XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. 2.5.x Support 
  4.  / protector module issues
Register
1
irmtfan
protector module issues

  • 2012/7/10 8:22

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


after my IP was banned by xoops.org
i investigate the issue more deeply and i found that it is the issue of shared IP and sfs enable.
There are some internal conversation between me and Mamba through pms that i think should be showed here for public discussion:

Quote:

Mamba Wrote:
The best way would be to submit a Bug report on SourceForge:

The issue is that Protector bans people based on posted content.

We ban people based SFS only when people register, or update their Profile.

So at this moment, SFS should not have any impact on you being banned (since you're already registered)

Only if the Protector sees content that is suspicious, it would ban the poster.

So make sure that you use Code and Quote codes for any source or links.


irmtfan wrote:
Hi
by my last pm, i meant you can not fix that because my IP is already registered as bad IP in sfs.
you just can turn off sfs or send an email to sfs admins. i dont know.
Please see the spam yourself.
http://www.stopforumspam.com/search

my ip: *****

result:

Date IP Address Username Email
7-Jul-12 07:47 **** ---- ^^^^^

that spam is not me.
Now you can understand my bad impression about this kind of spam killing. these websites are useless because we used shared IP.
xoops should not use global websites to prevent spams. developers should find another way inside xoops codes.
i dont want to find a solution for my issue. i want you to want a real solution.

i hope you engaged more developers to participate here.



Mamba said:
"We ban people based SFS only when people register, or update their Profile."

IMO it is not true. in xoops protector sfs description you can read:
'Checks POST data against spammers registered on www.stopforumspam.com database. Requires php CURL lib."

So if my ip was banned by sfs i will be banned in any sfs enable website by sending a single post.




2
Mamba
Re: protector module issues

  • 2012/7/10 8:45

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


My understanding is that when new user registers, we check SFS if the email address has been already banned. If yes, then we don't register it.

So yes, if your IP is banned on SFS, you will not be able to register here.

But I didn't think, that Protector checks SFS every time a registered user is trying to post here. Trabis would be the one to respond, as he incorporated SFS into Protector.
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs
3
irmtfan
Re: protector module issues

  • 2012/7/10 9:35

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


I think i am right.
Please take a look at protector codes:

in xoops_lib\modules\protector\class\protector.php around line 777:

function stopforumspam($uid)
{
    if (!function_exists('curl_init')) return false;

    if ($_SERVER['REQUEST_METHOD'] != 'POST') return false;

    $query "f=serial&ip=" $_SERVER['REMOTE_ADDR'];
    $query .= isset($_POST['email']) ? "&email=" $_POST['email'] : '';
    $query .= isset($_POST['uname']) ? "&username=" $_POST['uname'] : '';
    $url "http://www.stopforumspam.com/api?" $query;
    $ch curl_init();
    curl_setopt($chCURLOPT_URL$url);
    curl_setopt($chCURLOPT_RETURNTRANSFER1);
    curl_setopt($chCURLOPT_CONNECTTIMEOUT5);
    $result unserialize(curl_exec($ch));
    curl_close($ch);

    $spammer false;
    if (isset($result['email']) && isset($result['email']['lastseen'])) {
       $spammer true;
    }


Im not a coder but it looks to me it check every POST method.

Also I think it did its job as it intended to be.

If we accept sfs in xoops.org and enable it then it will do its job perfectly!
4
irmtfan
Re: protector module issues

  • 2012/7/11 9:47

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


Quote:

I think i am right.

Now im totally sure.
I enable sfs at my test website and it recognize me as spammer after a submit.
I think the only way is to add a feature to protector module to exclude some IPs, some groups like webmasters and so on.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

128 user(s) are online (75 user(s) are browsing Support Forums)

Members: 0

Guests: 128

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits