Multiple Account Detection Tools [Paid] [Deleted]

same browser, same session (did not exit browser window)

Ive now had over 5 people create 2-3 accounts and since the new build, I only saw the 1 detection report, and it didnt list the username of the duplicate account.

it should have listed UserName A and UserName B same computer.
 
Last edited:
Found one issue - however this is not the only one - I had 10 different people log in with 2 new accounts and only one got logged in the db. but when I try to view via the admin, I shows "Colenel" then I click to view the alias's and it comes up with no matching result as I pasted above.

On to this problem:

This function is returning zero results for $accounts to your template view.

I verified in the sql table that there is indeed 3 rows with all the same IP

upload_2013-8-13_18-50-25.webp


class Nobita_AccountDetection_ControllerPublic_Detection extends XenForo_ControllerPublic_Abstract

public function actionAccounts()
{
$detectionId = $this->_input->filterSingle('detection_id', XenForo_Input::UINT);

$detectionModel = $this->_getDetectionModel();
$userModel = $this->getModelFromCache('XenForo_Model_User');

$detection = $this->_getDetectionForView($detectionId);

$detection = $detectionModel->prepareDetection($detection);

$userInfo = $userModel->getUserById($detection['user_id'], array('join' => XenForo_Model_User::FETCH_USER_FULL));

$detections = $detectionModel->getDetectedByIPAddress(long2ip($detection['ip']));

$accounts = array();
foreach($detections as $key => $detected)
{
$accounts[] = $detected['detection_user_id'];
}
$accounts = $userModel->getUsersByIds($accounts);
#var_dump($accounts);
$viewParams = array(
'detection' => $detection,

'accounts' => $accounts
);


I'll give it one more uninstall/install on your next version - please test it fully before emailing out a new version. If it works, I will give you a good review.
 
Found it:
$detections = $detectionModel->getDetectedByIPAddress(long2ip($detection['ip']));

change it to:

$detections = $detectionModel->getDetectedByIPAddress($detection['detection_ip']);

Not Needed:
#$userInfo = $userModel->getUserById($detection['detection_user_id'], array('join' => XenForo_Model_User::FETCH_USER_FULL));


Now it shows all 3 accounts with the same IP now - whats in my table.


This still doesn't seem to log all cookies etc.
 
Last edited:
KozmoK said:
Found it:
$detections = $detectionModel->getDetectedByIPAddress(long2ip($detection['ip']));

change it to:

$detections = $detectionModel->getDetectedByIPAddress($detection['detection_ip']);

Note Needed:
#$userInfo = $userModel->getUserById($detection['detection_user_id'], array('join' => XenForo_Model_User::FETCH_USER_FULL));


Now it shows all 3 accounts with the same IP now - whats in my table.


This still doesn't seem to log all cookies etc.
Click to expand...
With other account login this will be detected. And next release I will using some way to detected all accounts (If it is impossible) althouhgt other accounts didn't using :)
 
  • Like
Reactions: Dan
Little Bug

if you are login into your site you cant view ips on detect, you must login first to admincp and then to site to view.
 
@KozmoK, THIS addon work FINE for me on XF 1.2.0. DON'T matter browsers, session or cookies. just try it. ;)
I testing this addon about 3 weeks since version 1.2 b2 of XF.
 
Great! Now every admin can decide which factors they want to have an effect on the detection. Those that do not want username or email domain to factor in can do so.

Please make separate points settings for:
  • detected by similar email account (point)
  • detected by same email domain (point)
 
On second thought: I see what needs to be corrected in your method:

Currently ALL detection is based upon these factors. (IP, username, email, birthday) This should not be. It should work like this:
IF multiple accounts are detected by IP. THEN calculate other factors/points.
IF multiple accounts are NOT detected by IP, then DO NOT calculate other factors/points.

The point calculation is only meant to establish if the IP detection really identifies a multiple account or not.
 
I must admit, I'm completely in the dark with regard to what the points system for username, email etc. are used for.
For example, I would assign zero points for username and email because usernames and emails are unique. Nowhere is there any documentation which details whether it's an exact or partial match on either. Confused :(

What do the advanced detection points actually do?

