You are not logged in.
- Topics: Active | Unanswered
#1 2019-12-03 7:32 pm
- wesyah234
- Member
- Registered: 2010-11-30
- Posts: 6
api.stopforumspam.org vs api.stopforumspam.com
For some reason (might be a network issue with my ISP), I am currently not able to connect to api.stopforumspam.org
~> wget "http://api.stopforumspam.org/api?ip=95.213.251.156&json"
--2019-12-03 10:21:31-- http://api.stopforumspam.org/api?ip=95.213.251.156&json
Resolving api.stopforumspam.org (api.stopforumspam.org)... 192.124.249.168
Connecting to api.stopforumspam.org (api.stopforumspam.org)|192.124.249.168|:80... failed: Operation timed out.
Retrying.
However, if I replace the .org with .com it works:
~> wget "http://api.stopforumspam.com/api?ip=95.213.251.156&json"
--2019-12-03 13:25:33-- http://api.stopforumspam.com/api?ip=95.213.251.156&json
Resolving api.stopforumspam.com (api.stopforumspam.com)... 104.25.137.22, 104.25.136.22
Connecting to api.stopforumspam.com (api.stopforumspam.com)|104.25.137.22|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/json]
Saving to: ‘api?ip=95.213.251.156&json.2’
api?ip=95.213.251.156&json.2 [ <=> ] 73 --.-KB/s in 0s
2019-12-03 13:25:33 (3.87 MB/s) - ‘api?ip=95.213.251.156&json.2’ saved [73]
The examples all use .org so I'm just wondering if the .com version of your APIs are appropriate to go ahead and use.
Also, if you have any ideas as to why the .org api calls are now timing out after working fine for years please let me know.
Offline
#2 2019-12-03 7:51 pm
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: api.stopforumspam.org vs api.stopforumspam.com
.org is deprecated (due to impending cost rises), and the whole API system is moving to a v2. This is essentially due to current problems with Cloudflare. It also may be because you are using HTTP rather than HTTPS (http has long been deprecated). You are also strongly advised to concentrate on JSON (rather than XML - xml is also deprecated).
The whole move is in the course of consultation at this very moment at the VIP level, and will be documented once stable. I'm surprised that .org is currently not available, but the above is good advice in any case.
Offline
#3 2019-12-03 10:58 pm
- sklerder
- Member
- Registered: 2012-10-11
- Posts: 336
- Website
Re: api.stopforumspam.org vs api.stopforumspam.com
Hi !
I don't know if something has been modified since your post, but at the moment, it works for me, either with http or https:
With ".com"
[root@www 20191203_235507 /] # wget "http://api.stopforumspam.com/api?ip=95.213.251.156&json"
--2019-12-03 23:55:10-- http://api.stopforumspam.com/api?ip=95.213.251.156&json
Resolving api.stopforumspam.com... 104.25.136.22, 104.25.137.22, 2606:4700:20::6819:8916, ...
Connecting to api.stopforumspam.com|104.25.136.22|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/json]
Saving to: `api?ip=95.213.251.156&json'
[ <=> ] 73 --.-K/s in 0s
2019-12-03 23:55:10 (5.36 MB/s) - `api?ip=95.213.251.156&json' saved [73]
[root@www 20191203_235510 /] # wget "http://api.stopforumspam.com/api?ip=95.213.251.156&json"
--2019-12-03 23:55:14-- http://api.stopforumspam.com/api?ip=95.213.251.156&json
Resolving api.stopforumspam.com... 104.25.137.22, 104.25.136.22, 2606:4700:20::6819:8816, ...
