Web Wiz Forums - stopforumspam

Print Page | Close Window

stopforumspam

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=29712
Printed Date: 29 March 2026 at 2:30am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: stopforumspam

Posted By: alabamatoy
Subject: stopforumspam
Date Posted: 30 August 2011 at 12:32pm

I manage two webwiz forums. I expend a lot of time filtering out the spammers and scammers and insurance salesmen and male-reproductive-issue hacks and such junk. There is a site with an API that supports automating this: http://www.stopforumspam.com/" rel="nofollow - http://www.stopforumspam.com/

Has anyone threaded their API into Webwiz? Has webwiz considered embracing stopforumspam's solution in its core codebase?

Replies:

Posted By: WebWiz-Bruce
Date Posted: 30 August 2011 at 12:53pm

This has been looked in to before. This only stops known spammers, but as spammers adapt all the time the service would not stop spam. It is also not available for commercial software so Web Wiz Forums can not be used with the service.

Web Wiz Forums already has all the tools in version 10 you need to stop spam. Read the page below for how to prevent spam within your forums:-

http://www.webwiz.net/web-wiz-forums/kb/spam-prevention.htm

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: MadDog
Date Posted: 31 August 2011 at 1:19am

Bruce,

I adopted stopforumspam on a few of my websites a little over 8 months ago. So far, it has stopped 100% of spam issues.

Its only a few lines of code... wouldnt hurt to add it IMO.

Source Code: http://temerc.com/forums/viewtopic.php?f=71&t=6234

'// Blacklists
Function IsUserBlacklisted(sIP, sName, sEMail)
      '// We need to make sure we can actually create the MSXML object
      If IsObject(CreateObject("MSXML2.ServerXMLHTTP")) = False Then IsUserBlacklisted = "Error: MSXML2.ServerXMLHTTP could not be created, please check MSXML is installed (v6 or above is recommended)": Exit Function
      '// Set init bool to false
      bBlacklisted = False
      '// Check Blacklists
      set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")  
      objXMLHTTP.open "GET", "http://temerc.com/Check_Spammers/check_spammers_plain.php?name=" & sName & "&email=" & sEMail & "&ip=" & sIP, false
      objXMLHTTP.setRequestHeader "User-Agent", Request.ServerVariables("HTTP_HOST")
      objXMLHTTP.send ""
      if objXMLHTTP.status = 200 then
         If Instr(1, objXMLHTTP.ResponseText, "TRUE", vbTextCompare) > 0 Then bBlacklisted = True
      end if
      set objXMLHTTP = nothing
      IsUserBlacklisted = bBlacklisted
End Function

(my version is cleaned up a bit, but you get the idea on how easy it is to implement)

-------------
http://www.iportalx.net" rel="nofollow">

Posted By: WebWiz-Bruce
Date Posted: 31 August 2011 at 8:23am

If you read there terms and conditions it is for non-commercial use only and can not be included in Web Wiz Forums which is commercial software or for any commercial forums:-

Your use of this data and supporting software is non-commercial.
You will not charge money for any software that utilizes the data.
API queries are limited to 20,000 per day.

However, you can use the new spam filter in version 10 in a similar way to prevent spam but allows you to customise it to your own forum.

We are looking at expanding the spam filter to either to either have a file that you can download that contains persistent spamming sites to stop them posting on your forum or use an external lookup to our service hosted on our network in a similar way to stopforumspam works.

We have also been working with a Microsoft forum that we host on our network to make it much harder for spam bots to signup to Web Wiz Forums using encrypted unique form parts in the signup and other methods. This is included in the latest 10.03 release.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: Gullanian
Date Posted: 31 August 2011 at 9:52am

Honeypot fields seem to work well for me

Posted By: pedigree@sfs
Date Posted: 01 September 2011 at 12:59pm

As the current stopforumspam admin, I need to correct something. The license doesnt allow access to our system to be sold commerically but it doesnt prohibit its use in a commerical product. There are several plugins and mods for other commerical forum software (such as ipboard and vbulletin) as these are permitted, as would any mod or plugin that any one was to code that could be added to webwiz.

Posted By: WebWiz-Bruce
Date Posted: 01 September 2011 at 1:34pm

So it couldn't be supported directly in Web Wiz Forums as there are paid versions, but could be included as an mod or plugin?

