlying mysql query up as a cron-ed script and ran it every 15 minutes 24 hours a day 7 days a week. Presto. NO more bots! It worked perfectly for months.

Then one day I noticed I had a new registered user whose name was "FigureOutTimeMachine" (I'm not kidding you. So help me God, that WAS it's name!). Then within a few days my "time zone defense shield" suddenly didn't work anymore because the bot authors had rewritten their code and were now deliberately lying to my server about what time zone they came from.

Frankly, I suspect we may be seeing different attack patterns and strategies because the bot-authors are using their tools to study how our defenses work in deliberate targeted efforts to figure out how to defeat them. If THAT doesn't increase your paranoia level, it sure should! It says our enemies are studying us and getting smarter about how to defeat our best defenses every day... :eek:

Thanks again for the explanation, Jason. I'm not afraid to say that even after 42 years in the IT field, I'm still learning. Anyone who doesn't believe we're fighting the skirmishes of the world's first cyber war should come spend a few months on the front lines with us. They'd learn they're wrong real fast.

Just in the past few days I've had people contact me that are trying to register and they are not spammers.

I'm going to have to disable this and find something out it seems.

@TMH63: Have you verified that their IP/Email/Username are in fact part of the SFS database?

As I've seen the "I have to disable this mod" statement a few times in the last few weeks, it is probably worth reiterating that you do not have to block users that are caught by SFS. Instead have those users put into a more restrictive usergroup which either has their posts validated via Akismet or has it's posts manually validated by your site moderators. You can then set an automatic promotion strategy (based on time, # posts, etc) to move them to a less restrictive usergroup.

This gives you the best of both worlds... even in the rare case there is a false positive, your users can still register and post, while at the same time having peace of mind that content is being vetted before it is being presented to your users.

Just in the past few days I've had people contact me that are trying to register and they are not spammers.

I'm going to have to disable this and find something out it seems.

I've been experiencing the same problem the past few days as well. When looking at the vbStopForumSpam logs, it will frequently show an "Allowed registration" message yet the user account is non-existent. Sometimes the users contact me and complains, or sometimes the users try and try again, and I'll see the same "allowed registration" message multiple times (with different timestamps) until eventually the account is actually created.

The dead giveaway that there is a problem finalizing registrations is with the spam bots and their method of changing their email address and/or IP address. When I look at the log I'll see the same spam username getting the "allowed registration" message numerous times, all with different timestamps, different email addresses, and different IP addresses. So this would confirm that the user is attempting to register, being allowed to register, but then something goes wrong.

On a plus side, the mod is still working in the sense that I still see users being rejected based off of the stopforumspam queries.

EDIT: Question. If a user fills out the registration form, and enters the captcha wrong, doesn't enter a password, or makes some other error on the registration page, does this script still query stopforumspam? If so, my original assumption that this script is malfunctioning may be wrong, it's very likely then that some of my users are failing to fill out the registration form correctly which would explain the numerous "allowed registration" messages as they try to fill out the form.

Suggestion:

At present, it seems the name search is not on exact match - at least, if I enter a name as a manual search it's not (e.g., dan will be flagged as matches to daniel, dan123, rodan, etc.).

It should either be eliminated as a potential criterion or made so that only exact matches will work to ban a registration, as it is for email addresses and IP addresses.

Suggestion:

At present, it seems the name search is not on exact match - at least, if I enter a name as a manual search it's not (e.g., dan will be flagged as matches to daniel, dan123, rodan, etc.).

It should either be eliminated as a potential criterion or made so that only exact matches will work to ban a registration, as it is for email addresses and IP addresses.

This script doesn't use a "search" it checks for a yes or no.

For example, dan would show up as a yes via this page:
http://www.stopforumspam.com/api?username=dan

Does this mod work for vB4?

yes.

This script doesn't use a "search" it checks for a yes or no.

For example, dan would show up as a yes via this page:
http://www.stopforumspam.com/api?username=dan

You misunderstand me.