Connecting to api.stopforumspam.com|104.25.137.22|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/json]
Saving to: `api?ip=95.213.251.156&json.1'
[ <=> ] 73 --.-K/s in 0s
2019-12-03 23:55:14 (4.47 MB/s) - `api?ip=95.213.251.156&json.1' saved [73]With ".org" :
[root@www 20191203_235514 /] # wget "http://api.stopforumspam.org/api?ip=95.213.251.156&json"
--2019-12-03 23:58:48-- http://api.stopforumspam.org/api?ip=95.213.251.156&json
Resolving api.stopforumspam.org... 192.124.249.168, 2a02:fe80:1010::18:2
Connecting to api.stopforumspam.org|192.124.249.168|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/json]
Saving to: `api?ip=95.213.251.156&json.2'
[ <=> ] 73 --.-K/s in 0s
2019-12-03 23:58:48 (6.08 MB/s) - `api?ip=95.213.251.156&json.2' saved [73]
[root@www 20191203_235848 /] # wget "https://api.stopforumspam.org/api?ip=95.213.251.156&json"
--2019-12-03 23:58:54-- https://api.stopforumspam.org/api?ip=95.213.251.156&json
Resolving api.stopforumspam.org... 192.124.249.168, 2a02:fe80:1010::18:2
Connecting to api.stopforumspam.org|192.124.249.168|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/json]
Saving to: `api?ip=95.213.251.156&json.3'
[ <=> ] 73 --.-K/s in 0s
2019-12-03 23:58:54 (6.90 MB/s) - `api?ip=95.213.251.156&json.3' saved [73]Last edited by sklerder (2019-12-03 11:00 pm)
Offline
#4 2019-12-04 2:06 pm
- wesyah234
- Member
- Registered: 2010-11-30
- Posts: 6
Re: api.stopforumspam.org vs api.stopforumspam.com
Thanks for the replies. I was using http with the .org address because that is what is documented at:
https://www.stopforumspam.com/usage
Https: with the .org address still does not connect for me but I feel it may be something with my ISP / network layer where I'm connecting from. I still have a ticket open to our network support team to look at this issue.
My main question at this point is: considering that api.stopforumspam.com and api.stopforumspam.org resolve to different ip addresses, is it safe to start using api.stopforumspam.com for my api calls even though this is not documented at this time?
Offline
#5 2019-12-04 3:39 pm
- JamesC
- Member
- Registered: 2010-01-09
- Posts: 93
- Website
Re: api.stopforumspam.org vs api.stopforumspam.com
is it safe to start using api.stopforumspam.com for my api calls even though this is not documented at this time?
This depends on your site's GDPR needs. If your site is hosted within the EU, or your site accepts connections from European citizens no matter in the world they may be, then for GDPR compliance reasons, you should query europe.stopforumspam.org*. All other api mirrors (whether on .org or .com) are currently outside the EU.
But if you need to flip over to api.stopforumspam.com while you sort out the connection issue with your provider, none of us will tattle on you. 
(edit to insert link to Pedigree's post about GDPR and the europe.sfs api endpoint)
Last edited by JamesC (2019-12-04 3:44 pm)
Offline
#6 2019-12-04 5:00 pm
- wesyah234
- Member
- Registered: 2010-11-30
- Posts: 6
Re: api.stopforumspam.org vs api.stopforumspam.com
sounds good, thank you James.
Offline
#7 2019-12-04 10:26 pm
- wesyah234
- Member
- Registered: 2010-11-30
- Posts: 6
Re: api.stopforumspam.org vs api.stopforumspam.com
I heard back from our network people. I work at a medical university and they use a threat detection system and said the system automatically blocked the IP 192.124.249.168 (which is api.stopforumspam.org) due to the following:
"They were shunned due to telnet port scanning. We saw 69,231 telnet connection attempts from 192.124.249.168 in less than 30 minutes. The scanning started on Dec, 2nd @ 18:26:16 CST."
And they attached a sample of the log messages showing the scanning which I can send to someone via PM if you wish.
