[Plugin: Stop Spammer Registrations Plugin] Locked out of my own blog !

I am now locked out of my own blog and I am getting reported as a spammer from StopForumSpam.

The site https://www.stopforumspam.com appears to be compromised and it may be that everyone is getting listed as blocked.

I will revert to 2.20 and see what the difference is.

Keith

Well Keith, I suggest you ask for a list of plugins from all of us who are using your plugin.
This way you can see if there is a common plugin that we are all using that you aren’t.
I’m also looking for a log but I’m not sure what I’m looking for. If you can direct me to a log file then I’ll see what I can tell you.
I’ve looked through the blog root directory and a few sub directories for logs that might tell me what it was doing but the plug-in directory for stop spammer is gone once I removed the PHP file from the plug-in route. I did download the file in question to my desktop just in case there is information in that file that I can use.

I checked on stopforumspam.com but neither my IP (v4), nor email nor userid are registered.

So then it may be your IP Keith if you use that in any way in the plugin.

btw. the history looks like this:

2012/05/22 13:49:09 — 196.215.110.106 — /wp-login.php?redirect_to=http%3A%2F%2Fsasha.zice.md%2Fwp-admin%2Fedit-comments.php%3Fcomment_status%3Dmoderated&reauth=1 SFS, 2012-05-22, 255; My journal: c(183), p(1), s(0)

and the reason for this block is: SFS, 2012-05-22, 255;

oh, and for all the others saying that being locked out is unacceptable, maybe reconsider using this type of plugin?
I mean the scope of the plugin is to block access based on IP, email and spammer databases, i.e. stopforumspam, projecthoneypot, etc. so what happened to you is exactly what will happen to other users/visitors that are i.e. using IPs that were misused.

quick fix:

I have deactivated StopForumSpam for now until the plugin author sorts this out.

To do this I changed these options:
Deny spammers found on Stop Forum Span with more than 9999 incidents, and occurring less than 1 days ago.

And then purged the cache!

I know I have weakened my protection but this is better than disabling the whole plugin!

Same here.
Didn’t try to disable deny spammers, but i disabled checks at login.
In the admin page i had this written for my IP “cached bad ip”.

yes, it says: “cached bad IP” now go further up in the history and look for the first block for that IP or simply empty the cache and get blocked again, then go back and check the reason again.

Btw, how did you do this: ” i disabled checks at login” – I can’t find an option for that?

Yes unfortunately we cannot do that, had to comment the lines in the plugin ??

Tried to disable SFS and re-check login/signup, and it seems to work thx.

?? same here, I actually asked the author to give us an option of what the plugin is protecting: Comments/Registrations/Logins as I don’t need/want to protect Logins…

Great to see I am not the only one who’d like to have that feature ??

P.S. 3.1 is out and it seems to have fixed the problem!

I will add the options to check events, and an option to disable the sfs check.

Ovidiu had a bunch of suggestions that I will try to implement soon.

I will try to finish up the new features and have a new version out soon.

I am so sorry about the issues. I swear that I tested logging in and out over the weekend and I had not problem. Suddenly SFS is reporting me as a spammer and evidently everyone else. It is interesting that everyone gets reported as having 255 days as the frequency.

Please note that I never expected this to be used by more than a few people. I wrote it for myself to prevent registrations on my MU site. I am amazed and gratified by the number of people using the plugin and I hope that it will work without problems again.

Keith

Thanks for the quick bug fix and for providing such a useful plugin for free ??

Yes, thanks Keith for the plugin and for being so responsive.

Well once I deleted the php files that was mentioned earlier this morning I had no files that I could see so I have no history to look through. I will re-install the plugin as it completely disappeared from my site. I’ve come to rely on this plugin to keep the majority of the spammers at bay.

Thanks Keith for a really good plugin…

@ovidiu

oh, and for all the others saying that being locked out is unacceptable, maybe reconsider using this type of plugin?

Suggestion:
IF user-auth = wp-admin THEN never-lock-out…..