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: pedigree@sfs
Date Posted: 01 September 2011 at 2:54pm

WebWiz-Bruce wrote:

So it couldn't be supported directly in Web Wiz Forums as there are paid versions, but could be included as an mod or plugin?

Correct. I know this is going to sound a little backward but if you were to provide a code change, freely downloadable as a seperate file (plug/mod/patch etc), that added lookups, then that is completely within the license, just as long as its not incorporated directly into the commerical code at point/time of sale.

WW was the first forum that I hacked in order to put active directory authenication into it and I enjoyed it.

Posted By: dbonline
Date Posted: 01 September 2011 at 3:22pm

MadDog,

Which pages would we add that if using WebWiz?

Posted By: alabamatoy
Date Posted: 02 September 2011 at 2:16pm

Great discussion, thanks all, especially the code snippet. I was going to try to xlate the PHP offered on the site into ASP, looks like I wont have to!!!

I added the stopforumspam http to mine as a test, and its been 100% dead-on correct so far.

Posted By: pedigree@sfs
Date Posted: 02 September 2011 at 9:12pm

great news, thats what I like to hear :)

Posted By: MadDog
Date Posted: 02 September 2011 at 9:14pm

dbonline wrote:

MadDog,

Which pages would we add that if using WebWiz?

I would place it in the register page to reduce the amount of times its called.

-------------
http://www.iportalx.net" rel="nofollow">

Posted By: alabamatoy
Date Posted: 10 September 2011 at 2:01pm

OK, I have this working in my older version of the forum. I wrote a new function, which is called from register.asp. If the user's email address, IP address or forum name appear in stopforumspam's database, I get a nice email saying they were blocked, and the prospective registrant is not allowed to register. This has the secondary nice effect of the spammer not appearing at the bottom of the main page as the newest member. Some of these spammers sign up with some pretty raunchy user names.

So its a new file in the functions folder, and two lines added to register.asp, and Bob's your uncle.

Im going to let it run for a day or two to make sure I dont see any errors then I'll post the code here. stopforumspam seems to be pretty darn good so far!!!

Posted By: pbanks
Date Posted: 12 September 2011 at 10:30pm

Im going to let it run for a day or two to make sure I dont see any errors then I'll post the code here. stopforumspam seems to be pretty darn good so far!!!

I would certainly like to hear how this pans out for you ...

-------------
http://IrishDogs.ie" rel="nofollow - http://IrishDogs.ie

Posted By: alabamatoy
Date Posted: 12 September 2011 at 11:41pm

<%

'// Blacklists
Function IsUserBlacklisted(sIP, sName, sEMail)

Dim bBlacklisted
Dim objXMLHTTP

bBlacklisted = False

      '// We need to make sure we can actually create the MSXML object
      If IsObject(CreateObject("MSXML2.ServerXMLHTTP")) = False Then IsUserBlacklisted = "Error: MSXML2.ServerXMLHTTP could not be created, please check MSXML is installed (v6 or above is recommended)": Exit Function

      '// Check Blacklists
      set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP")

      objXMLHTTP.open "GET", " http://www.stopforumspam.com/api?name" rel="nofollow - =" & sName & "&email=" & sEMail & "&ip=" & sIP, false

      objXMLHTTP.send
      if objXMLHTTP.status = 200 then
         If Instr(1, objXMLHTTP.ResponseText, "yes", 1) > 0 Then
         bBlacklisted = True
         'Create blocked message email
           strEmailBody = "Registrant " & strUsername & " at IP address " & getip() & " attempted to register with email " & STREmail & " and was found in the blacklist by stopforumspam."
         'Send the e-mail using the Send Mail function created on the send_mail_function.inc file
         blnSentEmail = SendMail(strEmailBody, strTxtForumAdmin, decodeString(strForumEmailAddress), strMainForumName, decodeString(strForumEmailAddress), "new registrant BLACKLISTED", strMailComponent, false)
      end if
      end if
      set objXMLHTTP = nothing
      IsUserBlacklisted = bBlacklisted
End Function

%>

This seems to work so far. You can use this function wherever you want to return a boolean for whether or not the username, IP address, or email passed to it is found in the stopforumspam DB. There's a whole bunch of error checking that can be done with the "status" property, but 200 is just "OK" http://msdn.microsoft.com/en-us/library/ms767625%28v=VS.85%29.aspx" rel="nofollow - . I put the call in register.asp where the user is already being checked to see if the IP has been blacklisted.

