Signup abuse detection and blocking

Signup abuse detection and blocking 1.16.7

No permission to buy ($45.00)
  • Fix some options where not fully phrased
  • Fix detection method "ip and cookie" would not work correctly when email link/api switch was detected
  • Spam-check custom fields, website and location when editing account details
    • This was done at signup but not when editing account details
  • Love
Reactions: leebo
  • Fix setting up tor detection configuration on new install
    • It was adding a "1" to the server field, which was causing a redundant DNS lookup which should fail
  • Update Tor scoring to support non-numeric scoring (ie explicit reject/moderate/add-to-group/none)
  • For new installs, enable "Show Detection Methods" option by default.
    • This option will likely be removed in future releases and always enabled
  • On install, only enable getipintel if the "Contact email address" option is a valid email address
  • Better handle when getipintel rate-limit is being applied to avoid server IP bans
The getipintel feature has a 500 queries per day limit on the free plan.

When using shared hosting, this include XenForo Cloud, you may receive the following error:
[SignupAbuseBlocking] Server appears banned from https://getipintel.net/, disabling getipintel option

If this happens, you can contact getipintel for information about a paid plan. Re-enabling the integration using the free plan may result in further (and longer lasting) IP bans from this service.
  • Require Standard Library by Xon v1.18.0+.
  • Fix "Allowed email domains" admincp page didn't assert a specific admin permission
  • Fix warning being logged when viewing Signup Abuse blocking options & Content Title history add-on is enabled
  • Detect multi-account usage for api-token logins (exposed via Frictionless Login 3rd party add-on)
  • Update default ASN block lists, this does not affect existing sites.
  • Ensure https://getipintel.com API integration is configured by default.
    • For existing installs; If this feature has been explicitly turned off, it will not be enabled.
  • Ensure various permissions are assigned to the stock admin group:
    • [SignupAbuse] Banning email domains
    • [SignupAbuse] Banning ASN
    • [SignupAbuse] Approving email domains
  • Add "Anti-Spam" navigation group under the user block in the admincp, with an updatable list of anti-spam related options.
  • Add new "Manage anti-spam" admin permission, automatically assigned to users with "options", which controls managing the above anti-spam options.
  • Add expiry & ban reason when banning users via batch user update
  • Add "Enable open port scan feature" option. This is default disabled, for sites using this feature it must be explicitly enabled
  • Fix detection of per-user email links being touched by the wrong user did not generate multi-account reports
  • Like
Reactions: VBX Co
  • Fix user approval queue entry was always had the last activity added even if the user couldn't view it
  • Like
Reactions: VBX Co
  • Require Standard Library by Xon v1.18.0+
  • Fix uninstaller leaving behind some cached data
  • Use php 7.2 typehinting in more locations
  • Add "Multi-account registration mode - specific permissions" option to trigger the "Multi-account registration mode - specific" action when the detected multi-account has been explicitly allowed/denied per-user permissions
  • Like
Reactions: VBX Co
  • Require Standard Library by Xon v1.17.0+
  • Uses standardized route building to avoid conflicts with other 3rd party add-ons
  • Add specific message in the thread view for why a user can't reply to a thread when the per-day limit has been reached
  • Require php 7.2+
  • Fix score-based option did not correctly show the hint/explain text in admincp
  • Move "Non-allowed email action" option into "Connection Profiling - Passive" group
  • Extend "Writing before registering" spam-checks to use add-on's scoring system, with defaults to moderate if the linked content is moderated or rejected (XF default)
  • Add "[SignupAbuse] Limit user to replies per day" per-forum user-froup permission
    • Limit a member (not guest!) to X replies/new-threads per-day (ie the last 24 hours)
    • 0 or -1 mean no limit
    • Does not apply to users with "Manage any thread" permission
  • Like
Reactions: VBX Co
Back
Top Bottom