Can the addon description please include this vital information?

Also why is the default for the cookie set to 10 days? Why would you ever want the cookie to expire? I set it to 365.

[Edit: I just logged in with 3 accounts. My main admin user one (id: 1) and two normal user accounts. And nothing happened. I would expect a report to be created.]

Thanks
 
Last edited:
Stuart, I set mine to 365 as well!

Here is what I am using, hope its set right, havent detected any yet.

upload_2013-8-26_8-50-51.webp
 
Well I'm clueless, but I set mine to 10,15,10,10 and 15 on the basis that if there is an IP match then 'detect'. But honestly I don't know what these points are for or how they work.

Ideally if there is a partial email or logn name match, then that would be nice to have, but this would need to be incredibly clever to be any use, wouldn't it?
Matching on the email @ suffix has limited use.
The most common type of email hit from the same person might be something like
bigstu@gmail.com and stuboy@hotmail.com. A moderator looking at the accounts would see the match, but it would require some kick ass sophisticated string matching to do it with a 'puter, wouldn't it?

The vB system works only on the cookie. A better system would be appreciated, but it needs documentation.
 
The points system only makes sense for accounts with IP detection. (As an IP match does not necessarily mean that the matched accounts are operated by the same person.) So if an IP match detects possible puppet accounts, then other factors can be looked at like DoB, username similarity (more than X characters in a row are the same), email account is the same (for example bigbadspammer26@hotmail.com and bigbadspammer26@gmail.com), email domain is the same, etc)
The functionality as it is now, is a work in progress.
 
Good point. If there is a cookie match then its surely the same computer. Therefore there is no need to look any further. So if there is a cookie match and an IP match then it is not needed to look at other factors.
I'm not sure if Nobita has taken this into account yet.
 
Stuart Wright said:
I must admit, I'm completely in the dark with regard to what the points system for username, email etc. are used for.
For example, I would assign zero points for username and email because usernames and emails are unique. Nowhere is there any documentation which details whether it's an exact or partial match on either. Confused :(

What do the advanced detection points actually do?

Can the addon description please include this vital information?

Also why is the default for the cookie set to 10 days? Why would you ever want the cookie to expire? I set it to 365.

[Edit: I just logged in with 3 accounts. My main admin user one (id: 1) and two normal user accounts. And nothing happened. I would expect a report to be created.]

Thanks
Click to expand...
;) This Addon won't detected Admin. So with the first Admin loggin Addon don't save cookie info :D
Stuart Wright said:
Well I'm clueless, but I set mine to 10,15,10,10 and 15 on the basis that if there is an IP match then 'detect'. But honestly I don't know what these points are for or how they work.

Ideally if there is a partial email or logn name match, then that would be nice to have, but this would need to be incredibly clever to be any use, wouldn't it?
Matching on the email @ suffix has limited use.
The most common type of email hit from the same person might be something like
bigstu@gmail.com and stuboy@hotmail.com. A moderator looking at the accounts would see the match, but it would require some kick ass sophisticated string matching to do it with a 'puter, wouldn't it?

The vB system works only on the cookie. A better system would be appreciated, but it needs documentation.
Click to expand...
I'll try to using google translate to make an document :oops:
Alfa1 said:
The points system only makes sense for accounts with IP detection. (As an IP match does not necessarily mean that the matched accounts are operated by the same person.) So if an IP match detects possible puppet accounts, then other factors can be looked at like DoB, username similarity (more than X characters in a row are the same), email account is the same (for example bigbadspammer26@hotmail.com and bigbadspammer26@gmail.com), email domain is the same, etc)
The functionality as it is now, is a work in progress.
Click to expand...
Yep! I'm plainning performance it too :D
Stuart Wright said:
Right that makes sense, thanks. So if the cookie matches *and* the IP? Or is this independent of the cookie?
Click to expand...
To detected multiple users login from an browser, using cookie. To detected multiple accounts of users using both :D
 
You must log in or register to reply here.
Top Bottom