StopForum Spam and IPv6 registrations not useful?

alex_s

New member
I've seen the other thread that seemed to match, but it didn't look like that discussion went anywhere.

I've recently switched over to using Cloudflare with my Xenforo site. I discovered that they require supporting IPv6 now (not an option to disable). Overall, that's not a big deal, except I've noticed that pretty much all my new registrations from IPv6 IPs are being flagged and put in the approval queue (by default I merely validate email if they don't trigger spam detections). When digging into it more, it looks like the spam detections from StopForumSpam are coming back with high counts by IP (nothing else). When I manually ran a test on StopForumSpam, I found that the count matched the report, EXCEPT that it was matching all with the same /64 subnet. I checked there forums and there seemed to be something about it, but not much by way of real answers (I replied there as well).

In short, it seems like there approach with IPv6 to count matches with the same /64 is akin to saying an IPv4 should match with the same /16 (same first two octets). It counts matches for pretty much anyone who spammed with the same ISP on a very broad scale.

Has anyone else encountered this? If so, how have you dealt with it? Just approving if IP was the only match? Or is there a better way to address it?
 

HotRodCarts

Well-known member
I've been having the same thing happening with IPv6 IP addresses. Basically I check the IP and if it's coming from the area as the registration I approve it. It's been a PITA.
 

alex_s

New member
I’m just surprised that the StopForumSpam forums are plastered with complaints about this. It has been mentioned but it felt like people didn’t understand the implication of matching as broadly as a /64 on an IPv6 IP address. :( I don’t know why they even bothered implementing it in such a way. It was like they had a database field that was already limited in size and they figured a /64 was the most they could insert. That’s why I kept wondering if I was missing something that should have been obvious (it happens sometimes).
 
Top