Fantastic mod! Look what they did in a new forum (3.8 RC1), after some hours:

Attachment 90884

Thank You!

I've said this before, I'll say it again.

Thank you, thank you, thank you, pedigree.

I run the back end for http://www.naxja.org. This mod is worth it's weight in gold. If you're ever in the Twin Cities, I'm buying the beer.

If the USA ever drops the Gestapo crap at passport control, I might go back but until then, keep the beers in the fridge :)

agreed, this mod is awesome! :up:

thanks

I just want to say this is probably one of the BEST ways to stop spam that I have found so far, no joke here guys!

I Installed it about 3 days ago because my forum was getting some spam (12+ posts a day of just spam). And as soon as I installed this it virtually stopped the log already has 125 entries of stopped spam.

Keep in mind I have installed almost every other product out there to try to stop spam but it took this one to complete the job thank you very much!

Wow! Just installed this and within 5 minutes had 3 blocked spammers. Great mod!!

I had been spending an hour every two or three days cleaning up the messes left behind by spammers, and blocking IP addresses. The first 24 hours haven't passed yet and I've already blocked 21 attempts.

The plug-in provided by Wired1 (I think) made it very easy so that no coding changes were required.

As soon as they lift the wage freeze around here and give me my well-deserved raise, I'll be happy to send you something for your tip jar!

its blocking about 200-300+ spam registrations attempts per day on my board.

Good to here :)

Pay rise this year = 0%
Train ticket price rise this year = 12%

I know how you feel.

Im playing with the user information process again. So far, on the user info screen for each user, it lists

registrations from this users registeration / last activity subnet
posts from this users registeration / last activity subnet

etc etc - 9 cross references in total, with a list of the most recent 15 (but definable) for each, with a tick box beside each post / user account.

What I want from you is the actions that you would like to see available.

Im integrating the One touch Spam cleanup mod so one of the options will be that,

"Cleanup and ban"

With a radio box that will allow you to submit the data to our database.

So, what other options other than the "delete all pm, posts, threads and ban" would you like to see available?

Happy New Year Pedigree.

One consideration could be scanning the user database for existing users and checking for a match.

While the registration process helps prevent us against spammers as they sign up, having it run manually (or as a scheduled task) would allow us to ban users that have been identified as spammers by the community as a later date, thus reducing the risk of sleepers.

Already suggested this a while back :)

yeah, this is one for a seperate code base or an addition tp it due to the load it could cause of the database. 10,000 forum users = 50,000 possible fields to test, 1 email, 1 username, three ips (registered, confirmation ip, last activity) before you get into every post ip.

Hi pedigree,

Would it be possible for you to expand this mod to apply to guest posting too :) It would obviously only be able to perform an IP address check but that would be sufficient!

Dean

it will handle guest posting in the version im coding (slowly) at the moment

Does it handle guest posting slowly or you're coding it slowly ;-)

oh har har :)

personally, i think if you enable guest posting, youre inviting spammers to hammer the crap out of your board

I only allow it in news forums, so guests can comment on front page items, kind of like blogs :)

Great mod :D

What happens if www.stopforumspam.com/ is down?

What depends on your settings, i have set it to allow registration if site are down.

Hey pedigree,

This sounds perfect for what I need.

Thanks for taking the time to upgrade the Mod. ;)

There are a several batches of registration attempts in the vbStopForumLogs where maybe as many as 20 registrations by the same username/IP are listed, and the log Message shows "Allowed Registration," yet no user account was set up. When these occur, I add them to the SFS database.

What should I make of this, if anything? ...and why was no account created (though I'm not complaining!)?

As covered elsewhere in the thread, this happens when it passes sfs tests and then passes control back to vB for its tests. The registration has failed vB checks/validty and the text really should read "passed SFS testing, passing back to vB for further tests" but thats just way too long.

0.7, its been changed to "Passed"

Oh, I always thought these entries were from bots who couldn't finish the signing up process. Perhaps they still are.

Hey pedigree,

I have a quick question if you don't mind. I have a bunch of pages building up. Is it wise to keep them or should I prun them?

My main concern is if I prune them, the same people will try to register again. Or won't that matter?

