Signup abuse detection and blocking

Signup abuse detection and blocking 1.16.8

No permission to buy ($45.00)
  • Fix missing phrase on XF2.3 about starting a conversation about multi-account usage
  • Fix updating MaxMind key would fail if the "Update MaxMind databases" option was not set
  • Fix typo in template modification title
  • Fix options "Country timezone rules" and "Country language rules" would get reset if the add-on rebuild was triggered
  • Like
Reactions: eva2000
  • Fix maxmind files did not update when setting the license key
  • Like
Reactions: VBX Co
  • Fix "GeoIp content spam check action" option would throw all posts into the approval queue if resolving the geoip failed
  • Fix "GeoIp content spam check action" unexpectedly send posts to the approval queue if no geoip providers had been configured but Team Cymru's API for ASN lookups which gets an approximate country lookup
  • Add "test resolving geoip" and "test resolving asn" pages for troubleshooting IP lookup issues
  • Like
Reactions: VBX Co and Walter
  • Fix cloudflare geoip failing for content anti-spam checks
  • Fix new multi-account reports where created with the wrong user
  • Like
Reactions: VBX Co
  • Fix error logs would be spammed with missing maxmind database key
  • Improve validation of the "Multi-account report user" option on upgrade to detect if the linked user is missing or the option missconfigured
  • Like
Reactions: VBX Co
  • Fix entity not found error on allowed-email-domains page for XF2.3
  • Fix logins by ip list included non-existent .less
  • Fix logins by ip pagination from user edit page dropped the user filter, and had inconsistant number of items for the full list
  • Like
Reactions: Nirjonadda
  • php 8.4+ compatibility
  • XF2.3 compatibility
  • Rename permission "View reportings" to "View multiple account reports"
  • Fix csv import/export of allowed email domains didn't work
  • Fix viewing anti-spam options page did not highlight the anti-spam options sidebar as active
  • Fix shared email link detection did not also check for shared IP usage between the affected users
  • Fix multi-account detection would fail to log events if "Multi-account report user" was invalid
  • Fix missing return value for XF\Spam\ContentChecker::logSpamTrigger
  • Fix error when viewing multi-accounts referencing deleted users
  • Fix url canonization for connected account registration would result in broken redirect
  • Ensure "Multi-account report user" has a valid user set if non is set by selecting the 1st valid user on the forum on install/upgrade/rebuild
  • Remove "accept & report" feature as it is completely broken
  • Remove "Notify front-end on multiple account registration" option
  • Remove The "Detection method matching mode" option (ip/ip&cookie/cookie) as it was a foot-gun
    • IP matches are a low quality signal that needs a strong signal before multi-account detection triggers
    • IP only multi-account matches which can be removed with the CLI command xf-rebuild:sv-prune-ip-only-multi-account-matches
  • On login, the ASN (aka ISP) and country are captured and preserved into a more durable log than XF's IP table
  • Reduce number of queries hitting the ASN/Country geolocation providers by querying the local login/registration records with the minimum viable IP routing subnet
    • This is effectively a /24 for IPv4 and /48 for IPv6.
  • Add CLI xf-rebuild:sv-enrich-login-records command to trigger binding ASN/Country to login records.
    Strongly recommend setting up MaxMind over using paid API calls as this will generate a significant number of queries for ASN/Country values
  • Add MaxMind integration for geoip and asn resolving. This requires an API key.
  • MaxMind auto-update can be opt'ed out via disabling the "Update MaxMind databases" option, which describes which MaxMind databases are used
  • Add signup throttling - rate limit signups
    • Configurable window to apply throttling limits (ie X seconds/minutes/hours/etc)
    • Throttle by IP/ASN/Country, and if XenCentral/MultiSite is installed by site
    • Signup limits automatically based on daily registrations with min/max values, or a fixed value
  • New multiple account display page, under Users => Multiple accounts
    • Paginated list of recent users which have triggered multiple accounts
    • Displays users which have been linked together, and first/last time these have been detected
  • Fix "Banned emails must be unique. The specified banned email is already in use" occurring when banning the same email domain multiple times in the same approval run
  • Adjust various "ASN related phrases to be more consistent
  • Like
Reactions: VBX Co
  • Update link to team-cymru's ip to ASN mapping service
  • Fix spam-check for account details page would check non-editable custom fields and custom fields not on that page
  • Like
Reactions: VBX Co
Back
Top Bottom