![[TAC] Stop Country Spam](/community/data/resource_icons/1/1016.jpg?1577366593){kind=icon}
[TAC] Stop Country Spam [Paid] 3.1.5
- Thread starter tenants
- Start date
craigiri
Well-known member
I have been getting a number of blocked registrations from valid users.....attempting to sign up. I have XF's stuff set very lightly and did away with the project honey pot, etc. to make sure that was not the case.
I used this add-on back with 1.1 and never had the same problems.
I can't narrow it down to this add-on, but is it possible that a lot of valid services today use proxies of some sort? In other words, if I uncheck all those proxy catchers, might this solve the problem?
I haven't questioned all the folks who can't register, but I know one was on a iphone yesterday. My guess is that less than 10% of valid signups are getting rejected, so it's not pervasive.
As mentioned, I have the XF system set lax as well as the timer set....with 1.1 and Jaxels add-on and this everything was perfect.
Thanks for any advice.
I used this add-on back with 1.1 and never had the same problems.
I can't narrow it down to this add-on, but is it possible that a lot of valid services today use proxies of some sort? In other words, if I uncheck all those proxy catchers, might this solve the problem?
I haven't questioned all the folks who can't register, but I know one was on a iphone yesterday. My guess is that less than 10% of valid signups are getting rejected, so it's not pervasive.
As mentioned, I have the XF system set lax as well as the timer set....with 1.1 and Jaxels add-on and this everything was perfect.
Thanks for any advice.
tenants
Well-known member
Can you look at your stop country spam logs, this will always tell you why they were rejected, you can then turn off any proxy settings that might cause false positives.
- I suspect it is due to :
- These are turned off by default since they may produce false positives (I don't think there is a normal case where these ever need to be turned on).
It's possible that the users are using a proxy or using an ISP that pushes them through a proxy. As mentioned, check the logs for those particular users
FBHP is probably the strongest method at stopping spam without worrying about false positives. But with SCS, there is always a worry that people are using a proxy that they hadn't realised they were using (due to ISPs or other)
SCS is one of my least favourite mechanism for stopping spam and should really only be used if your forum is country specific
FoolBotHoneyPot stops 100% of bot spam (0 false negatives)
CutomImgCapthca stops 0-100% of bot spam, depending if you create a unique image (but some people might not be able to complete the captcha)
StopHumanSpam stops humans spamers adding links
AnyApi uses any api you want (but APIs can produce false positives, so use a few APIs together as possible)
StopCountrySpam is great at preventing countries from registering or users using proxies ... but some user may use proxies without knowing
- I suspect it is due to :
- These are turned off by default since they may produce false positives (I don't think there is a normal case where these ever need to be turned on).
It's possible that the users are using a proxy or using an ISP that pushes them through a proxy. As mentioned, check the logs for those particular users
FBHP is probably the strongest method at stopping spam without worrying about false positives. But with SCS, there is always a worry that people are using a proxy that they hadn't realised they were using (due to ISPs or other)
SCS is one of my least favourite mechanism for stopping spam and should really only be used if your forum is country specific
FoolBotHoneyPot stops 100% of bot spam (0 false negatives)
CutomImgCapthca stops 0-100% of bot spam, depending if you create a unique image (but some people might not be able to complete the captcha)
StopHumanSpam stops humans spamers adding links
AnyApi uses any api you want (but APIs can produce false positives, so use a few APIs together as possible)
StopCountrySpam is great at preventing countries from registering or users using proxies ... but some user may use proxies without knowing
Last edited:
tenants
Well-known member
They are using a web service gateway (so possibly via mobile), and this is being added to the http_via
So turn off this one:
However, if you're worried about other networks, I would turn all of the proxy options off
- Some users will use proxies and not know about them
So turn off this one:
However, if you're worried about other networks, I would turn all of the proxy options off
- Some users will use proxies and not know about them
Last edited:
craigiri
Well-known member
Thanks.....I will turn them off one or a few at a time and see if I get more of those complaints about registrations - I suspect lots of ISPs and networks are using proxies of some type these days. Similarly, IP blocking is pretty much done for in the USA...some of my users have 100's of IP's they have used...
