Hi. I haven't tried this module yet, as I use this service's API with my own implementation. I was wondering, if a Drupal site lucky enough to be getting 5000+ registrations per day did occur, what would happen? SFS's API usage is just that. 5000/day limit otherwise it throws an error. If an error was returned from their API, would this script crash the Drupal website upon registering, or would it simply stand aside and allow the registration to go ahead without the background check? Or worse, would it prevent everyone from registering?

Other than this concern, I think this is a very useful module.

Thanks :)

Comments

miiimooo’s picture

miiimooo
Location Europe
commented

Do you know what the response looks like when you reach the 5000/day limit?

darklight’s picture

darklight commented

Not sure about the exact response, I haven't exeeded the limit for quite a while, but all you need to do is check if "success" is "1" it's quite simple to check.

miiimooo’s picture

miiimooo
Location Europe
commented
Status: Active » Closed (fixed)

Looking at the code of the new version ..

function spambot_account_is_spammer($account) {
  // Build request parameters according to the criteria to use
  $request = array();
  if (!empty($account->mail) && variable_get('spambot_criteria_email', TRUE)) {
    $request['email'] = $account->mail;
  }

  if (!empty($account->name) && variable_get('spambot_criteria_username', FALSE)) {
    $request['username'] = $account->name;
  }

  // Only do a remote API request if there is anything to check
  if (count($request)) {
    $result = spambot_sfs_request($request);
    if (!empty($result['email']['appears']) || !empty($result['username']['appears'])) {
      return TRUE;
    }
  }
}

.. I think it's okay. It doesn't check the success field..

bengtan’s picture

bengtan commented
Version: 6.x-2.0 » 6.x-3.0-beta2
Priority: Minor » Normal
Status: Closed (fixed) » Postponed (maintainer needs more info)

Hi,

Please move to the 3.x branch if you can as 2.x is no longer supported.

With regards to the 3.x branch ...

Blacklisting only occurs if the service is up and there was a successful request. The module does checks the 'success' field within spambot_sfs_request(). If there was a communications error, then blacklisting does not happen (and the error is logged).

However, I can't say what will happen if the 5000/day limit is exceeded because I've never had that happen to me, and the documentation on www.stopforumspam.com is not clear.

If you do happen to run into this limit and Spambot flags an error, the response should be logged in your site logs. If you could post the log here, that would be great so we can confirm what will actually happen.

For now, I've moving this issue to the 3.x branch, and keeping it open for a bit so other users can more easily find this issue.

darklight’s picture

darklight commented

Okay cool. Will do and thanks :)

fgm’s picture

fgm
Primary language French
Location Paris, France
commented

I just got an answer from the SFS webmaster: the limit has been raised to 8000/day, making it even less likely to be hit.

More detail:

You have 8000 queries a day to play with now.

We have DDoS protection at the core switches in the data centre and therefore we have no control over the DDoS protection in place at this core level but I have hack detection in the api and code that if you start feeding the php shellcode, youll find yourself in the firewall for some considerable time. Not a single case of anyone using a released mod has had this happen to them so as long as you urlencode usernames/email addresses you will never trigger this.

If you can push 5 req/sec at the api, then youll get 5 responses but some maybe slower if the firewalls start throttling syn packets.

darklight’s picture

darklight commented

Thanks for the info :)

kala4ek’s picture

kala4ek
Primary language Russian
Location 🇷🇺 Novosibirsk
commented
Issue summary: View changes
Status: Postponed (maintainer needs more info) » Closed (outdated)