The point is how "dan" is checked - and against what. Would you get a "yes" if the member was dan because it matched with daniel, dan2010,123dan, etc.?

Try a manual search: http://www.stopforumspam.com/search?q=dan

My hypothetical member "dan" isn't any of those 500 listed but seems to be considered a match. It should not return a "yes" unless it finds a "dan" in the spam list, not a "jordan" or anything else.

There are 2 downloads available in the mod post.

1 XML file and the Zip folder

The Zip folder includes an XML file too but with another name. Which XML is the newest version?

You misunderstand me.

The point is how "dan" is checked - and against what. Would you get a "yes" if the member was dan because it matched with daniel, dan2010,123dan, etc.?

Try a manual search: http://www.stopforumspam.com/search?q=dan

My hypothetical member "dan" isn't any of those 500 listed but seems to be considered a match. It should not return a "yes" unless it finds a "dan" in the spam list, not a "jordan" or anything else.

That's because the search is likely setup to search through the database. The API is likely setup for a precision response.

Example:
http://www.stopforumspam.com/api?username=jor <--- shows as NOT a spammer
http://www.stopforumspam.com/api?username=jordan <--- shows as a spammer

Tommyc, is there any possibility your site is running both this tool and either the ISBOT or the Stop the Registration Bots tools?

When I first installed vBSFS and ISBOT, I was seeing the same symptoms you describe on my site. The vBSFS log showed "registration allowed" but the user never showed up as a completed registration. After carefully checking a few of those users, I realized most of the ones that made it past vBSFS were being blocked by ISBOT because the user registered too fast. I was able to prove this because ISBOT always sent me a "Bot Registration was blocked" explanatory email when it blocked a registration and in each case where a "registration allowed" message was in the vBSFS log but the user never appeared in the vb_user table, I got an email from ISBOT explaining why the user was blocked. Furthermore when I looked at those "registration allowed" users based on the info vBSFS had recorded (username, email and IP address), there was always something about the user that would have caused me to block or remove them manually anyway.

For example, the same username, had been used in previous registrations that were blocked by vBSFS because either the email or IP was already in the vBSFS database even though the username was NOT. However, THIS TIME the bot managed to pick a combo of username, email and IP vBSFS didn't yet have on file and had thus managed to sneak past the vBSFS database tests. Yet after maneuvering past vBSFS the registration was blocked by ISBOT for the reason I mentioned earlier.

After a few days of that, I uninstalled ISBOT and installed "Stop The Registration Bots" instead. I did so because that tool has even more tricks in its bot-blocking reportoire (like hidden/required form fields with names that can easily be changed) that are designed to improve the tool's ability to thwart registration bots.

One thing I did notice, after changing from ISBOT to "Stop The Registration Bots" was I stopped getting the "Bot Registration was blocked" emails that were always sent by ISBOT. I haven't figured out why those emails are not being sent by "Stop The Registration Bots". It may be a bug in the addon that causes this, or the email may be getting blocked by my spam filters or maybe there's an email address issue. All I know is I'm not getting those emails the way I did with ISBOT. Yet, in every case where I've seen a "registration allowed" message in the vBSFS log but the user never appeared in the vb_user table; if I examine the vBSFS log's info carefully, I find either the username, email address (gawab.com or mail.ru, etc.) or IP address tells me the registrant is a bot I'd have manually deleted anyway. In short, though I didn't get the expected email I'm convinced "Stop The Registration Bots" based on the rules it uses.

If my hunch is right, the same thing may be happening to you. When vBSFS fails to detect the registrant as a bot and lets it pass, "Stop The Registration Bots" blocks it based on its design criteria.

That would explain why so many are seeing "Registration allowed" entries in the vBSFS log but can't find the users in vb_users.

Are you running "VBStopForumSpam" and "Stop The Registration Bots" too?

Thanks.

Works like a charm on vb 4.0.2 :D

There are 2 downloads available in the mod post.

1 XML file and the Zip folder

The Zip folder includes an XML file too but with another name. Which XML is the newest version?

