vB.org sent out an auto-update for vBSFS last night, but I only see the 0.6.1 version... Clicked the wrong button there? ;)

@Barteh: Given the updated dates of the files in the .zip I would say it is indeed updated, but retaining the legacy version number. Pedigree eludes to the included fixes a few threads above this one.

Ah, alright. As I'm not experiencing any vBSFS problems right now, I suppose I can stick with my current installed version, then :)

It was to fix an issue with a re-install without first having removed it. There is no need to redownload and reinstall

It was to fix an issue with a re-install without first having removed it. There is no need to redownload and reinstall

Thanks for helping us to reduce spams.

FWIW, we are seeing a significant problem with vbStopForumSpam because of pollution in the www.stopforumspam.com database.

For example, the other day we found that the www.stopforumspam.com database was blocking the IP address of Sun Microsystems, definitely not a spammer.

The problem has become so bad, we have disabled all IP checking :(

Of course, this is not a problem with this great mod, but a problem with most RBL type systems where the data is user contributed and often inaccurate.

We might have to deinstall this.... unfortunately.

@imported_silkroad: What is the IP address in question? Have you reported it to the admins at Stop Forum Spam so it can be investigated and potentially removed from the database?

Consider a few possibilities:

1) The IP address has been recycled and is no longer being used by Sun MicroSystems
2) Could very well be a compromised machine of a Sun MicroSystems employee (like the 43 companies that were recently had employees computers compromised such as Google, Adobe, Microsoft, Yahoo, etc)
3) Could very well be a Sun MicroSystem employee trolling/flaming forums from their work computer. While not a traditional "bot" activity, many admins still consider this "pollution" of their forums and as such will report it.

That being said, you're correct that until the "reputation" system is in place and refined, there is a chance that someone could enter a valid IP address into the database intentionally or accidentally. There are, however, things you can do as an admin to reduce the impact of such a thing:

1) make use of the additional details available from the API such as "last seen" and "frequency reported". Unless someone is maliciously targeting a specific IP, the likelihood of multiple entries in a short period of time are fairly low.
2) set your configuration to not "block" registration but rather quarantine the "suspect" users (ie. those with matching info) to more restrictive VB usergroups and either have their posts content validated by something like AkiSmet (automated) or moderated (manually) and then make use of promotion rules within vB to automate their transition to non-quarantined. Even without fear of "data pollution" this is a sound strategy that I employ on my sites.

Installed. Good to see a coder like you Pedigree actively involved in this thread and product. As a new forum owner, I'm hoping this thing helps a LOT! :-)

-Tom

No, it was non of those scenarios.

I spoke directly to the Sun employee, who is very professional and very intelligent. They were actually kind enough to contact us and tell us of the problem.

I have a lot of experience with problems with abuse of user-generated blacklists for anti-spam, etc going back nearly 15 years.

The database used for this mod has serious problems.

I like your strategies above to reduce impact and will consider them before removing this mod, which is causing more problems than benefit as our other anti-spam plugins that do not use the Stop Forum Spam database are "pretty good" and do not lock out perfectly good registrations!

PS: There is no way we will spend time reporting problems to the Stop Forum Spam admins. This would take more time that deleting spammers!! The admins of Stop Forum Spam should validate better. Their system is really bad and does block good people consistently, we have seen this.

In addition, anyone can report an IP address and use this malicious to hurt others. It is unfair to put the validation on the end user or forums who have problems. The db should have a better validation algorithm, period!