How about the StopProxies API thingy? Is that likely to stop valid users from registering? As I said, we also use the timer and SFS and blacklist a lot of countries - and the first posts are moderated, so we aren't too worried about a couple sneaking through, as long as it's not dozens or hundreds.
How about the StopProxies API thingy? Is that likely to stop valid users from registering? As I said, we also use the timer and SFS and blacklist a lot of countries - and the first posts are moderated, so we aren't too worried about a couple sneaking through, as long as it's not dozens or hundreds.
tenants
Well-known member
StopProxies API:
It shouldn't do, out of over 5 million bots that have been blocked in the last few months, only 2 people have mentioned anything, and both of those were because the Admin was using Cloudfalre incorrectly
(and thus, sending the wrong IP). So that's fairly significant for an API (mainly, since I control that API and I don't allow human submission and don't get any false positives from my detection methods, I also only use data that has been updated within the last 4 weeks).
In my opinion, it's one of / the best API's
- It has a high significancy for catching bots, and a very low significancy for false positives (I still haven't had a real false positive)
But you can tick it off if you like, especially if you're already using APIs such as StopForumSpam (but they will catch a few false positives every now and then, since it's human submitted data). They once had the same issue with cloudflare, but now they seem to let anyone using a cloudflare IP address through. This provides spammers a way pass SFS (by making use of the cloudfare service and running XRumer via a cloudflare IP). However, StopBotters / StopProxies will not allow these IPs through, nobody should be using cloudflare IPs to browse (only as servers).
It shouldn't do, out of over 5 million bots that have been blocked in the last few months, only 2 people have mentioned anything, and both of those were because the Admin was using Cloudfalre incorrectly
(and thus, sending the wrong IP). So that's fairly significant for an API (mainly, since I control that API and I don't allow human submission and don't get any false positives from my detection methods, I also only use data that has been updated within the last 4 weeks).
In my opinion, it's one of / the best API's
- It has a high significancy for catching bots, and a very low significancy for false positives (I still haven't had a real false positive)
But you can tick it off if you like, especially if you're already using APIs such as StopForumSpam (but they will catch a few false positives every now and then, since it's human submitted data). They once had the same issue with cloudflare, but now they seem to let anyone using a cloudflare IP address through. This provides spammers a way pass SFS (by making use of the cloudfare service and running XRumer via a cloudflare IP). However, StopBotters / StopProxies will not allow these IPs through, nobody should be using cloudflare IPs to browse (only as servers).
Last edited:
tenants
Well-known member
Have a look at the API settings here, there is a whole bunch you can use:
http://xenforo.com/community/threads/stopcountryspam-paid.36271/#post-412948
and also from above, craigiri looks like they are using ip2country.sourceforge.net
http://xenforo.com/community/threads/stopcountryspam-paid.36271/#post-412948
and also from above, craigiri looks like they are using ip2country.sourceforge.net
Brent W
Well-known member
I just gave that one a shot.
tenants
Well-known member
really, it's fast for me and seems reliable, never had an issue with it (I do use their registered version though, but just checking their non registered and it seems to work)
http://api.wipmania.com/ (251ms)
http://api.wipmania.com/188.143.232.31 (88ms)
tenants
Well-known member
Just had a quick look at codehelper at a guess, from this response:
[url]http://www.codehelper.io/api/ips/?json&ip=86.144.65.4[/URL]
StopCountrySpam should support this response:
JSON Request: http://www.codehelper.io/api/ips/?json&ip={ip}
Index Name: CountryCode2
(untested)
... StopCountrySpam should carry on supporting other third parties without any issues (as long as the 3rd party can produce a json reponse)
[url]http://www.codehelper.io/api/ips/?json&ip=86.144.65.4[/URL]
StopCountrySpam should support this response:
JSON Request: http://www.codehelper.io/api/ips/?json&ip={ip}
Index Name: CountryCode2
(untested)
... StopCountrySpam should carry on supporting other third parties without any issues (as long as the 3rd party can produce a json reponse)
Cees50
Active member
Maybe im doing something wrong.