Any help?

i use the one in the zip

How can I rebuild the postbit like the author mentioned in his topic post?

Also noticed another issue. I created a test account and after registering it showed this message:

Registration denied, this forum runs an active policy of not allowing spammers. Please contact us via the "Contact Us" page link if you believe this is in error

Why did it classify me as spammer?

When I first installed vBSFS and ISBOT, I was seeing the same symptoms you describe on my site. The vBSFS log showed "registration allowed" but the user never showed up as a completed registration.

I only run vBSFS, coupled with reCaptcha. I see "registration allowed" for several vBSFS log entries, some of which finally make it through to a complete registration, others don't. These entries are usually within a minute apart.

My theory is that when someone fails the reCaptcha, and is returned to the registration screen displaying the reCaptcha image, the vBSFS routine runs again.... causing multiple log entries for the same person.

That's because the search is likely setup to search through the database. The API is likely setup for a precision response.

Example:
http://www.stopforumspam.com/api?username=jor <--- shows as NOT a spammer
http://www.stopforumspam.com/api?username=jordan <--- shows as a spammer

Thank you. I didn't get a notification for your reply for some reason but that is reassuring.

The file called "3.54" is for version 3.5x as stated in the mod description

Also noticed another issue. I created a test account and after registering it showed this message:



Why did it classify me as spammer?

Any help? :(

@TMH63: .... even in the rare case there is a false positive, your users can still register and post, while at the same time having peace of mind that content is being vetted before it is being presented to your users.

To be clear, and sorry to offend any sensitive developers and their loyal supporters, our experience with this mod was not "the rare case [of] a false positive'. We found many cases of false positives. We only found a "rare care" in that people would not just get angry and never return, because no legitimate users likes to be called a spammer. The "rare cases
are the ones who will take the time to contact board admins and mods after repeated humiliation and rejection. It is very offensive to users to be rejected as a spammer because they wanted a user name called "dantheman" (just an example) and a spammer somewhere in the world has the same name.

By using CAPTCHA and a few simple bot checking programs, we never had a problem with spam prior to installing this mod, we simply installed it to test it (open minded and very eager for it's success). We have since disabled it because of the false positives; and instead of this rule-based system, we installed a very efficient Bayesian Anti Spam classifier we are very happy with. Our statistical system (AI) works much better than a rule-based mod, especially when the rule base is generated by "community" where it is easy to submit anyone to the DB and time consuming to get out of jail.

Finally, we are not trying to "sell anything" and don't want you do download any of our software (we have none), nor do we want to make a name for ourselves, nor do we have any conflict of interest at all. We simply warn our fellow forum friends that community-driven rule-based systems, all of them, not only this one, are well known for false positives, more than well trained statistical based systems.

What the developers are doing is noble and their heart is in the right place. Folks will benefit and many will simply think the system works well as it blocks both spammers and legitimate potential users .... because most blocked legit users will simply leave your forum, silently, and go elsewhere. This is human nature.

In closing, false positives are not rare in rule-based systems like this (community contributed). What is "rare" is for rejected users to take the time to contact your board and explain what happened. Rejected users generally just get angry and go elsewhere. That is a consequence of running a system prone to false positives.

We disabled the mod and did not do it because we were angry, upset or unhappy with the zeal and passion of the supporters here. We disabled it because it does not work for us because too many false positives. Plus, we don't like having registration checks dependent on a third party server up or down, especially when it adds little value to our forums.

It is very offensive to users by be rejected as a spammer because they wanted a user name called "dantheman" (just an example) and a spammer somewhere in the world has the same name.

This part echoes the concern I expressed earlier. There is a simple resolution: Check the email address and the IP address and skip the name check. Spammers rotate the names they use anyway, so it's not really helpful and may be harmful.

@Pro-eSports.com: What does the SFS Log say as far as what it matched on?

Find out your IP (http://www.whatismyip.com/) and search the SFS database (http://www.stopforumspam.com/search) and see whether your IP, User or Email is present.