Create a file in the "functions" folder with the name "isuserblacklisted.asp" Paste the above code into it.

Add the following line at the top of register.asp where the other functions are:

Then I added the following to line 634 of register.asp:

'check if user is blacklisted

if IsUserBlacklisted(getIP(), strUserName, STREmail) then blnEmailBlocked = True

If anyone has improvements to this, please speak up. Im just a jackleg coder, after all, copying stuff that others have done and taking credit for it. :-) Most of all, if you see some degernate situation where it wont work, please let me know as well.

Posted By: pbanks
Date Posted: 13 September 2011 at 12:58am

Are you sure about the exact positioning in line 634 of register.asp of the code?

-------------
http://IrishDogs.ie" rel="nofollow - http://IrishDogs.ie

Posted By: alabamatoy
Date Posted: 13 September 2011 at 2:45am

pbanks wrote:

Are you sure about the exact positioning in line 634 of register.asp of the code?

No, it probably varies with version of the forum base. I placed it at the end of the section commented "check email domain is not banned" The function call sets the same variable as though the email domain had been banned. its immediately after the following two lines:

'Close recordset
rsCommon.Close

Posted By: Gullanian
Date Posted: 16 September 2011 at 1:58pm

If Instr(1, objXMLHTTP.ResponseText, "yes", 1) > 0 Then

That will return true each time if the email address or username contains 'yes' right?

Posted By: alabamatoy
Date Posted: 17 September 2011 at 3:37pm

Gullanian wrote:

If Instr(1, objXMLHTTP.ResponseText, "yes", 1) > 0 Then

That will return true each time if the email address or username contains 'yes' right?

It will return true if the returned string of text from stopforumspam contains the text characters "yes" anywhere in it. So if either the name, the email address, or the IP address is found in the stopforumspam DB, stopforumspam returns a yes value.

Here's an example of one that does NOT return a hit: http://www.stopforumspam.com/api?email=helliott@knooology.net&username=docistesting13&IP=75.76.170.151" rel="nofollow - http://www.stopforumspam.com/api?email=helliott@knooology.net&username=docistesting13&IP=75.76.170.151

and here is an example of one that DOES return a hit: http://www.stopforumspam.com/api?email=spammysboy@aol.fr&username=slloyd945&IP=88.166.46.7" rel="nofollow - http://www.stopforumspam.com/api?email=spammysboy@aol.fr&username=slloyd945&IP=88.166.46.7

follow the links, then do a "view source" on the resulting page to see the XML that would be in objXMLHTTP.ResponseText

HTH....

Posted By: alabamatoy
Date Posted: 17 September 2011 at 3:49pm

I have also modified the administrator email for new registrants. Here's what the resulting email that I get looks like:

from: XXXX Forum mailto:forum@.com" rel="nofollow - forum@mywebwizforumdomain.com
mailto:forum@mywebwizforumdomain.com" rel="nofollow - to: forum@mywebwizforumdomain.com

date: Fri, Sep 9, 2011 at 9:49 AM
subject: New Member Activation

Hi,

The following new member has registered on XXXX Forum.

----------------------------
Username: - slloyd945
Email Address: - mailto:spammysboy@aol.fr" rel="nofollow - spammysboy@aol.fr
IP Logged: - 88.166.46.7
----------------------------

To activate the new membership slloyd945 click on the link below: -

http://" rel="nofollow - http://www.mywebwizforumdomain.com/forum/admin_activate.asp?USD=1736

To view the domain info for the registrants IP address, click here:
http://www.dnsstuff.com/tools/ipall?ip=88.166.46.7" rel="nofollow - http://www.dnsstuff.com/tools/ipall?ip=88.166.46.7

If you are absolutely certain that this registrant is a spammer, and the registrant did NOT show up in StopForumSpam's database, you can add him to the database; click here:
http://www.stopforumspam.com/add.php?username=slloyd945&email=spammysboy@aol.fr&IP=88.166.46.7&api_key=%5bmywebwizforumdomain_API_key" rel="nofollow - http://www.stopforumspam.com/add.php?username=slloyd945&email=spammysboy@aol.fr&IP=88.166.46.7&api_key=[mywebwizforumdomain_API_key ]

To view details of the new registrant *before* approving, click here:
http://www.mywebwizforumdomain.com/forum/register.asp?FPN=0&PF=1736&M=A" rel="nofollow - http://www.mywebwizforumdomain.com/forum/register.asp?FPN=0&PF=1736&M=A

---------------------------------------------------------------------------------------
Software provided by Web Wiz Forums(TM) version 9.55 - http://www.webwizforums.com" rel="nofollow - http://www.webwizforums.com
Free Bulletin Board System - Download today!

