StopForumSpam database: useful or bothersome?

creativeforge

Well-known member
About new registrations being checked against the StopForumSpam database. How many manual registrations do you have to approve, we get annoyed by the false positives. Waste of time in the end.

Yet, I contend that it has saved us automatically from known spammers. However, I have no way to test my theory. Can I find out via the ACP?

What would be the best setting to avoid having registrations stalled every day for IP addresses (everybody using VPN).

Thanks!
 
I keep the numbers fairly tight. Basically, if they get 1 hit, they go to approval, 2 or more and they are automatically kicked. To be honest, I have not had anyone hit the queue in a while, save a banned user trying to return (and that's caught by a different setting).
 
This? What I'm trying to do is find a way where we never need to manually approve any registration.

Stop Forum Spam
  • Check new registrations against the StopForumSpam database.StopForumSpam will test the data collected from registering users and attempt to determine if they are a known spammer. Each warning flag that the user generates will be counted. Flags include username, email and IP address.
      • Moderate registrations when this many warning flags are detected:

        • Specify the number of warning flags (1-3) that are required for a registration to be placed in the moderation queue rather than accepted automatically.
      • Reject registrations when this many warning flags are detected:

        • Specify the number of warning flags (1-3) that are required for a registration to be automatically rejected. This number should be equal to or greater than the value for the moderation threshold above.
 
Last edited:
I noticed the trigger values can go up to 3, and they suggest we use the same numbers in both first settings. Maybe I'll try using that value and see if it nearly eliminates the need to "moderate." I will definitely report back. Hopefully it can work.
 
Do you actually get that many? The hits I see are when the threshold for approval is '1' and the SFS spam gets a hit on the username but everything else is legit. Rarely happens for us but is the only false positive I've come across.

That's what I thought too, so is there a way to see a log of rejected registrations? It should be possible to show the efficacy of the system, no?
 
That's what I thought too, so is there a way to see a log of rejected registrations? It should be possible to show the efficacy of the system, no?
ACP => Logs => Rejected User Log

The entries that have "N/A" as the "Rejected By" value means that they were automatically rejected.
 
Side Note: If you a really getting that many spam bots, here's an add-on that might be easier to see a lot of stats & logs all in one spot.

 
Side Note: If you a really getting that many spam bots, here's an add-on that might be easier to see a lot of stats & logs all in one spot.

Yes, great addon, we are using it. :) Thanks for all the help!
 
Sfs is essential. Just do not use username at all. Any hit on ip or email can be automatically denied.
You will need an addon to make Sfs work. The default implementation in XenForo makes no sense.
 
Sfs is essential. Just do not use username at all. Any hit on ip or email can be automatically denied.
You will need an addon to make Sfs work. The default implementation in XenForo makes no sense.
I don't see any "username" option in SFS. Spaminator was suggested.

We are also using DNS Blacklist & Project Honey Pot. But the best add-on (for us) for stopping bots that we are using for quite some time now is from @Ozzy47 https://xenforo.com/community/resou...-spaminator-stop-spam-bot-registrations.7410/. We don't use any CAPTCHA system because of this.

Thanks, I see we're using DNSBL but it was set at "Require the registration to be manually approved by an admin." So that was not helpful. And the HoneyPoy key was missing.

However, with the wide use of VPN, can we really rely on DNSBL anymore? Can is choose "Block this registration" and be confident it's going to NOT reject authentic DNS?

That Ozzy47 addon is looking great, thanks! Do you have both SFS and DNSBL enabled AS WELL AS Spaminator?

Many thanks for the help, it's a jungle to navigate at this point...

Andre
 
OK, so I have SFS set up, and DNSBL BUT I don't have the Project Honey Pot key entered. does that render it useless?

2- Shared IPs check limit: how many days is best practice to use?

3- As far as "Enable CAPTCHA for guests" I selected reCAPTCHA v2" and both keys are in. Will Spaminator remove the need to use this?

Many thanks!
 
Top Bottom