0 entries found but as far as I know IP's change after every router re-connect. Mayb you're right and I had a spammer IP. When I'll reinstall this mod I will check it again. Thanks for the tip.

0 entries found but as far as I know IP's change after every router re-connect. Mayb you're right and I had a spammer IP. When I'll reinstall this mod I will check it again. Thanks for the tip.

If you want to email the IPs , then I can manually check them on the database.

oh the bliss of vbulletin having an ignore option, no more dribble.

This part echoes the concern I expressed earlier. There is a simple resolution: Check the email address and the IP address and skip the name check. Spammers rotate the names they use anyway, so it's not really helpful and may be harmful.

Or change the message to something else, something like "were having site issues at the moment, please try again later"

For someone not using the mod, silkroad does seem to dwell in this thread a lot

thank you for this mod

after i installed it filter every spammer as well. Unfoturenatly, it restrict a person who is not a spammer too,

what can i do !!!

i have manually add new user (taking from spam.. log)

so, everyones who know the best ways to take over this issure

in the log file shown
if the ones who is not spammer : usernam + email + ip ..... (but it is till consider as spammer)
if the ones who is a spammer : unregistered + email + ip

with that result no ones get in my board

any ideas or suggestions will be appreciatied

Best,

manually create the user
stop filtering on one/multiple fields.

Well .... thanks pedigree
i think the board is till better than without the hack
average/day my board has at least 150 spammer or up

thanks for your hack
it's very useful
Best,

Installed.

Re: The code to submit spammers to the database (admincp/user.php hack (https://vborg.vbsupport.ru/showpost.php?p=1646247&postcount=288)):

Appears to work fine on 3.4.8-PL2; though I have to be honest and say I don't really like hacks and will be happy when 0.7 arrives so I can remove it. But thanks anyway, this is a great help. :)

Just a thought about the 'release' version of this hack: Would it be possible to have an option so this only displays for users of selected groups? That would lessen the likelihood of accidentally submitting a valid user to SFS. :)

---Edited to add----
Just found the 3.8 version of this thread so the fact that this hack works in 3.4.8 will be old news to some. Ho-hum. :rolleyes:

hello everyone

if i want to redirect the user who is a spammer into another location on my board after the message " Unregistered - Spammer and rejected by policy "
where can i take a look (of code)????
have any ideas or suggestion will be appreciated

Regard,

I have a very serious problem with this Mod..... all of my Moderators are bored to death as there are no more spammers on our forums. vbStopForumSpam Log Viewer (page 1/156) | There are 2,328 total log entries. and that is like 15-20 days worth I think. I changed the verbage of the message to include a link directly to me and NOT ONE EMAIL STATING A MISTAKE. I also have moderate by country IP address and have all countries that are pertanent to my forums list all others banned and I have 1 person that got caught by that Mod. This is the best thing since sliced bread as we used to get 100-200 a day that would try to rregister from where ever and be from Brazil....as my forums are Snowmobile based that was wrong but they figured out about the ip from what country and started using proxies this stopped them dead in their tracks... Thanks again

Yeah, you're right Eric, I'm having a nearly identical problem. Since I installed this mod on one of my sites on January 25, that site has successfully blocked 4,242 spambot registration attempts and I've not had one complaint of an incorrect blocking. That's approximately 104.46341463414634146341463414634 blocked bots per day. Of course, I can't be certain yet, It could just be beginner's luck or some wierd statistical fluke. Like you, I feel as though I should complain. This mod works too well and as a result, my staff has too much time on their hands these days. Because of that, I have to go everyday and create a few spam posts just to keep my staff busy. ;) :D

:)

you scared the crap out off me

Hi. Please can I ask a question? I have VB version 4.0.2

I've followed the instructions enclosed in the Zip file, and got to the part in AdminCP where we upload the XML file (product-vbstopforumspam.xml). So I did that bit fine I thought as it's whirring away with little yellow dots on the screen at the top.

