thx i :up::up:was able to import :)

Is anyone using this successfully with 4.2.2 PL1?

Yes, works fine for us.

Same here. Using it on 4 vb4.22pl1 forums.

I've updated this into a plugin, and fixed it for PHP 5.4 support (also vB4.2.2pl1)
Upload this via Admin CP - Plugins & Products - Download / Upload Plugins

I'm getting tons of emails a day on this addon and some legit users are not able to register:

It appears to be working though:
When some users try to register, they say they get a database error.

That happens when the connection to SFS website takes longer than your MySQL connection timeout.

We reduced the CURL timeout (8 seconds I think) in the SFS plugin code to get around it.

I assume your MySQL timeout is 30 seconds which most shared hosts setup.

Thanks for your response AusPhotography.

So I have since uninstalled this mod for the GlowHost version and all my db/sql errors have gone away. I still get the SBS support, so I will be sticking with that plugin.

Just for reference, I did contact GoDaddy, but they would not provide details on the server's settings and said I would need to buy a VPS service at least to get access. Obviously that's not an option as the cost is far more for that vs shared hosting.

I get that error, too.

AusPhotography, is that a solution to the error shown?
I have emailed to get the details checked so I can use StopForumSpam.
It's working perfectly on another forum we have.
This forum is new as the previous was messed up and got deleted. It worked there, too.

Regarding the "MySQL has gone away" errors and register.php requests being tied up for 2 minutes or more...

The CURL timeout in the plugin code is 5 seconds as far as I can tell.

I think the problem is that CURL has a connection error during that 5 seconds where it can't connect to stopforumspam.com


When this happens, it is treated as a normal CURL error and falls back to file_get_contents(url), which I don't think has a timeout. file_get_contents also has trouble connecting and waits a very long time to give up (until after the MySQL link is auto-closed).

If an attacker can detect this situation on your site, they would be able to perform an attack like Slow Loris against a vBulletin forum that uses this mod. It's actually easy to "detect" this situation. SFS limits you to 20,000 API lookups per 24 hours, then blocks your IP which will also cause a CURL connection error. Using only 14 requests per minute (so not really detectable by DOS prevention), an attacker can leverage this limit and trigger file_get_contents for every registration attempt after 20,000. Since your IP is blocked, every request will wait until PHP times out. You will run out of PHP child processes, and your forum will be inaccessible. To protect yourself, you should make the following change.

In includes/functions_vbsfs.php, find and remove all of these:
I would suggest that the author of this mod also makes this change to prevent Slow Loris attacks, or implements stream wrappers with an appropriate timeout set if support for file_get_contents(url) is still needed.