I got an api key from wipmania
I pasted that key like this : http://api.wipmania.com/{$ip}?k=thiskeyireceivedandpastedithere&t=json
In the field index name i set country['code']
Then i wasnt able to registrate any more. If i paste the code without the key, it works..
JSON Request: http://api.wipmania.com/{$ip}?k=XXX&t=json (now tested and supported)
Index Name: country['code']
Is this wrong or should this work?
I got an api key from wipmania
I pasted that key like this : http://api.wipmania.com/{$ip}?k=thiskeyireceivedandpastedithere&t=json
In the field index name i set country['code']
Then i wasnt able to registrate any more. If i paste the code without the key, it works..
JSON Request: http://api.wipmania.com/{$ip}?k=XXX&t=json (now tested and supported)
Index Name: country['code']
Is this wrong or should this work?
tenants
Well-known member
From first glance it doesn't look wrong, that's the correct url structure and index name for that url. It could be an invalid API Key? There are no trailing / hidden spaces anywhere, are there?
Have a look at your response, found here:
admin.php?stopcountryspam/logs
click on the row to see why you were blocked
1)
If your country is stopped from registering (is XX or some other country reason)
Make sure that URL really works, simply copy the response url and paste it into your url to check what happens, for instance:
http://api.wipmania.com/114.32.48.238?k=xxx-yyyyyyyyyyyyyyyyyyyyyyyy&t=json
If you are using the correct key, it should return the country code like this:
{"country":{"name":"Taiwan","code":"TW","code3":"TWN","coded":"158"},"sc":""}
If you are using an incorrect api key (as above), or no API key, it will return the country code like this:
TW
does it?
If you can copy and paste that url to me and send it via private conversation, I'll probably be able to tell you what the issue is
2)
If Proxy Issues are found:
Clicking a row in the logs will tell you the exact reason a user is block (since this doesn't just stop countries but can be used to block proxies too), you can switch off all of the proxy options.
Some IPs and some host will always send proxy-like data in the headers (but this is not the norm). Once you know which one is preventing the registration, turn off that proxy check in your StopCountrySpam options
Have a look at your response, found here:
admin.php?stopcountryspam/logs
click on the row to see why you were blocked
1)
If your country is stopped from registering (is XX or some other country reason)
Make sure that URL really works, simply copy the response url and paste it into your url to check what happens, for instance:
http://api.wipmania.com/114.32.48.238?k=xxx-yyyyyyyyyyyyyyyyyyyyyyyy&t=json
If you are using the correct key, it should return the country code like this:
{"country":{"name":"Taiwan","code":"TW","code3":"TWN","coded":"158"},"sc":""}
If you are using an incorrect api key (as above), or no API key, it will return the country code like this:
TW
does it?
If you can copy and paste that url to me and send it via private conversation, I'll probably be able to tell you what the issue is
2)
If Proxy Issues are found:
Clicking a row in the logs will tell you the exact reason a user is block (since this doesn't just stop countries but can be used to block proxies too), you can switch off all of the proxy options.
Some IPs and some host will always send proxy-like data in the headers (but this is not the norm). Once you know which one is preventing the registration, turn off that proxy check in your StopCountrySpam options
Last edited:
tenants
Well-known member
For spam (that are bots, and most are), I would look in to FoolBotHoneyPot:
http://xenforo.com/community/resources/foolbothoneypot-bot-killer-spam-combat.1085/
It's much better suited for the job of stopping spam, since there is no human impact (0 false positives) and stops 100% of bots
StopCountrySpam should only be used to stop "real" users from countries you really don't want to sign up (if your forum is country specific only), or you want to stop users that use proxies from registering (but, be aware that some users use proxies without knowing, due to their internet provider / network)
http://xenforo.com/community/resources/foolbothoneypot-bot-killer-spam-combat.1085/
It's much better suited for the job of stopping spam, since there is no human impact (0 false positives) and stops 100% of bots
StopCountrySpam should only be used to stop "real" users from countries you really don't want to sign up (if your forum is country specific only), or you want to stop users that use proxies from registering (but, be aware that some users use proxies without knowing, due to their internet provider / network)