Yet,it never stops, it says: ''Importing Product Please Wait''.
(This is in the section, Plugins and Product System in AdminCP)

I waited for 1hr for it to complete, am I doing something wrong please? My internet works fine.
There's a little graphic of an expanding thing and it grows and grows like jack and the bean stalk but never ends. :(

Cancelled it and went back to try it again now it says: ''Product 'vbStopForumSpam' is already installed and you did not specify that this product may be overwritten/upgraded.''.

How can it be installed when it never finishes installing?!

I'm sorry if I confused anyone, but I was worried I messed it up as it never stopped installing according to the graphic.

I'm assuming this was your very first install of the product. Is that correct, silly? Or had you possibly installed the plugin in an earlier release of 4.0?

AFAIK, it's not really certified yet to install and run under vb4.0.2. I'd guess that means your installation hung because it couldn't find the required plug-in code points it needed to install successfully. So, I'd guess you probably did no damage. But to be sure you should probably go back and uninstalling the plugin and see what happens. Then roll your code and database back to wherever it was before you started the install.

If you're uncertain about exactly how to do that, wait a day or two for pedigree to show up here and maybe he can give you better advice than I'm able to.

Good luck!

AFAIK, it's not really certified yet to install and run under vb4.0.2. I'd guess that means your installation hung because it couldn't find the required plug-in code points it needed to install successfully. So, I'd guess you probably did no damage. But to be sure you should probably go back and uninstalling the plugin and see what happens. Then roll your code and database back to wherever it was before you started the install.

The 4.x version is here: https://vborg.vbsupport.ru/showthread.php?t=230921

5,282 bot registrations blocked in 52 days and we're still counting. But that means our success rate is dropping. Our average is down to roughly 101.57692307692307692307692307692 bots blocked per day. So far, not a single false positive has been reported! But it's sure as hell boring around here these days... :)

After upgrading my vB 3.x sites to vB 3.8.5 it meant, of course, that I lost the manual edits to submit the user to StopForumSpam.com from directly in the ACP.

So... I came up with a very quick & very dirty plugin to add an option in the postbit. That way if a spammer does make it through and posts something, I can view the post, click on their name in the postbit, hit the 'Submit' button from the drop-down list (which then takes my browser window to the StopForumSpam.com site and shows me the result of submitting the info), hit the browser 'Back' button, and then continue BAU on cleaning up the spam.

Only Super Mods & above should be able to see the 'Submit' button but, for your own sanity, test it out on your site. ;)

Attached is the plugin XML and a screen shot of how it'll look. Notice this is a plugin and not a product! That means you import via ACP => Plugins & Products => Download/Upload Plugins and *not* through the Manage Products screen.

Yes, it's quick & dirty but it serves my purposes.

After upgrading my vB 3.x sites to vB 3.8.5 it meant, of course, that I lost the manual edits to submit the user to StopForumSpam.com from directly in the ACP.

So... I came up with a very quick & very dirty plugin to add an option in the postbit. That way if a spammer does make it through and posts something, I can view the post, click on their name in the postbit, hit the 'Submit' button from the drop-down list (which then takes my browser window to the StopForumSpam.com site and shows me the result of submitting the info), hit the browser 'Back' button, and then continue BAU on cleaning up the spam.

Only Super Mods & above should be able to see the 'Submit' button but, for your own sanity, test it out on your site. ;)

Attached is the plugin XML and a screen shot of how it'll look. Notice this is a plugin and not a product! That means you import via ACP => Plugins & Products => Download/Upload Plugins and *not* through the Manage Products screen.

Yes, it's quick & dirty but it serves my purposes.

Excellent! I was trying as I got time to adapt the old plugin to the new ACP but hadn't got it right yet. This will do the trick. :up:

Oh, damn. Wrong forum. I thought this was for 4.x. :o

Oh, damn. Wrong forum. I thought this was for 4.x. :oBeing worked on. :) Most of my sites are still vB 3.8.x and I'm only using 4.x.x for testing so the vB 3.8.x versions come first.

Good stuff.

