The plugin no longer uses the headers to get the original IP address.
I was asked to remove this by StopForumSpam.com because the “forwarded” headers can be spoofed. It turns out that spammers could spoof a white listed IP and then leave comments, acting like a proxy server. I cannot trust the header data as a true IP anymore.
If you can configure your proxy to preserve the original IP then the plugin will work, otherwise I would roll back to 5.8 version, but this leaves you open to a spoofed IP.
Keith
Thanks Keith. Seems spoofed IPs were far less of a problem than spammers being interpreted as my proxy server IP. Where can I find version 5.8?
Nevermind my last question. I found 5.8 on Github.
I did not put it on github. How did it get there? Does WP put it there?
Keith
I wrote a plugin to fix X-FORWARDED-FOR headers. This is just for proxy servers and it is very dangerous. It have it as a beta test on BlogsEye.com on the beta test page there.
If you are running a proxy server, and ONLY if you are running a proxy server for your site, you should install this. It will get the original IP as provided by the proxy server.
If you are not running a proxy, then the IP can be spoofed. Don’t run this so that you can access your site from a proxy. If you can get in this way then spammers and other malicious users can use it to spoof the IP address.
If you are running under CloudFlare (which acts like a proxy) you should use the cloudflare plugin that does the same thing, but only for cloudflare. The CloudFlare plugin is available on the ww.wp.xz.cn plugin site.
Keith
Hmm, the plot thickens. Here’s the link to Github. https://github.com/wp-plugins/stop-spammer-registrations-plugin/releases
BTW, since I’ve restored version 5.8, spammer history shows it’s back to work blocking numerous nefarious spammer registrations. The later versions, opened the floodgates as the plugin was reading their IP as my white listed proxy server IP. It showed numerous spammer registrations as “passed.”
However, when I went to search these registrations in my user database and also to track down the Buddypress groups that some of them tried to create, I could find neither. Any idea why they’re not showing up as such? Was something else zapping them? The only other security apparatus I have on the site is akisment, sucuri proxy server and site scanning, and a captcha plugin.
As a final note, I dropped a note to the folks at Sucuri that you would be abandoning the plugin and that it might be something they would want to continue. They said they’d take a look at it. It occurs to me that it might be great as a joint venture – take some of the load off of you and share profits as a premium plugin. Sorry to take liberties but it’s been one of my most valuable plugins and I hate to lose it. And your support has been top notch.
Just because a spammer “passes” doesn’t mean that they successfully registered. The plugin reports passes if the IP passes all tests.
The plugin does not follow through to see if the passed IP made it through the registration process. Once the IP passes the test the plugin backs out of the process and lets WordPress take over.
Keith
I’m seeing a similar effect. Spam registrations are coming through by the hundreds now, since the most recent update, sadly. Can you make this a setting instead of rolling back to 5.8?
Also, we’re seeing registrations get through if there is a DOS on the SFS website (no jdbc connections). I’d like to see registrations prevented (possibly selected by an option), if that happens, rather than allowing the registration to go through.
