vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=248042

Menewsha 08 May 2013 06:18

Cool plugin, but there is a pretty serious oversight in this plugin which led to a ton of abuse recently.

The remote cache option states the following: "Duration in minutes that remote queries should be cached to reduce query traffic / lookup duration and load on the remote server"

However the code says this:

$sql = 'DELETE FROM '.TABLE_PREFIX.'glowhostspamomatic_remotecache WHERE `date` < DATE_SUB(NOW(), INTERVAL '.(int)$vbulletin->options['glowhostspamomatic_remote_cache'].' DAY); ';

So we were hit by a botnet (one new registration attempt every four seconds, not even exaggerating) and we were expecting that after an IP was reported, that we wouldn't see that IP registering again after the 30 minute cache timeout. This led to two issues:

1) The cache isn't cleared for the banned user immediately, meaning the bot could immediately reregister without SFS being checked for the new entry.

2) The cache was 30 days old, so the same IP would literally create thousands of accounts before the cache would clear and start reporting the abuse.

This also led to another observation of the code. The order of checks goes username, email, IP. However the order of checks (to take advantage of cache) should go IP, email, username. The code shouldn't even waste time querying for a bad username if it knows the IP is bad, so why put unnecessary strain on the SFS service by querying for username if the IP is bad?

So, as I said, great plugin, but it needs some changes to work properly on a high traffic site effectively.

Edit: I thought I'd mention how I changed the query. This should hopefully increase cache efficiency also:

$sql = 'DELETE FROM '.TABLE_PREFIX.'glowhostspamomatic_remotecache WHERE (`date` < DATE_SUB(NOW(), INTERVAL '.(int)$vbulletin->options['glowhostspamomatic_remote_cache'].' MINUTE) and is_spambot = 0) or (`date` < DATE_SUB(NOW(), INTERVAL '.(int)$vbulletin->options['glowhostspamomatic_remote_cache'].' DAY) and is_spambot = 1); ';

This would delete SFS negatives that are 30 minutes old, while letting SFS positives sit in the database cached for 30 days.

Msfantastico 08 May 2013 06:47

This was working for a couple of months now I see 20-30 spammers get by every morning


1136 Spammers Denied Registration

18 Spammers Permanently Banned

7 Spammers submitted to StopForumSpam

7834 Spammy Posts Automatically Moderated

Expat 08 May 2013 09:14

Quote:

Originally Posted by vbresults (Post 2413150)
This should fix it -- replace the admincp/glowhostspamomatic.php file with the one attached.

Your fix took care of the error on line 108 I was getting in 4.2.1 when submitting I knew the product was working, but that error was driving me nuts. Thank you for figuring out the issue and posting the fix. Hopefully the author will incorporate your fix sooner than later.

ikorolis 08 May 2013 11:40

nice mod - good work

not installed

i am prefer stop forum spam (traffic and load is very low)

vbresults 09 May 2013 19:13

Quote:

Originally Posted by Expat (Post 2420658)
Your fix took care of the error on line 108 I was getting in 4.2.1 when submitting I knew the product was working, but that error was driving me nuts. Thank you for figuring out the issue and posting the fix. Hopefully the author will incorporate your fix sooner than later.

You're welcome. :)

Expat 11 May 2013 00:12

Quote:

Originally Posted by ikorolis (Post 2420673)
nice mod - good work

not installed

i am prefer stop forum spam (traffic and load is very low)

Stop Forum Spam is fine, but the ability to purge a spammer account and all traces while reporting the spammer is incredibly valuable to me. Remember, these a$$holes are running their scams and WE foot the bill. They are attempting to manipulate search engines with their garbage, and the more that is removed reduced their effectiveness.

There's a reason I removed the "welcome to our newest member code" from my site. Why would I want to welcome a potential spammer and potentially push up their internet search engine standing? Same thing goes for member listings...none of my forum members are listed until they have three validated posts.

Sorry for the rant, but this is a subject that is near and dear. Either way, if more forum owners were a bit more savvy and took more interest in purging/reporting spammers, we'd all be better off. ANY anti-spam tool is better than apathy.

Bluemax712 16 May 2013 05:23

Quote:

Originally Posted by GlowHost.com (Post 2418366)
We have a bug and security fix due out in the next few days. I will take a look at this and see if it is related to what has already been patched.

Did this bug /security fix ever come out?
It's still says version 2.10 released 1/10/2103

vbresults 16 May 2013 15:31

Quote:

Originally Posted by apsrfvb4 (Post 2422405)
Did this bug /security fix ever come out?
It's still says version 2.10 released 1/10/2103

The "Last Update:" item at the top tells you when the last update went out.

Ba'al 20 May 2013 00:02

We are having a problem with this Mod, when enabled and a member posts it goes to a blank white screen and when i disable it everything goes back to normal, posts post normally.

Any ideas on what could be the issue?

ForceHSS 20 May 2013 01:10

Quote:

Originally Posted by Ba'al (Post 2423053)
We are having a problem with this Mod, when enabled and a member posts it goes to a blank white screen and when i disable it everything goes back to normal, posts post normally.

Any ideas on what could be the issue?

Pm me your skype name will give u some help

Ba'al 20 May 2013 21:08

Quote:

Originally Posted by ForceHSS (Post 2423058)
Pm me your skype name will give u some help

pm sent,thanx

dariyos 24 May 2013 13:53

how can i stop moderate posts?
i dont want, that the moderators get the posts from new users to activate the posts, and i dont want prevent posts, too ..

i can only choose moderate posts or prevent posts.

irantk 24 May 2013 23:37

how can "Moderation Tools" option be enabled only for administrator?? and moderators do not use it?

freak46 26 May 2013 08:44

thanks mark as installed

prashman 04 Jun 2013 14:45

Hi,

Our web servers are behind an Amazon load balancer in TCP mode (transport layer) - so they cannot see the IP address if a client. I could configure load Balancer in HTTP mode and get Amazon to pass X-Forwarded-For header. Will Spam-0-Matic work with this header? Or does it look for REMOTE_ADDR?

If I run HTTPS then I will have to terminate SSL traffic on the load balancer to get this header forwarded to the web server. Not very good from a security point of view.

Any other alternative if the above is not possible?


All times are GMT. The time now is 18:34.

Powered by vBulletin® Version 3.8.14
Copyright © 2022, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.