I have the mod installed, along with the plug-in to be able to submit spammer info from the admin cp. Seems to be working incredibly well. Only question I have is that when I look at the spam log, sometimes the mod has listed a new registration, but has 'Allowed Registration'. If the modification IDENTIFIED the new registration as a problem in the first place, why would it not block that user from registering? I have it on the default settings, so it should block anyone who has a previously reported username, IP, or email address, right?

It seems inconsistent for the mod to both list the registration in the spam log, but to have allowed the registration anyway? The instances I've seen this occur are ones where the new registration has not yet performed email confirmation. Does that have anything to do with it?

I have the mod installed, along with the plug-in to be able to submit spammer info from the admin cp. Seems to be working incredibly well. Only question I have is that when I look at the spam log, sometimes the mod has listed a new registration, but has 'Allowed Registration'. If the modification IDENTIFIED the new registration as a problem in the first place, why would it not block that user from registering? I have it on the default settings, so it should block anyone who has a previously reported username, IP, or email address, right?

It seems inconsistent for the mod to both list the registration in the spam log, but to have allowed the registration anyway? The instances I've seen this occur are ones where the new registration has not yet performed email confirmation. Does that have anything to do with it?

Been answered several times in the thread. This means that the mod allowed the registration to pass back to vbulletin for further processing.

Attached is the plugin XML and a screen shot of how it'll look. Notice this is a plugin and not a product! That means you import via ACP => Plugins & Products => Download/Upload Plugins and *not* through the Manage Products screen.

Yes, it's quick & dirty but it serves my purposes.

Nice :)

OK... I've been reading for hours and yes I admit, I skipped a page or two here and there...lol

This mods works excellent for me with one exception. Once the registration is complete I get a "Page Cannot Be Displayed" error. A simple page refresh finishes the process but I'm curious if anyone has seen this before?

Forums URL: http://www.fpvfd.com/forums
VB Version: 3.8.2

carmichael1973 - Ive not seen that before. Do you have any other mods installed that might be used in the registration process?

carmichael1973 - Ive not seen that before. Do you have any other mods installed that might be used in the registration process?

I was thinking the same thing. I do have one Mod... Moderate New Registrations Based On IP Geographical Origin (https://vborg.vbsupport.ru/showthread.php?t=198440)

I'll disable it and see what happens!

I was thinking the same thing. I do have one Mod... Moderate New Registrations Based On IP Geographical Origin (https://vborg.vbsupport.ru/showthread.php?t=198440)

I'll disable it and see what happens!

That was it... thanks Pedigree!!! I must say, this mod has significantly reduced the amount of time I spend cleaning up spam posts and users.

Installed on 11/23/2009 - haven't seen a spammer since but the log shows 2800+ blocked registrations (and 85 allowed).

Awesome!

So does this work with 4.0?

Can it be setup to redirect users to "stopforumspam.com" ? if they are on the list?

edit the error message and put a link in there

Goto: -

AdminCP/vBulletinOptions/vbStopForumSpam

Barry

Sorry to bring up an old post, but I don't see any option to add a username exception to any whitelist. I know that proper whitelisting was pushed to another version, but if that's the case, what is the existing option you mentioned?

Right now there's a user who can't register with their username because it has the same mix of caps/lowercase characters of a username being blocked.

Right now there's a user who can't register with their username because it has the same mix of caps/lowercase characters of a username being blocked.

Option A: turn off username checking til after this person registers. Only IPs and/or email addresses will be checked against SFS this way.

Option B: have the person register with another name, then you enter their record in AdminCP and change it to their preferred username.

or create his account and give him the password

the search is not case sensitive

Option A: turn off username checking til after this person registers. Only IPs and/or email addresses will be checked against SFS this way.

Option B: have the person register with another name, then you enter their record in AdminCP and change it to their preferred username.

That's what I thought, but from the earlier posts it sounded as though people found a place to put exceptions.

Thanks!

Works great, thanks.

Installed it without problems. reCaptcha and NoSpam! weren't enough to stop them.