The RED text link is important because that is how you can ADD to stopforumspam's DB. If you get someone who does not appear in the DB, and you are absolutely sure they are a spammer, you can submit them to the DB. You have to get an API Key from stopforumspam (its just a gibberish text value, like a password) in order to submit.

My site is averaging 1-2 spammer blacklistings per day. I got one this week which was obviously a spammer but was not in the DB, so I submitted him in hopes that it helps others blacklist him.

Posted By: alabamatoy
Date Posted: 28 October 2011 at 3:01pm

Update - this seems to be working very well. During the month of October, we had 35 forum signups which were blacklisted by stopforumspam, and 7 which were legitimate users. Thus far, stop-forumspam seems not to have blacklisted anyone who was legitimate, but it has missed a few (small percentage, none this month) which were spammers. The link to add to the stopforumspam database easily adds those as you find them.

Posted By: WebWiz-Bruce
Date Posted: 28 October 2011 at 4:41pm

I have been chatting to Paul over at StopForumSpam who has agreed to allowing us to include support in the forum core code, so that you don't need to modify the code to have this functionality.

Expect to see this in the next release shortly.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: pbanks
Date Posted: 28 October 2011 at 5:06pm

Well done Bruce. It really has helped me cutting on a lot of those "Chinese and Russian" spammers whom always register in the middle of night when we're all asleep ...even though I've also got a Moderator Hold on posts until they've posted over 10 ...

-------------
http://IrishDogs.ie" rel="nofollow - http://IrishDogs.ie

Posted By: kiklop
Date Posted: 28 October 2011 at 5:40pm

Great news !!

-------------
http://www.dyxum.com" rel="nofollow - dyxum.com

Posted By: billd3
Date Posted: 31 October 2011 at 6:30pm

Bruce is the "make it happen" fellow. Good work!

-------------
BillD
http://theamcpages.com
http://theamcforum.com

Posted By: dbramley
Date Posted: 08 November 2011 at 2:31pm

Excellent, I've been busy adding this into my forums and its been great so far at blocking spammers.

Posted By: alabamatoy
Date Posted: 10 November 2011 at 5:41pm

Cool! Bruce, thanks for working this. Any idea when the version would be out? We are contemplating upgrade, and I dont want to rewicker all this into a new upgrade version if you are going to do it for me, Im inclined to wait until your version is release.

Posted By: WebWiz-Bruce
Date Posted: 10 November 2011 at 6:17pm

Should be before the end of this month.

We are currently testing out a crude implementation of the StopForumSpam for the next version on this website and so far in 6 days it's block 24 signups, although a few have slipped through and been added to the StopForumSpam database.

Posted By: JohnnyW
Date Posted: 14 December 2011 at 4:21pm

Hi Bruce,

I was wondering if you had an update on this? I've been holding off upgrading our current version of WWF as I was really interested in this feature since our forum gets hit pretty heavily by spammers.

Cheers!

Posted By: WebWiz-Bruce
Date Posted: 15 December 2011 at 10:09am

We are currently testing this on this web site and while it does stop a few spammers more than half still get through.

In the last month we have submitted 71 spammers to StopForumSpam from this forum and I would say it does not get allot of spam, so do not expect it to be some type of magic bullet that will stop the majority of your spam.

A basic integration has been developed for Web Wiz Forums, but it still needs more work to allow easier submitting of spammers to StopForumsSpam database.

Posted By: alabamatoy
Date Posted: 16 December 2011 at 12:59pm

WebWiz-Bruce wrote:

In the last month we have submitted 71 spammers to StopForumSpam from this forum and I would say it does not get allot of spam, so do not expect it to be some type of magic bullet that will stop the majority of your spam.

