Hi Guys,

One of my members IP address keeps getting banned by the stopforumspam processing even though they are not listed there.

I removed the row from the database but they were re-banned as soon as they tried to log in.

I again removed the row then added the IP to 'IP addresses that may not be auto-banned' but again they are banned. The action log shows that this IP address was added correctly to the whitelist on the date I did so.

After 9 direct messages between us they have given up, this is not good.

I can't find which table stores the whitelist, can anyone point me in the right direction? Found it! The IP address is correctly entered.

Does anyone have any insight into why this may be happening?

Thanks
TQ

Hey TQ! Just so all the low hanging fruit has been picked: have you cleared the cache(s) of your Composr installation?

SoccerDad said

Hey TQ! Just so all the low hanging fruit has been picked: have you cleared the cache(s) of your Composr installation?

From “Post #9027”, 3rd Oct 2011

Thank you for your response .

I had discounted that because I wouldn't have expected the SFS results to be cached but I've now flushed everything anyway.

Here's hoping.

TQ

Looking into this. Tracing the code I can see the logic for unbannable IPs does not seem sound.

The unbannable IPs feature is buggy and I'll get a fix out soon.

However, there's also the "Spammer checking exclusions" config option which does a similar thing, but should completely stop stopforumspam running (i.e. runs at a higher level).

Thank you Chris, I've obviously made entries in here before (my own IPs) so my memory has failed me again.

I have now added the required IP to the list and asked the member to retry.

One last, but not insignificant point I forgot to mention, the IP in question is NOT listed at SFS, how strange is that!

Tnx again
Nick

You did mention it not being in SFS. My brain is a little scrambled today from my medical condition, so was just doing it one bit at a time. Could you email me the IP and I'll look into that too.

Chris Graham said

You did mention it not being in SFS. My brain is a little scrambled today from my medical condition, so was just doing it one bit at a time. Could you email me the IP and I'll look into that too.

From “Post #9032”, 3rd Oct 2011

On it's way.

Nick

Chris Graham said

The unbannable IPs feature is buggy and I'll get a fix out soon.

However, there's also the "Spammer checking exclusions" config option which does a similar thing, but should completely stop stopforumspam running (i.e. runs at a higher level).

From “Post #9030”, 3rd Oct 2011

That worked, I've just received confirmation from the member.

Tnx
Nick

There were some big bugs in the IP banning functionality:
0005369: Problems with IP banning - Composr CMS feature tracker
This is the commit:
Fixed MANTIS-5369 (Problems with IP banning) (f95e237c) · Commits · Composr ecosystem / Composr · GitLab

As for StopForumSpam, the issue is on the member's email address's domain name. The message we give for an SFS result is misleading, because it gives the IP and you'd reasonably think the issue is on the IP. We'll get that improved on v11.

Chris Graham said

There were some big bugs in the IP banning functionality:
0005369: Problems with IP banning - Composr CMS feature tracker
This is the commit:
Fixed MANTIS-5369 (Problems with IP banning) (f95e237c) · Commits · Composr ecosystem / Composr · GitLab

As for StopForumSpam, the issue is on the member's email address's domain name. The message we give for an SFS result is misleading, because it gives the IP and you'd reasonably think the issue is on the IP. We'll get that improved on v11.

From “Post #9039”, 4th Oct 2011

Thank you Chris.

I have reverted to using the whitelist for this IP.

I see the member is using a disposable email address, is this the reason that SFS flagged this user? It would be fantastic if it was!

Thanks again for your rapid response.
Nick

TQ said

Chris Graham said

There were some big bugs in the IP banning functionality:
0005369: Problems with IP banning - Composr CMS feature tracker
This is the commit:
Fixed MANTIS-5369 (Problems with IP banning) (f95e237c) · Commits · Composr ecosystem / Composr · GitLab

As for StopForumSpam, the issue is on the member's email address's domain name. The message we give for an SFS result is misleading, because it gives the IP and you'd reasonably think the issue is on the IP. We'll get that improved on v11.

From “Post #9039”, 4th Oct 2011

Thank you Chris.

