Stop Forum Spam announce removal of Xen utilities users

@Josh - this is very likely. As we all know, not every XenForo out there is running legitimate code :( If they are running non-legitimate versions, this could very well impact on their ability to update the plugin, which is a great arguement for removing their API key access. Currently I have not removed access to the API and I doubt that I would unless I was really pushed. That would require a site getting a new API key and continuing to autosubmit invalid data. Only then would I put a stop to API access. Sites are emailed explaining what has happened, what I've had to do and how to fix it so I would hope that that situation would never arise.

@Qwk86gn - Thank you very much for the confirmation of the versions. I was 99% sure but you've just made that 100%

I will edit my post to reflect this version. I apologise for the rant and try to get things back on track.

Have a good day all and think of me sitting in a data centre "fridge" :)
 
Walter said:
Pedigree, I really like your service and donated a few times. But your rant is disturbing. Why should we as normal users guess what/who you exactly mean? Do you mean me? Do you mean other users? Do you mean users using an old addon? Do you mean.....?
Why not get in contact with the offenders directly?
Click to expand...

Badly phrased, yes. I admit to being an airhead from time to time sorry. I shouldve confirmed the versions in advance and posted them then. You raise good points for which I apologise. I really must stop posting at 2am in the morning :oops:
 
pedigree said:
Badly phrased, yes. I admit to being an airhead from time to time sorry. I shouldve confirmed the versions in advanced and given them. You raise good points for which I apologise. I really must stop posting at 2am in the morning :oops:
Click to expand...
You previously stated that your intention was to block all XenUtiles requests. Does this mean that you have the ability to know which app is submitting to SFS? If this is the case, why not contacting Jaxel in order to change the "id" that is referring to XenUtiles and authorize the new id while blocking the old one, thus forcing the users to update?
 
I was going to write something that would hit the homepage of all API key users , grab code to see if it was XenForo and process that. It was going to be a huge job and something that Ive not yet had to do. I'm hoping that it doesn't ever get to this as there is no way to know if Utiles has been updated to 1.1.6 on each site. As Jaxel has fixed the plugin, I couldn't now do this.

I could ask Jaxel to add this to the code, so that each query/submission includes the useragent and version. It may well be a requirement for any new version of the API prior to any annoucement of depreciation.
 
As I'm seeing it from an engineering POV, this is a very critical issue that needs to be adressed, should it be because of unupdated XenUtiles versions or later misuses of you API. This should save you a lot of your time in the future, and protect your data linked to (API ID, user agent) tuple.
 
I might have to write this and email all the sites that I find. While its possible, I would imagine that a pile would submit it to spamhaus/spamcop as spam, which would really be a pain in the backside.

I'll work on some code on a VPS tonight as let you know how it goes.
 
I understand you want to do well, but a more standard procedure would be to :
1- Contact only a few of the biggest actors/donators of your site and discuss with them the upgrade time in order to come out with a reasonable deadline;
2- Announce the change & the deadline on your website annoucements & news feed;
3- Once the change implemented, wait for people that are not regularly checking SFS.com to investigate themselves and find the cause of their API submissions being rejected.

No need to find you yourself all your users IMHO. Think about saving time. As long as API requests are not blocked, you should not encounter that much resistance.
 
pedigree said:
This is still an ongoing issue but now its really starting to piss me off. Repeat offenders, who continue to submit fake/false data will be publicly named and will have their access to the API completely removed, not just submitting via a bad API key which has been happening so far.

I wouldnt normally go this far but this abuse has become an intolerable waste of my time and those of innocent people caught up in this mess

Edit - sorry for rant, hindsight is great. If you are running XenUtiles 1.1.6 (or above) then please ignore anything (and maybe everything) that I have said :)
Click to expand...
SociallyUncensored.eu

SociallyUncensored.com

Should be using 1.6+ (last I check it is). But we do use Max CDN and Cloud Flare and so we've purged our cache and our upload. Hope we're not one of the sites that were giving you trouble.
 
Qwk86gn said:
We are running the latest version of XenUtiles, 1.1.6 and we were previously running 1.1.5 which had been out for quite some time
Click to expand...
Same here, site is my sig. We fixed ours within seconds of the 1.1.6 release IIRC.
@pedigree - appreciate your hard work and the invaluable service offered. :)(y)
 
Start charging for his services, get bought, or come up with an API restriction for queries. Problem solved.

Promises of vague threats haven't worked in the past.
 
there is no keeping 100% of the people happy 100% of the time.

But if you don't like the free service and you need help breaking the addiction, just post your server's IP addresses and I will put them in the firewall for you. Call it "helping out"
 
and thank you for al your support. sorry for the site being down at the moment, the server lost power and its rebuilding the array :( the api is still up so it should be keeping some spammers off your sites.
 

Similar threads

NealC
Stop Forum Spam moderating users with normal first names only
Replies
2
Views
323
StarArmy
StarArmy
Moddis
  • Question Question
XF 1.2 Use Stop Forum Spam and Project Honey Pot at same time
Replies
4
Views
6K
Moddis
Moddis
island
What is the status of the standalone stop forum spam plugin?
Replies
2
Views
2K
island
island
Top Bottom