[TAC] Total XF1 Anti-Spam Collection Complete

[TAC] Total XF1 Anti-Spam Collection Complete [Paid] 1.2.92

No permission to buy ($48.00)
Overview Updates (24) Reviews (4) History Discussion
Just installed the paid version and already the logs are showing some amazing results!

I ran into one issue - enabling the 'Enable StopProxies' option in StopCountrySpam generates a server error when navigating to the registration page:
Code: 
Zend_Db_Statement_Mysqli_Exception: Mysqli statement execute error : Field 'proxy' doesn't have a default value - library/Zend/Db/Statement/Mysqli.php:214

Any idea what could be causing this?
 
It does have a default value, so it's a bit strange it would ever throw this error:
Code: 
'proxy' => array('type' => self::TYPE_STRING, 'default' => ''),

What is the entire stack trace?

I am using stopCountrySpam on a xf 1.5.12 version with stopproxies switched on, never seen this error, maybe the stack trace will tell us a bit more

The stack trace will be in your server error logs, here: yoursite/admin.php?logs/server-error

- at this point, since I set a default value regardless, I'm suspecting either another addon doing something strange with datawritters, or just an initial install issue, but we'll know more when we have the logs
 
Last edited:
Just to be clear, you have to uninstall it with the most up to date version before re-installing it (uninstalling it with the old version wont get rid of this bug)
 
Had an issue a few minutes ago... these two users actually did successfully register and begin posting spam, despite being flagged by the API.

IMG_1766.webp
 
T'is indeed strange

Did they switch IP addresses (is there a another log of them, in your ACP/Users do thsee users have the same IP address as the one mentioned in the log)

-- oh, that's actually the same bot/user (same IP)
 
tenants said:
T'is indeed strange

Did they switch IP addresses (is there a another log of them, do the users have the same IP address as the one mentioned in the log)

-- oh, that's actually the same bot/user (same IP)
Click to expand...
Yeah... same IP, and they continued to use the same IP after registering.

I'm not sure why, but we seem to be under direct attack from this group of Korean spammers this week. They are extremely persistent; when we switch up the CustomImgCaptcha images they go at them for 20-30 minutes until they figure out the answers.
 
Then they are targeted bots ... much harder to solve (they must really want something on your forum)
There is also a rise of bot population in general (mostly due to xrumer)

They have started to get passed common techniques

Can you send me the finger print for these
(click the log, there should be a button for fingerprint)

It might tell me something I can use to block them

If I can catch them with one thing that I am certain which defines them as a bot, I can lock them out.
 
tenants said:
Then they are targeted bots ... much harder to solve (they must really want something on your forum)
There is also a rise of bot population in general (mostly due to xrumer)

They have started to get passed common techniques

Can you send me the finger print for these
(click the log, there should be a button for fingerprint)

It might tell me something I can use to block them

If I can catch them with one thing that I am certain which defines them as a bot, I can lock them out.
Click to expand...
Sure, I'll send you some example fingerprints.

The odd thing about those two is that they WERE flagged on the StopForumSpam API, but somehow they registered - on the attempts you see there - successfully. There were not separate registration attempts that succeeded; the screenshot above shows the actual registration attempts that were successful, despite what the log says for those entries.
 
sounds like a bug, I'll have a look and see whats going on (send me the finger prints anyway)

Do you have the core sfs on or off ?

-- got to go to an interview now, will look later today
 
tenants said:
sounds like a bug, I'll have a look and see whats going on (send me the finger prints anyway)

Do you have the core sfs on or off ?

-- got to go to an interview now, will look later today
Click to expand...
Yes, it is enabled.

Good luck on the interview!
 
could be the issue, I've never tested it with the core sfs on (I've always used sfs with anyapi, no need for both, will check later)
 
Last edited:
Oh, one other possibility, in xenforo I belive there is a way to see if they registered via facebook / twitter / google / other
- Have a look to see if they went via there (gtg)
 
@Gene I don't suppose you remember if those users appeared in the moderation queue

AnyApi blocks out users, since AnyApi doesn't use usernames, it's far less likely to hit false positives with StopForumSpam
However the core does check against usernames, and thus moderates spam users

I'm wondering if they got blocked by fbhp, but then "correctly" pushed through the moderation process by core functionality
 
Last edited:
Gene said:
Yes, it is enabled.

Good luck on the interview!
Click to expand...

Had a quick sanity check, and pushed a fake api fail through... AnyApi will stop them, so at this point, I'm still suspecting one of the two things above
1) Have a look and see if they registered by fb/twt/google
2) Check to see if they come through the moderation

-btw, I wouldn't use sfs in the core and anyApi, you don't gain anything from that, it's 2 separate requests doing the same thing
So just use sfs in AnyApi or the core, not both
 
They did not appear in the moderation queue, and they did not register with FB/etc.

I've turned on manual approval for all new registrations at this point, but I will take your advice and disable the core SFS functionality.
 
You must log in or register to reply here.
Top Bottom