Thanks ...

I'd add signatures to that list!

And possibly some way to add all the failed registrations (cfr "vbStopForumSpam Logs") to the SFS DB in a less repetitive strain injury inducing way than copy name -> ctrl-tab -> paste -> ctrl-shift-tab -> copy ip -> ctrl-tab -> paste -> ctrl-shift-tab -> copy email -> ctrl-tab -> paste -> submit -> backspace -> ctrl-shift-tab -> rinse -> repeat. Assuming the IP check is done first, about 10% of registrations seem to come from IPs unknown to the SFS DB, would be nice if we can preemptively exclude those from other board's registration queues :)

@mmurtha - purging logs wont impact anything else. They use minimal database space

@bartech - Ill see how easily I can add failed registrations to the database but as theyre failed, theyve already been caught and are, mostly complete, in the database. It should be as easy (from your point of view) of a tick box that will post back to the code Im writing for the user functions.

Sorry...hadn't read but a couple hundred of the posts and must have missed the one you're referring to. I thought that was might the case, but the IPs and emails were not on my banned lists. One did get through this morning, however, after 11 attempts.

Ditto signatures, as well as homepages. Basically clean the profile. Don't forget profile fields. They LOVE to place URLs in custom ones.


I'd add a button to the end of the row of the log that submits the data. I know I've submitted a lot based on the fact that they're attempting every 3 seconds for 5 min straight. NOT HUMAN! Doesn't hurt that I have another mod that doesn't let you hit the register button for 15 seconds. This way you know if they're hitting it quicker, they're automatic spammers.

Pedigree, at one time you had talked about the possibility of allowing a custom name for the signup link to circumvent (speed bump) script kiddies.. is that still on a wish list somewhere?

I also recall talk of an option to disable registration when javascript is not active.

skippy

Yes, its on my list and it will work like this.

- the register page will maintain a database table with the last time a certain IP address accessed this page. Its an IP address rather than a vB allocated session as the session can be changed very easily with any POST to the page.
- if the register page has already been accessed within a configurable period of time, the page returns an error and no further processing is done. If a time out window is allocated, then a countdown counter is added to the submit button
- the "submit registration" input button is removed from the template and replaced with a javascript implementation of the removed code, ie document.write("<input>...."). The javascript also writes an encoded javascript code block, linking in a AES decrypt function and an encoded key/challenge pair. The script will decode the AES encrypted javascript that will write a random form field. If that form doesnt exist on the post, its a spambot as a non-javascript browser wont see the submit button but rather a "javascript required" message. This differs from other field scripts in that it will have to AES decode javascript and execute (or give this script individual consideration) in order to get the correct field data, where others are easier to process as the spambot can read field text directly out of a HTML page.

This has got to be one of the very best anti spam features to add on to any vb forum.

I cant believe how many spammers this stops each day.

Keep up the good work

works like a charm on 3.5.4

Host recently upgraded PHP and MySQL and I've started to receive these errors (removed real user info)

Any ideas?

I am getting the same thing on 5 sites I have this installed on. Just started getting the errors today.

Mine just started today as well..

I tested the SQL in phpMyAdmin and it is valid. No other MySQL errors show in the VB logs.

I'm running VB 3.7.5.

Whats the exact version of php and mysql so that I can install both and test it.

pedigree, is SFS under heavy load at the moment or a DDOS attack? As I've had a lot of '[REMOTEERR] Unverfied and rejected by policy' results today and the load times are quite slow for the site at the minute.

Just thought I'd ask in case you weren't aware.

Ta

Sy

Can you try this

includes/functions_vbsfs.php

go to line 165 (ish) that reads

$logresult = $vbulletin->db->query($sql);

and change it to

$logresult = $vbulletin->db->query_write($sql);

does that fix its behavior?

Doesnt look like a DoS, just the mysql server is dead slow to respond. The server load is 3, which is next to nothing.

Im guessing that mysql is closing pages due to the unsually long period of time that its taking to query lookups due to the slow remote database server. If youre using cUrl for your lookups, try lowering the timeout period so that mysql doesnt close its connections or increase the timeout period for mysql.