@TMH63: Have you verified that their IP/Email/Username are in fact part of the SFS database?

As I've seen the "I have to disable this mod" statement a few times in the last few weeks, it is probably worth reiterating that you do not have to block users that are caught by SFS. Instead have those users put into a more restrictive usergroup which either has their posts validated via Akismet or has it's posts manually validated by your site moderators. You can then set an automatic promotion strategy (based on time, # posts, etc) to move them to a less restrictive usergroup.

This gives you the best of both worlds... even in the rare case there is a false positive, your users can still register and post, while at the same time having peace of mind that content is being vetted before it is being presented to your users.

I've been experiencing the same problem the past few days as well. When looking at the vbStopForumSpam logs, it will frequently show an "Allowed registration" message yet the user account is non-existent. Sometimes the users contact me and complains, or sometimes the users try and try again, and I'll see the same "allowed registration" message multiple times (with different timestamps) until eventually the account is actually created.

The dead giveaway that there is a problem finalizing registrations is with the spam bots and their method of changing their email address and/or IP address. When I look at the log I'll see the same spam username getting the "allowed registration" message numerous times, all with different timestamps, different email addresses, and different IP addresses. So this would confirm that the user is attempting to register, being allowed to register, but then something goes wrong.

On a plus side, the mod is still working in the sense that I still see users being rejected based off of the stopforumspam queries.

EDIT: Question. If a user fills out the registration form, and enters the captcha wrong, doesn't enter a password, or makes some other error on the registration page, does this script still query stopforumspam? If so, my original assumption that this script is malfunctioning may be wrong, it's very likely then that some of my users are failing to fill out the registration form correctly which would explain the numerous "allowed registration" messages as they try to fill out the form.

Suggestion:

At present, it seems the name search is not on exact match - at least, if I enter a name as a manual search it's not (e.g., dan will be flagged as matches to daniel, dan123, rodan, etc.).

It should either be eliminated as a potential criterion or made so that only exact matches will work to ban a registration, as it is for email addresses and IP addresses.

This script doesn't use a "search" it checks for a yes or no.

For example, dan would show up as a yes via this page:
http://www.stopforumspam.com/api?username=dan

Does this mod work for vB4?

yes.

You misunderstand me.

The point is how "dan" is checked - and against what. Would you get a "yes" if the member was dan because it matched with daniel, dan2010,123dan, etc.?

Try a manual search: http://www.stopforumspam.com/search?q=dan

My hypothetical member "dan" isn't any of those 500 listed but seems to be considered a match. It should not return a "yes" unless it finds a "dan" in the spam list, not a "jordan" or anything else.

There are 2 downloads available in the mod post.

1 XML file and the Zip folder

The Zip folder includes an XML file too but with another name. Which XML is the newest version?

That's because the search is likely setup to search through the database. The API is likely setup for a precision response.

Example:
http://www.stopforumspam.com/api?username=jor <--- shows as NOT a spammer
http://www.stopforumspam.com/api?username=jordan <--- shows as a spammer

Tommyc, is there any possibility your site is running both this tool and either the ISBOT or the Stop the Registration Bots tools?

When I first installed vBSFS and ISBOT, I was seeing the same symptoms you describe on my site. The vBSFS log showed "registration allowed" but the user never showed up as a completed registration. After carefully checking a few of those users, I realized most of the ones that made it past vBSFS were being blocked by ISBOT because the user registered too fast. I was able to prove this because ISBOT always sent me a "Bot Registration was blocked" explanatory email when it blocked a registration and in each case where a "registration allowed" message was in the vBSFS log but the user never appeared in the vb_user table, I got an email from ISBOT explaining why the user was blocked. Furthermore when I looked at those "registration allowed" users based on the info vBSFS had recorded (username, email and IP address), there was always something about the user that would have caused me to block or remove them manually anyway.

For example, the same username, had been used in previous registrations that were blocked by vBSFS because either the email or IP was already in the vBSFS database even though the username was NOT. However, THIS TIME the bot managed to pick a combo of username, email and IP vBSFS didn't yet have on file and had thus managed to sneak past the vBSFS database tests. Yet after maneuvering past vBSFS the registration was blocked by ISBOT for the reason I mentioned earlier.

After a few days of that, I uninstalled ISBOT and installed "Stop The Registration Bots" instead. I did so because that tool has even more tricks in its bot-blocking reportoire (like hidden/required form fields with names that can easily be changed) that are designed to improve the tool's ability to thwart registration bots.

One thing I did notice, after changing from ISBOT to "Stop The Registration Bots" was I stopped getting the "Bot Registration was blocked" emails that were always sent by ISBOT. I haven't figured out why those emails are not being sent by "Stop The Registration Bots". It may be a bug in the addon that causes this, or the email may be getting blocked by my spam filters or maybe there's an email address issue. All I know is I'm not getting those emails the way I did with ISBOT. Yet, in every case where I've seen a "registration allowed" message in the vBSFS log but the user never appeared in the vb_user table; if I examine the vBSFS log's info carefully, I find either the username, email address (gawab.com or mail.ru, etc.) or IP address tells me the registrant is a bot I'd have manually deleted anyway. In short, though I didn't get the expected email I'm convinced "Stop The Registration Bots" based on the rules it uses.

If my hunch is right, the same thing may be happening to you. When vBSFS fails to detect the registrant as a bot and lets it pass, "Stop The Registration Bots" blocks it based on its design criteria.

That would explain why so many are seeing "Registration allowed" entries in the vBSFS log but can't find the users in vb_users.

Are you running "VBStopForumSpam" and "Stop The Registration Bots" too?

Thanks.