Re: protector module issues [2.5.x Support] - XOOPS Web Application System

protector module issues

2012/7/10 8:22
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

after my IP was banned by xoops.org
i investigate the issue more deeply and i found that it is the issue of shared IP and sfs enable.
There are some internal conversation between me and Mamba through pms that i think should be showed here for public discussion:

Quote:

Mamba Wrote:
The best way would be to submit a Bug report on SourceForge:

The issue is that Protector bans people based on posted content.

We ban people based SFS only when people register, or update their Profile.

So at this moment, SFS should not have any impact on you being banned (since you're already registered)

Only if the Protector sees content that is suspicious, it would ban the poster.

So make sure that you use Code and Quote codes for any source or links.

irmtfan wrote:
Hi
by my last pm, i meant you can not fix that because my IP is already registered as bad IP in sfs.
you just can turn off sfs or send an email to sfs admins. i dont know.
Please see the spam yourself.
http://www.stopforumspam.com/search

my ip: *****

result:

Date IP Address Username Email
7-Jul-12 07:47 **** ---- ^^^^^

that spam is not me.
Now you can understand my bad impression about this kind of spam killing. these websites are useless because we used shared IP.
xoops should not use global websites to prevent spams. developers should find another way inside xoops codes.
i dont want to find a solution for my issue. i want you to want a real solution.

i hope you engaged more developers to participate here.

Mamba said:
"We ban people based SFS only when people register, or update their Profile."

IMO it is not true. in xoops protector sfs description you can read:
'Checks POST data against spammers registered on http://www.stopforumspam.com database. Requires php CURL lib."

So if my ip was banned by sfs i will be banned in any sfs enable website by sending a single post.

Re: protector module issues

2012/7/10 8:45
Mamba
Moderator
Posts: 11409
Since: 2004/4/23

My understanding is that when new user registers, we check SFS if the email address has been already banned. If yes, then we don't register it.

So yes, if your IP is banned on SFS, you will not be able to register here.

But I didn't think, that Protector checks SFS every time a registered user is trying to post here. Trabis would be the one to respond, as he incorporated SFS into Protector.

Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

Re: protector module issues

2012/7/10 9:35
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

I think i am right.
Please take a look at protector codes:

in xoops_lib\modules\protector\class\protector.php around line 777:

 function stopforumspam($uid) 
{ 
    if (!function_exists('curl_init')) return false; 
 
    if ($_SERVER['REQUEST_METHOD'] != 'POST') return false; 
 
    $query = "f=serial&ip=" . $_SERVER['REMOTE_ADDR']; 
    $query .= isset($_POST['email']) ? "&email=" . $_POST['email'] : ''; 
    $query .= isset($_POST['uname']) ? "&username=" . $_POST['uname'] : ''; 
    $url = "http://www.stopforumspam.com/api?" . $query; 
    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_URL, $url); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); 
    $result = unserialize(curl_exec($ch)); 
    curl_close($ch); 
 
    $spammer = false; 
    if (isset($result['email']) && isset($result['email']['lastseen'])) { 
       $spammer = true; 
    }

Im not a coder but it looks to me it check every POST method.

Also I think it did its job as it intended to be.

If we accept sfs in xoops.org and enable it then it will do its job perfectly!

Re: protector module issues

2012/7/11 9:47
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

Quote:

I think i am right.

Now im totally sure.
I enable sfs at my test website and it recognize me as spammer after a submit.
I think the only way is to add a feature to protector module to exclude some IPs, some groups like webmasters and so on.

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

protector module issues

Re: protector module issues

Re: protector module issues

Re: protector module issues

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}