Interesting. My implementation has been allowing no spammers at all through. We get anywhere from 1-3 signups per day, with only 1-2 per week being legitimate registrants, and stopforumspam has been nailing the bad/good 100%. I think I have added one to stopforumspam in the last 2 months. Mine is setup to require admin approval for all registrants, so the ones who get through stopforumspam still have to get through me, and the admin message has a link already in it to add them to the database, which makes it really easy.

I, for one, appreciate you submitting the spammers, because by doing so, you are only helping me to avoid them!!!! LOL

Posted By: kiklop
Date Posted: 16 December 2011 at 1:10pm

We have this implemented for little more than a month and so far i can say that it is working nicely.
Isn't foolproof but did blocked most spamers so far.

Aside blocking new registrations, we used this to check our existing memberships as well and found some "sleepers" as well (in most cases they registered to abuse signatures or homepage links).

-------------
http://www.dyxum.com" rel="nofollow - dyxum.com

Posted By: WebWiz-Bruce
Date Posted: 16 December 2011 at 4:04pm

For appropriately one month usage stats for today for these support forums are:-

87 Registrations Blocked by StopForumSpam

74 Spammers Submitted to StopForumSpam that have got through

What seem to find is that if a spammer has their registration blocked they try again with a different email address or IP till they are able to register, till they find a combination of both which does allow them to register.

Posted By: alabamatoy
Date Posted: 17 December 2011 at 6:01pm

Bruce, its pretty obvious to me that you have a different audience targeting your site than I have targeting mine.

Question: Are you querying forum name, AND ip address AND email address? I am querying all three.

I dont own stock in stopforumspam! It just seems to be working *very* well for my little backwoods country webwiz forum. With the additions to the admin registration email, its pretty darn easy to address the ones that actually register, and either add them to SFS or let them complete registration.

For my site:
I have had 34 blacklisted by SFS thus far in December Dec 1 thru Dec 17)
I have 5 legitimate registrations thus far in Dec
I have had 1 registrant that turned out to be a spammer, ie got through SFS and registered.

Posted By: JohnnyW
Date Posted: 19 December 2011 at 8:40am

Anything that will help will be worthwhile Bruce as our forum gets hammered by the buggers. I've written my own mod that will suspend a spammers account, add their ip to the blocked list and delete all there posts with one click which has helped a lot but it would be great if this feature was implemented to help cutdown on the signups in the first place.

Posted By: billd3
Date Posted: 19 December 2011 at 8:24pm

Interested in how that mod works - if it's "legal" to put in our own forum code and if you are interested in passing it along - even if it's not "free...........

-------------
BillD
http://theamcpages.com
http://theamcforum.com

Posted By: pbanks
Date Posted: 19 December 2011 at 8:35pm

Nothing "illegal" there to add it as a MOD. I've had it runnign a couple of months now and it DOES appear to have minimised the idiots who want to advertise their sneakers, viagra and other such dodgy wares.

I DO, of course, have a number of other measures in place such as posting 10 posts on "Approval" before becoming "Full" members ... but it has cut the SPAM to ZERO!!!

Yes, read that ... ZERO SPAMMERS! You need every single piece of defence in your arsenal to stop these t**sers ... and antispam is a GREAT addition to this arsenal.

-------------
http://IrishDogs.ie" rel="nofollow - http://IrishDogs.ie

Posted By: WebWiz-Bruce
Date Posted: 20 December 2011 at 8:45am

To update everyone on the progress of StopForumSpam integration in Web Wiz Forums.

Completed:-

Admin page to enable StopForumSpam with options to add your API key, check on username, email and IP, or check just on email address and IP.

Registration page checks against StopForumSpam database using the settings set in the admin area. If the new members registration comes up in the StopForumSpam they are blocked from signing up.

If the registration is blocked due to the email address being found in the StopForumSpam database, but not the IP, the spammer has changed their IP, so the updated IP is submitted to StopForumSpam automatically.

If a member is suspended and you have entered an StopForumSpam API key, a link in their profile allows the admin or moderator to submit the member to StopForumSpam.

The Admin Vetting/Activation email has been updated to include links to submit the failed member registration to StopForumSpam. It also links to our http://www.webwiz.net/domain-tools/ip-information.htm" rel="nofollow - Free Online IP Information Tool to lookup information on the IP address used.