I have reverted to using the whitelist for this IP.

I see the member is using a disposable email address, is this the reason that SFS flagged this user? It would be fantastic if it was!

Thanks again for your rapid response.
Nick

From “#60 - Different default notification lengths for different event types”, 5th Oct 2011

I don't know the specifics, but that seems a reasonable guess given any account I tried on that server got flagged as spam.

TQ said

Chris Graham said

There were some big bugs in the IP banning functionality:
0005369: Problems with IP banning - Composr CMS feature tracker
This is the commit:
Fixed MANTIS-5369 (Problems with IP banning) (f95e237c) · Commits · Composr ecosystem / Composr · GitLab

As for StopForumSpam, the issue is on the member's email address's domain name. The message we give for an SFS result is misleading, because it gives the IP and you'd reasonably think the issue is on the IP. We'll get that improved on v11.

From “Post #9039”, 4th Oct 2011

Thank you Chris.

I have reverted to using the whitelist for this IP.

I see the member is using a disposable email address, is this the reason that SFS flagged this user? It would be fantastic if it was!

Thanks again for your rapid response.
Nick

From “#60 - Different default notification lengths for different event types”, 5th Oct 2011

To add on what I know, disposable IPs are blocked by some RBLs. I just checked, and Stop Forum Spam is one of those. Check out Stop Forum Spam and scroll down to "Tor Exit Nodes". This indicates to me that Stop Forum Spam lists Tor Exit Nodes by default, and "notorexit" must explicitly be passed in their API to disable this behavior (Composr does not do this). Other blocklists such as efnet and Tornevall also list Tor exit node IPs as well. It is possible the member had a listed exit node, which Composr blocks by default (since it is returned to Composr from the Stop Forum Spam API).

Patrick Schmalstig said

TQ said

Chris Graham said

There were some big bugs in the IP banning functionality:
0005369: Problems with IP banning - Composr CMS feature tracker
This is the commit:
Fixed MANTIS-5369 (Problems with IP banning) (f95e237c) · Commits · Composr ecosystem / Composr · GitLab

As for StopForumSpam, the issue is on the member's email address's domain name. The message we give for an SFS result is misleading, because it gives the IP and you'd reasonably think the issue is on the IP. We'll get that improved on v11.

From “Post #9039”, 4th Oct 2011

Thank you Chris.

I have reverted to using the whitelist for this IP.

I see the member is using a disposable email address, is this the reason that SFS flagged this user? It would be fantastic if it was!

Thanks again for your rapid response.
Nick

From “#60 - Different default notification lengths for different event types”, 5th Oct 2011

To add on what I know, disposable IPs are blocked by some RBLs. I just checked, and Stop Forum Spam is one of those. Check out Stop Forum Spam and scroll down to "Tor Exit Nodes". This indicates to me that Stop Forum Spam lists Tor Exit Nodes by default, and "notorexit" must explicitly be passed in their API to disable this ßehavior (Composr does not do this). Other blocklists such as efnet and Tornevall also list Tor exit node IPs as well. It is possible the member had a listed exit node, which Composr blocks by default (since it is returned to Composr from the Stop Forum Spam API).

From “Post #9046”, 7th Oct 2011

Hi Patrick,

I too scoured the SFS forum & API info yesterday and discovered that the user in question email domain is listed as toxic so this confirms everything you say. It's part of my sites T&C's not to use disposable email addresses because it clogs up my mail server with delivery retries.

I for one appreciate that the new (to me) features like toxic domains etc. are included by default which drove me to search the Composr database for the SFS results. I had no success but would like to have found them to provide an insight into why potential members get banned automatically.

I have been blessed with good fortune as far as spam is concerned. I enabled every protection Composr offered as a result of me making a mistake years ago that left me with over 5k of spam messages overnight which was a nightmare to clean-up.

Thanks again for taking the time to investigate, very much appreciated.

Nick

No problem

I will keep your suggestion in mind. We are currently finishing up development of Composr version 11. That could be a feature we add in either in 11 or a later version like 11.1.

You could add it to the tracker if it is not already there.