I disagree to be honest, having tried them both I've seen no situations where SFS flags positive, and many situations where the Invision system misses very obvious spammers who have been listed in SFS and ProjectHoneypot many times.
Also, the implementation of the spam flagging is very messy within the AdminCP at the moment, flagging a user as a spammer when viewing the validation queue only seems to remove them from the queue, you then have to reflag them within the normal member view to get them properly moved into the spammer group, and the same applies the other way around as well..
After being sold the enterprise spam service on a ticket and pointed towards the announcement on the company blog in June for details,( http://community.invisionpower.com/blog/1174/entry-9536-spam-service-updates/ ), I have to admit that we're really disappointed in the fact that it's not actually complete, and were only told this after we'd paid.
This is the section from the blog
The product does work but doesn't yet include any option for changing weighting preferences or black/whitelisting. I don't really understand why it would be announced as having these features if they weren't ready, I also can't see why 5 months later it's still not complete or why it's being sold as if it is. What's going on with it, and when can we expect the product we've paid for to be available in it's entirety?
Really like this, but think it would be much better if the mobile view had latest post information and a click through to the last post rather than just a link into the forum or threads themselves. I think the majority of users use these, and are more likely to go into threads when they see recent posts.
Even on these forums, the default avatar is linked from a Worpdress server, why is this and is there any way to fix it? I've been trying to find a way to load the image locally on my install since discovering this was happening.
It's deliberate, because you'll not want to be displaying the average desktop style ad on a mobile device because of size constraints. I don't know why IPB haven't added the option to place mobile ads into the mobile skin through the ad control settings yet, doesn't seem as if it would be especially difficult for them to do.
For now though, to show mobile ads you need to place them manually in to the mobile skin template.
If it is a layer 7 attack, you could try upgrading to the cloudflare business service as that offers protection against that sort of thing, although the price is a fair bit higher than the pro service.
If there aren't any more than 4 ip's hitting your server then it's not a ddos. If you're getting high load and going over resource limits with barely anything going through the network to your server then the place to look is the server itself and the configuration of it and the software on it as it's likely to be something going wrong with one of those. If the forum is the only thing you're hosting on that service try disabling all of the hooks or putting it in to performance mode to see if that helps.
You really need to confirm first that it is an attack causing the problem - 4 ip's wouldn't constitute a 'massive' ddos and would be very easily mitigated if they were actually attacking you and causing the problem. Most likely though that they're just spiders or spambots, which although annoying at times aren't going to knock a site over.
I know your experts have looked at your logs and confirmed it was a ddos, but to really identify it, particularly assuming the server went down during this 'attack' then they would need to investigate far deeper down to network level and would therefore need to work with your host to do that. If you are using cloudflare, that's their part of it any way - anything coming to your site goes through their network first so if their log shows nothing then it's very likely to mean there was nothing to show.
If someone really is attacking you for whatever reason and is deliberately targeting you then moving host won't stop them any way, as soon as the new ip has propagated then the attack will come through to you again. You need try and find out first if it is really an attack directed deliberately at your domain or ip address, or just at the host server, it's overkill to just move hosts before understanding any of this as you've a very good chance that you're either going to waste a lot of time when you didn't need to, or that it just happens again with the new host.
Are you sure this is actually a ddos and not an error somewhere on the server or the software running on it. It seems unlikely that a brand new, low traffic forum with few posts is going to be subject to ongoing attacks for no reason? It also seems surprising that cloudflare pro hasn't helped because they appear to be able to deal with most things, which also makes me think that it may not be a ddos.