Our http://www.webwiz.net/domain-tools/ip-information.htm" rel="nofollow - Free Online IP Information Tool is updated monthly so is very accurate, and includes information on the owner of the IP and the location. At the moment it just has IPv4 Addresses but soon hope to add IPv6 support as well.

Things To Do:-

Create a Spam Cleaner page that will allow with a single click the following:-

Suspend member

Remove their posts

Submit to StopForumSpam

Add IP to block list along with block reason

Add Admin Notes to suspended members profile with reason for suspension

There are also lots of other changes to the next version, with the other big feature being built in support for SSL, so that pages such as Login, Registration, Private Messages, Member Profile, Member Control Panel, and Admin Control Panel would automatically switch to SSL for these pages. You would need to have an SSL Certificate for your forum in order for it to work. This is presently being tested on this forum.

Posted By: billd3
Date Posted: 20 December 2011 at 1:43pm

WOW This sounds exciting. I can't wait until the next version/upgrade.

-------------
BillD
http://theamcpages.com
http://theamcforum.com

Posted By: JohnnyW
Date Posted: 20 December 2011 at 5:19pm

Nice work Bruce! Sounds ideal.

Posted By: kiklop
Date Posted: 20 December 2011 at 6:03pm

Great news !

-------------
http://www.dyxum.com" rel="nofollow - dyxum.com

Posted By: evening_grosbea
Date Posted: 23 December 2011 at 6:11pm

Wow - I NEEEEEEED THIS !

I get 2-3 new spammers a day at times. I delete and they are back again the next day.

There should be an automated email to those spammers that just says "Get a life idiot"

Posted By: Lynx David
Date Posted: 31 December 2011 at 4:58pm

I would like to add that when we get spammed, if the ISP is from a known spamming domain, I check the whois for that IP address and ban the entire netrange assigned to that ISP. It might be nice to add that as an option when manually banning a spammer.

Thanks,

David

Posted By: alabamatoy
Date Posted: 03 January 2012 at 4:53pm

Lynx David wrote:

...I check the whois for that IP address and ban the entire netrange assigned to that ISP.

So, for example, some knucklehead practices unprotected computing on his AT&T serviced home computer, gets pwned by a botnet, and the botnet is used to try to spam your site, you block all of AT&T? That doesnt seem wise....

Posted By: Lynx David
Date Posted: 06 January 2012 at 3:30pm

Did you read the part about "from a known spamming ISP"? We get multiple spam posts from the same set of ISPs in China.

Posted By: WebWiz-Bruce
Date Posted: 06 January 2012 at 3:56pm

Just wait till IPv6 comes along then. There will be so many IP addresses that you could change your IP address every few minutes for the rest of your life and never run out.

We enquired recently about IPv6 addresses, and were immediately given enough IPv6 addresses that you could fit all the IPv4 addresses in to it several times over.

Since most Regional Internet Registries will run out of IPv4 addresses this year, we will more likely soon be seeing IPv6 addresses become more widely used. Then it will be fun and games trying to block spammers by IP address.

Posted By: alabamatoy
Date Posted: 14 January 2012 at 12:25am

Yes, IPv6 is going to change this approach.

Bruce, any idea on when this new version will be ready to deploy?

Posted By: alabamatoy
Date Posted: 14 January 2012 at 1:19pm

Speaking of IPv6, heres an interesting post on slashdot this morning:

"With the success of http://www.worldipv6day.org/" rel="nofollow - world IPv6 day in 2011, there is a lot of http://www.telecomengine.com/article/will-2012-be-year-ipv6" rel="nofollow - speculation about IPv6 in 2012 . But simply turning on IPv6 does not make the problems of http://en.wikipedia.org/wiki/IPv4_address_exhaustion" rel="nofollow - IPv4 exhaustion go away. It is only when services are usable with IPv6-only that the internet can clip the ties to the IPv4 boat anchor. That said, http://www.freebsd.org/ipv6/ipv6only.html" rel="nofollow - FreeBSD , http://social.technet.microsoft.com/wiki/contents/articles/ipv6-test-lab-extension-demonstrating-an-ipv6-only-environment.aspx" rel="nofollow - Windows , and http://code.google.com/p/android/issues/detail?id=3389" rel="nofollow - Android are working on IPv6-only capabilities. There are multiple accounts of http://www.gossamer-threads.com/lists/nsp/ipv6/32908" rel="nofollow - IPv6-only http://tools.ietf.org/html/draft-arkko-ipv6-only-experience-04" rel="nofollow - network http://tools.ietf.org/html/draft-hazeyama-widecamp-ipv6-only-experience-00" rel="nofollow - deployments . From those, we we now know that IPv6-only is viable in mobile, where over 80% ( https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://docs.google.com/spreadsheet/ccc?key%3D0AnVbRg3DotzFdGVwZWlWeG5wXzVMcG5qczZEZloxWGc%26pref%3D2&followup=https://docs.google.com/spreadsheet/ccc?key%3D0AnVbRg3DotzFdGVwZWlWeG5wXzVMcG5qczZEZloxWGc%26pref%3D2" rel="nofollow - of a sampling of the top 200 apps ) work well with IPv6-only. Mobile especially needs IPv6, since their are only 4 billion IPv4 address and approaching http://www.ericsson.com/campaign/opportunitysupportsystems/newsfeed/posts/15/" rel="nofollow - 50 billion mobile devices in the next 8 years. Ironically, the Android test data shows that the apps most likely to fail are peer-to-peer, like http://community.skype.com/t5/Android/Skype-not-working-on-T-Mobile-USA-IPv6-with-UMTS-unlocked-Galaxy/m-p/380685/highlight/true#M7845" rel="nofollow - Skype . Traversing NAT and relying on broken IPv4 is built into their method of operating. P2P communications was supposed to be one of the http://www.theregister.co.uk/2009/09/10/ipv6_traffic_surge/" rel="nofollow - key improvements in IPv6."

Posted By: billd3
Date Posted: 15 January 2012 at 3:45am

Have the security concerns been worked out of IPv6 yet? Last we researched this at work, there were a number of holes, some quite worrysome.

It causes us issues at work simply because it's forced on in server2008R2.

I note a number of firewalls block it by default still. (so I'm assuming no, the security concerns are still there?)

Our network admin is really not happy having to jump through so many hoops to be able to use outside resources when our own network will never need v6, and our state has their own subnets already reserved - enough to last us until I retire and well beyond. So the only reason we'll have to deal with it is "outside".

I see it becoming a security nightmare - and wonder how all the firewalls in the world will handle it.

The "transition period" is pretty scary. Translations don't always work well from what we've been shown.

-------------
BillD
http://theamcpages.com
http://theamcforum.com

Posted By: WebWiz-Bruce
Date Posted: 16 January 2012 at 1:12pm

IPv6 is more secure than IPv4 as they built security in to IPv6. Most firewalls have IPv6 blocked by default as most people are not using IPv6 at this time, and you only need to enable it on firewalls if you are using IPv6.

The problem with the IPv4 allocation is in the early days large blocks were given out to companies and many of these IPv4 addresses will never be used. Most IPv4 address have been allocated to the US, so the US has an abundance of IPv4 addresses. Hence why your state probably will not run out of IPv4 addresses.

The problem is the rest of the world does not have as many IPv4 addresses. IANA has now run out of IPv4 addresses with the last remaining blocks of /8 being issued to Regional Internet registries last February. These last remaining IPv4 address are set to run out, with APNIC in the Pacific and Asia down to it's last block of IPv4 addresses and set to run out completely before the end of this year. In Europe you can now only get enough IPv4 addresses from RIPE that you can justify will be used within 3 months. This is making it very hard for us to get IPv4 addresses and by this time next year we may not be able to get any at all!!

With your own network if you wish to stay with IPv4 then you could use tunnelling to access the IPv6 Internet. There are lots of protocols to do this like 6over4, Toledo, etc.

In our case as a web host we will have to look at running a Dual Stack with services having both IPv4 and IPv6 addresses so that every one, whether they are on IPv4 or IPv6 can access services and websites.

Your network admin may not like change, but it's coming. There are also lots of advantages to using IPv6, like built in security, getting rid of NAT's, mobile IPv6, faster forwarding, new header format, stateless and statefull address autoconfiguration, and much more.

Posted By: alabamatoy
Date Posted: 16 January 2012 at 1:28pm

I agree with everything Bruce says about IPv6 and v4. This is a problem I am dealing with at work (I do this forum stuff as a volunteer). The biggest looming problem is when some major provider like Verizon changes over, and their smartphones start getting IPv6 addresses natively. At some point, people will not be able to access your networked services unless you are dual-stacked. Im not so worried about not being able to access NW services, as major services will be dual stacked for many years to come. Google, for example, has been dual-stacked for a couple years now.

