Signup abuse detection and blocking 1.16.6

• Fix maxmind files did not update when setting the license key

• Fix "GeoIp content spam check action" option would throw all posts into the approval queue if resolving the geoip failed
• Fix "GeoIp content spam check action" unexpectedly send posts to the approval queue if no geoip providers had been configured but Team Cymru's API for ASN lookups which gets an approximate country lookup
• Add "test resolving geoip" and "test resolving asn" pages for troubleshooting IP lookup issues

• Fix cloudflare geoip failing for content anti-spam checks
• Fix new multi-account reports where created with the wrong user

• Fix error logs would be spammed with missing maxmind database key
• Improve validation of the "Multi-account report user" option on upgrade to detect if the linked user is missing or the option missconfigured

• Fix entity not found error on allowed-email-domains page for XF2.3
• Fix logins by ip list included non-existent .less
• Fix logins by ip pagination from user edit page dropped the user filter, and had inconsistant number of items for the full list

• php 8.4+ compatibility
• XF2.3 compatibility
• Rename permission "View reportings" to "View multiple account reports"
• Fix csv import/export of allowed email domains didn't work
• Fix viewing anti-spam options page did not highlight the anti-spam options sidebar as active
• Fix shared email link detection did not also check for shared IP usage between the affected users
• Fix multi-account detection would fail to log events if "Multi-account report user" was invalid
• Fix missing return value for XF\Spam\ContentChecker::logSpamTrigger
• Fix error when viewing multi-accounts referencing deleted users
• Fix url canonization for connected account registration would result in broken redirect
• Ensure "Multi-account report user" has a valid user set if non is set by selecting the 1st valid user on the forum on install/upgrade/rebuild
• Remove "accept & report" feature as it is completely broken
• Remove "Notify front-end on multiple account registration" option
• Remove The "Detection method matching mode" option (ip/ip&cookie/cookie) as it was a foot-gun
  • IP matches are a low quality signal that needs a strong signal before multi-account detection triggers
  • IP only multi-account matches which can be removed with the CLI command xf-rebuild:sv-prune-ip-only-multi-account-matches
• On login, the ASN (aka ISP) and country are captured and preserved into a more durable log than XF's IP table
• Reduce number of queries hitting the ASN/Country geolocation providers by querying the local login/registration records with the minimum viable IP routing subnet
  • This is effectively a /24 for IPv4 and /48 for IPv6.
• Add CLI xf-rebuild:sv-enrich-login-records command to trigger binding ASN/Country to login records.
  Strongly recommend setting up MaxMind over using paid API calls as this will generate a significant number of queries for ASN/Country values
• Add MaxMind integration for geoip and asn resolving. This requires an API key.
  • Signup page: https://www.maxmind.com/en/geolite2/signup
  • Key processioning page: https://www.maxmind.com/en/accounts/current/license-key/
  • Copy the key to the "MaxMind GeoIP License Key" option
• MaxMind auto-update can be opt'ed out via disabling the "Update MaxMind databases" option, which describes which MaxMind databases are used
• Add signup throttling - rate limit signups
  • Configurable window to apply throttling limits (ie X seconds/minutes/hours/etc)
  • Throttle by IP/ASN/Country, and if XenCentral/MultiSite is installed by site
  • Signup limits automatically based on daily registrations with min/max values, or a fixed value
• New multiple account display page, under Users => Multiple accounts
  • Paginated list of recent users which have triggered multiple accounts
  • Displays users which have been linked together, and first/last time these have been detected

• Fix "Banned emails must be unique. The specified banned email is already in use" occurring when banning the same email domain multiple times in the same approval run
• Adjust various "ASN related phrases to be more consistent

• Update link to team-cymru's ip to ASN mapping service
• Fix spam-check for account details page would check non-editable custom fields and custom fields not on that page

• Fix error blocking a user editing their account details when spam checking was required, and a custom field had been set on their profile and then the custom field was deleted.

• Fix some options where not fully phrased
• Fix detection method "ip and cookie" would not work correctly when email link/api switch was detected
• Spam-check custom fields, website and location when editing account details
  • This was done at signup but not when editing account details