Signup abuse detection and blocking [Paid] 1.15.6
- Thread starter Xon
- Start date
ENF
Well-known member
It is opinionated, but it's not always wrong with even some of the legit members that come out of some those on the default list.
As Xon mentioned, the default list is opinionated, but you really have to tune these tools to your own needs. We've made so many modifications to the default settings over the past couple of years, just to get it perfectly tuned or at least as close as possible to perfect for our own needs.
When the ASN gets triggered, you have to investigate who it belongs to and why it's triggered. We block a LOT of VPN's and some of the default ASN list that Xon put in covers a percentage of these, but it's constantly moving target that requires attention. If you determine that the ASN trigger is blocking members you want, just remove it from the list.
ENF
Well-known member
1000%
Although, I will throw this out there as something we have experienced. One of the challenges that has come up since we entered the post-COVID world is people travelling again. We found out that these temporary eSIM providers that people use for mobile data services when travelling, do some incredulous things with their traffic. I mentioned above that we are restrictive on VPN usage, and it turns out that some of these eSIM firms are routing their traffic through some of these VPN services/servers OR just leased hardware/nodes from various cloud providers that happened to also be hosting VPN nodes for some the common names you see advertised.
We got a lot of complaints about people being blocked because of those restrictions we have in place. We ran a campaign to gather information from people who were willing to fill out the survey and most issues came from these temporary eSIM or physical SIM card providers, used by tourists.
I have many registration that is blocked automatically and I don't understand the reasons. I admit that maybe my settings/options are not correct but hopefully @Xon can give some input.
Why are they rejected?
Spam trigger log
Why are they rejected?
Spam trigger log
- Action: Rejected
- Checking: Ssxxxxx, sc.xxxxxxx@gmail.com, 146.70.xxx.xx, ASN 9009, M247, RO, Country detected: RO, Hostname detected: 146.70.xxx.xx, Registration form completed: 98 sec, reject. IP threat score: 1, accept. Unknown email domain: <a href="{search}" target="_blank">gmail.com</a>, 0. Unknown browser language: en-US in RO, 0. Unknown browser language: en in RO, 0. Unknown browser language: fa in RO, 0. Browser timezone: RO-Europe/London in RO, Total score: 0, Rejected. Direct rule selection
- Generated by: Unknown account
- Today at 1:32 PM
- Content: user_rejected
- Action: Rejected
- Checking: xxx, wuxxxxxxxx@pku.edu.cn, 23.83.xxx.xxx, ASN 25820, IT7NET, CA, Country detected: CA, Hostname detected: 23.83.xxx.xxx.16clouds.com, Registration form completed: 73 sec, reject. IP threat score: 1, accept. Unknown email domain: <a href="{search}" target="_blank">pku.edu.cn</a>, Browser language: en, Browser language: en-US, 0. Unknown browser language: en-CN in CA, 0. Unknown browser language: zh-CN in CA, 0. Unknown browser language: zh in CA, 0. Browser timezone: CA-Asia/Hong_Kong in CA, Total score: 0, Rejected. Direct rule selection
- Generated by: Unknown account
- Today at 7:56 AM
- Content: user_rejected
@Xon
This is really giving us some headache:
In some cases we are redirecting to
register/connected-accounts/<providerid>/?setup=1 via query parameter xfRedirect after login in some cases.As such URLs are rewritten to
login/register/connected-accounts/?setup=1 this does not work any longer as (additionally to the canonical redirect breaking the URL) getDynamicRedirectIfNot detects this a notUrl.Can this be fixed?
I'm pretty sure I have made the adjustment somewhere incorrectly which cause all new registration to be put on a moderation queue now.
For example, this case should be approved automatically but it appears the IP score put it in the queue
- Checking: nitintrek, nitxxxxx@gmail.com, 71.233.xxx.xx
- ASN 7922, COMCAST-7922, US
- Country detected: US
- Hostname detected: c-xxxx.ma.comcast.net
- Registration form completed: 22 sec
- +0. IP threat score: 0.12
- Moderated. Unknown email domain failed: gmail.com
- Browser language: en
- Browser language: en-US
- Browser timezone: America/New_York
- Total score: 0
- Moderated. Direct rule selection
woody
Well-known member
looks like you are correct. So I need to add gmail.com to the whitelist domain.
I wonder if there is a way to add *.edu to the list
In the admincp, quicksearch for "Allowed email domains" and add
*.edu to the list of known/allowed email domains.Thank you. Reasons I asked is in your addon options, it has this section "Link Spam checker: Accept" where I can whitelist domains and it does not seem to allow wildcard domain according to the text
Enter one phrase per line. Each line should be a valid domain fragment ie com, example.com
For that domain allow-list, you can add
I've been meaning to migrate all the various lists of settings to their own table structure but that got pushed back as it is a large change and I've constantly busy with other more urgent things.
edu and it will allow links to any .edu domain.I've been meaning to migrate all the various lists of settings to their own table structure but that got pushed back as it is a large change and I've constantly busy with other more urgent things.