Signup abuse detection and blocking 1.20.4

From (simple) multiple accounts detection to isp/connection fingerprinting with score-based moderating/rejecting logic. These are very effective low-hanging fruit at reducing spam.

Supports migration configuration from the following XF1 add-ons;

• TPU Spam Detect
• Alter ego Detector

See the FAQ Known Issues for known limitations. This is not a turn-key solution, and each site may require customization!

For multiple account detection, supports reporting to reports/threads. And will send reports to the same report/thread. To send to thread you must select the "Multi-account to thread" extra.

For connection fingerprinting more additional information is collected and recorded on the account.

Note; Configuration defaults are conservative, aimed at blocking VPNs and proxies. There are a large number of configuration options for this add-on!

Link content spam checking

Instead of adding the spam phrases http:///https:// which generate lots of false positives; this allows controlling how links are treated by the content spam checker;

• Explicitly allow URLs with a given domain
• Explicitly moderate URLs with a given domain
• Explicitly reject URLs with a given domain
• Default allow/moderate/reject for unclassified URLs

Multiple account handling permissions

• Bypass multiple account checking
• Can enable / disable alerting for user
• Can enable / disable alerting for log
• View reportings.

Use Multiple account to thread add-on to send multiple account reports to threads.

Per-user whitelist:



Multiple account logs per-user:


Options

• General options
  • Allow banned logout (default: true)
  • Allow rejected user logout (default: false)
  • Show user multiple account records on user profile tab (default: true)
  • Do not save users rejected on signup (default: false)
  • Spam check moderated posts (default: true)
  • Request website on signup (default: false)
  • Enable open port scan feature (default: false)
  • Login flood timer (default: disabled)
  • On login; Force two-step authentication if unknown ISP for user (default: false)
  • Approval queue - skip click-to-shrink (default: user/username change)
  • Moderate registration score threshold (default: 3)
  • Reject registration score threshold (default: 6)
  • Add to group registration threshold (default: disabled)
  • Registration - add to group (default: none)
• Multi-account Detection
  • Always check banned users for multiple accounts (default: true)
  • Maximum number of queries to fetch all multi-account of multi-accounts (default: 20)
• Multi-account Reporting
  • Show multi-account detection methods (default: true)
  • Multi-account dedupe filter: Skip bumping recently seen events (true + 2 days)
  • Include raw information into reported content (default: false)
• Connection profiling - DBL
  • StopForumSpam extended configuration (default scores: Username: 2, email: 4, IP: 3)
  • Project Honey Pot extended configuration (default; Report age cut-off: 60 days, Threat level 10% to 20% score: 1, Threat level 80% to 100% score: 6)
  • Tor Detection config (default: score 6, Use Cloudflare IP geolocation: true)
  • Get IP Intel DB (default: enabled, Low confidence score: 3, High confidence score: reject)
  • Apple iCloud Relay detection (default: enabled, Mute any Get IP Intel/ASN score if Apple iCloud relay is detected, score: 3)
• ]Connection profiling - ASN
  • ASN blocking configuration (default: Use Team Cymru DSN API for ASN lookup, Use RIPE HTTP API for ASN lookup, Use MaxMind GeoLite2 - ASN)
  • IP geolocation configuration (default: Use Cloudflare IP geolocation, Use MaxMind GeoLite2 - GeoIP)
  • Update MaxMind databases (default: true, requires "MaxMind GeoIP License Key" to be set)
  • ISP or ASN rules (default various)
  • Country rules (default various)
• Connection Profiling - Passive
  • Username rules (default various)
  • Email rules (default various)
  • Non-allowed email action (default: none)
  • Writing before registering spam-moderate score (default: Moderated)
  • Writing before registering spam-reject score (default: Moderated)
• Connection Profiling - Active
  • Multi-account registration mode - general (default: none)
  • Multi-account registration mode - specific (default: none)
  • Multi-account registration mode - specific groups (default: none)
  • Multi-account registration mode - specific permissions (default various exact permissions)
  • Hostname rules (default various)
  • Open TCP port scan rules (default various, not used by default)
  • Javascript disabled score (default: score 2)
  • Minimum time for registration (default: 20 seconds)
  • Minimum time for registration score (default: none)
  • Country language rules (various, auto-generated from language+country combinations)
  • Only score unknown language once (default: true)
  • Country language - Unknown (default: score 1)
  • Country timezone rules (various, auto-generated from timezone+country combinations)
  • Country timezone - Unknown (default: none)
• Content spam checking
  • Registration spam phrases (default: empty)
  • Link Spam checker: Registration default action (default: moderate)
  • Link Spam checker: Default action (default: moderate)
  • Link Spam checker: Default action (by content type) (default: none)
  • Link Spam checker: Accept (default: empty)
  • Link Spam checker: Moderate (default: empty)
  • Link Spam checker: Reject (default: empty)
  • Link checker known structured text content types (various)
  • ASN content spam check action (default: allowed)
  • IP geolocation content spam check action (default: moderated)
  • Language content spam check action (default: allowed)
  • Timezone content spam check action (default: allowed)
• Signup throttling (default: disabled)
  • Signup throttling window (default: 1 hour)
  • Signup throttling cut-off behavior (default: dynamic auto-scaling on previous day's signups with a min/max values)
  • Signup throttling types (default: Country/Asn)