Offline
#8 2019-12-05 1:42 am
- Maikuolan
- Member
- From: Perth, Western Australia
- Registered: 2011-08-09
- Posts: 799
- Website
Re: api.stopforumspam.org vs api.stopforumspam.com
Just my own two cents, and your network, your network people's rules, but personally, seeing as we're talking about "telnet connection attempts" and "port scanning" from the IP in question, I think it would've made more sense to just block inbound connections, rather than also blocking outbound connections for your network, too. Blocking inbound connections while allowing outbound connections should, in theory, prevent the kinds of problems which your network people are using as their justification for blocking the IP in question, while still allowing requests to be sent from within your network, thus allowing lookups to still occur.
However, that all said, seeing as the IP in question is associated with the .org, which has been deprecated (which Alex already mentioned before), whether your network people block inbound or outbound requests, either way, shouldn't really matter at this point anymore. Just move onto one of the other endpoints, away from the .org (the other endpoints all connect to other, unrelated IPs, which I guess, may or may not be blocked at your network, but you're the only one here that'll be able to make that determination).
Last edited by Maikuolan (2019-12-05 1:43 am)
Offline
#9 2019-12-05 3:53 am
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: api.stopforumspam.org vs api.stopforumspam.com
That IP address is the Sucuri anycast network, a cloudflare type system that provides transparent network load balancing, its not us as such. Your network guys should hit up Sucuri with the logs.
Offline
#10 2019-12-05 10:33 am
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: api.stopforumspam.org vs api.stopforumspam.com
the IP 192.124.249.168 (which is api.stopforumspam.org)
I hope that that was NOT the network guys; if so, they need retraining:
:~$ whois 192.124.249.168
NetRange: 192.124.249.0 - 192.124.249.255
CIDR: 192.124.249.0/24
NetName: SUCURI-ARIN-002
NetHandle: NET-192-124-249-0-1
Parent: NET192 (NET-192-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS174, AS3257, AS30148
Organization: Sucuri (SUCUR-2)
RegDate: 2015-04-01
Updated: 2015-04-01
Comment: http://sucuri.net
Comment: noc@sucuri.net
Ref: https://rdap.arin.net/registry/ip/192.124.249.0
OrgName: Sucuri
OrgId: SUCUR-2
Address: 30141 Antelope Rd
City: Menifee
StateProv: CA
PostalCode: 92584
Country: US
RegDate: 2014-12-11
Updated: 2016-01-16
Ref: https://rdap.arin.net/registry/entity/SUCUR-2
OrgAbuseHandle: SOC55-ARIN
OrgAbuseName: Security Operations Center
OrgAbusePhone: +1-888-318-5114
OrgAbuseEmail: soc@sucuri.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/SOC55-ARIN
OrgTechHandle: SOC55-ARIN
OrgTechName: Security Operations Center
OrgTechPhone: +1-888-318-5114
OrgTechEmail: soc@sucuri.net
OrgTechRef: https://rdap.arin.net/registry/entity/SOC55-ARINOffline
#11 2019-12-05 3:21 pm
- wesyah234
- Member
- Registered: 2010-11-30
- Posts: 6
Re: api.stopforumspam.org vs api.stopforumspam.com
I completely agree that our network team should have blocked only *incoming* connections from that IP (they have since whitelisted my outgoing connections to that IP per my explanation of what I use your services for)
As for the fact that the IP in question is part of a load balancing network, I didn't think to do a reverse lookup on the IP. I just did a nslookup on the api address I was using:
~> nslookup api.stopforumspam.org
Non-authoritative answer:
Name: api.stopforumspam.org
Address: 192.124.249.168
So yes, I agree it's not your IP per se, however your api address resolves to it so you run the risk of inheriting the reputation of all people who have access to that IP (including telnet port scanners apparently).
Offline
#12 2019-12-05 9:24 pm
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: api.stopforumspam.org vs api.stopforumspam.com
What I'll do is talk to the guy who created Sucuri directly, Daniel Cid, as Im certain that their network abuse team would be interested in outbound non-HTTP traffic from their address space
Offline