SO....Bruce, when can I get the new SFSed version of Webwiz? Smile

We are holding off upgrading awaiting the SFS support (yours appears to be much more thorough than my kludge), and my site is having some real issues with smartphones cause its so old. We are on 9.55, and my new Android cannot post anything to the forum, the rich text entry boxes dont work.

Posted By: WebWiz-Bruce
Date Posted: 24 January 2012 at 5:55pm

The new Spam Cleaner Tool is now complete and just going through the testing stage.

As well as the registration system checking with the StopFourmSpam Database to block spammer signups the new Spam Cleaner will allow Admins and Moderator to do the following actions from one screen:-

Suspend Member

Submit Member to StopForumSpam

Delete Members Posts

Delete Members Private Messages

Block Members IP Address

Remove Members Avatar

Remove Members Signature

Add Admin Notes about the Spammer

This should make it much simpler to stop spammers who do get through all the spam filters and block them from spamming yours and other forums again.

Posted By: Shaun
Date Posted: 25 January 2012 at 1:47am

Well done Bruce

-------------
http://www.npoc.co.uk/forum" rel="nofollow - Nissan Primera Owners Club - NPOC : The worlds largest Nissan Primera Forums

Posted By: alabamatoy
Date Posted: 03 February 2012 at 5:55pm

WebWiz-Bruce wrote:

The new Spam Cleaner Tool is now complete and just going through the testing stage.

Is it ready for rollout yet? :-)

Posted By: WebWiz-Bruce
Date Posted: 06 February 2012 at 8:47am

We are testing on a number of forums, unfortunately since running the trail this forum and other production forums that we are testing this on have gone from receiving spam almost everyday to only one in the last two weeks!

This means so far we have only had one real spammer to test with which showed a few issues which we have hopefully fixed, but now waiting for another spammer to test this on.

Spammers seem to be like buses, when you don't want one they always seem to be there getting in your way, when you do want one there's not one to be found.

The next release does have over 100 changes due to the extra spam tools, SSL support, and other features and fixes, so will more likely have a beta release.

Posted By: WebWiz-Bruce
Date Posted: 07 March 2012 at 11:26am

Have released Web Wiz Forums 10.10 Beta which includes support for StopForumSpam.

You can download 10.10 beta from the Early Release section on the Web Wiz Forums download page at the link below:-

http://www.webwiz.net/web-wiz-forums/forum-downloads.htm" rel="nofollow - http://www.webwiz.net/web-wiz-forums/forum-downloads.htm

Posted By: pbanks
Date Posted: 07 March 2012 at 12:46pm

Wow ... loads of changes.

Thanks a lot Bruce!

-------------
http://IrishDogs.ie" rel="nofollow - http://IrishDogs.ie

Posted By: kiklop
Date Posted: 07 March 2012 at 6:34pm

Thank you very much for this !!!

While i'm not thrilled with the idea of having a beta forum software on line, i decided to take a risk and updated our forum (we really wanted stop forum spam integration :))

Will let you know if we find any problem.

-------------
http://www.dyxum.com" rel="nofollow - dyxum.com

Posted By: WebWiz-Bruce
Date Posted: 08 March 2012 at 7:47am

It should be fairly stable as been testing on several large production forums for a few months now.

With over 100 file changes in the latest release it's quite allot of changes and their may well be a few small bugs that have slipped through the testing phase.

I would not suggest running it on a production server yet, unless you are happy getting your hands dirty and fixing any bugs that may cause the forum not to function correctly.

Posted By: WebWiz-Bruce
Date Posted: 13 April 2012 at 4:45pm

Web Wiz Forums 10.11 is now available on the download page and includes the StopFourmSpam updates.

Version 10.11 can check against the StopForumSpam service to see if the new registrant is a known spammer and block them.

If a spammer gets through the new Spam Cleaner Tool has an option to submit the spammer to StopForumSpam as well as deleted posts, PM's and blocking the spammers IP all from one tool.

If you are using member vetting then the admin email will includes links to submit the registrant to StopForumSpam as well as being able to lookup the IP location and other tools.