Signup abuse detection and blocking

Signup abuse detection and blocking 1.16.11

No permission to buy ($45.00)
  • php 8.4+ compatibility
  • XF2.3 compatibility
  • Rename permission "View reportings" to "View multiple account reports"
  • Fix csv import/export of allowed email domains didn't work
  • Fix viewing anti-spam options page did not highlight the anti-spam options sidebar as active
  • Fix shared email link detection did not also check for shared IP usage between the affected users
  • Fix multi-account detection would fail to log events if "Multi-account report user" was invalid
  • Fix missing return value for XF\Spam\ContentChecker::logSpamTrigger
  • Fix error when viewing multi-accounts referencing deleted users
  • Fix url canonization for connected account registration would result in broken redirect
  • Ensure "Multi-account report user" has a valid user set if non is set by selecting the 1st valid user on the forum on install/upgrade/rebuild
  • Remove "accept & report" feature as it is completely broken
  • Remove "Notify front-end on multiple account registration" option
  • Remove The "Detection method matching mode" option (ip/ip&cookie/cookie) as it was a foot-gun
    • IP matches are a low quality signal that needs a strong signal before multi-account detection triggers
    • IP only multi-account matches which can be removed with the CLI command xf-rebuild:sv-prune-ip-only-multi-account-matches
  • On login, the ASN (aka ISP) and country are captured and preserved into a more durable log than XF's IP table
  • Reduce number of queries hitting the ASN/Country geolocation providers by querying the local login/registration records with the minimum viable IP routing subnet
    • This is effectively a /24 for IPv4 and /48 for IPv6.
  • Add CLI xf-rebuild:sv-enrich-login-records command to trigger binding ASN/Country to login records.
    Strongly recommend setting up MaxMind over using paid API calls as this will generate a significant number of queries for ASN/Country values
  • Add MaxMind integration for geoip and asn resolving. This requires an API key.
  • MaxMind auto-update can be opt'ed out via disabling the "Update MaxMind databases" option, which describes which MaxMind databases are used
  • Add signup throttling - rate limit signups
    • Configurable window to apply throttling limits (ie X seconds/minutes/hours/etc)
    • Throttle by IP/ASN/Country, and if XenCentral/MultiSite is installed by site
    • Signup limits automatically based on daily registrations with min/max values, or a fixed value
  • New multiple account display page, under Users => Multiple accounts
    • Paginated list of recent users which have triggered multiple accounts
    • Displays users which have been linked together, and first/last time these have been detected
  • Fix "Banned emails must be unique. The specified banned email is already in use" occurring when banning the same email domain multiple times in the same approval run
  • Adjust various "ASN related phrases to be more consistent
  • Like
Reactions: VBX Co
  • Update link to team-cymru's ip to ASN mapping service
  • Fix spam-check for account details page would check non-editable custom fields and custom fields not on that page
  • Like
Reactions: VBX Co
  • Fix error blocking a user editing their account details when spam checking was required, and a custom field had been set on their profile and then the custom field was deleted.
  • Like
Reactions: VBX Co
  • Fix some options where not fully phrased
  • Fix detection method "ip and cookie" would not work correctly when email link/api switch was detected
  • Spam-check custom fields, website and location when editing account details
    • This was done at signup but not when editing account details
  • Love
Reactions: leebo
  • Fix setting up tor detection configuration on new install
    • It was adding a "1" to the server field, which was causing a redundant DNS lookup which should fail
  • Update Tor scoring to support non-numeric scoring (ie explicit reject/moderate/add-to-group/none)
  • For new installs, enable "Show Detection Methods" option by default.
    • This option will likely be removed in future releases and always enabled
  • On install, only enable getipintel if the "Contact email address" option is a valid email address
  • Better handle when getipintel rate-limit is being applied to avoid server IP bans
The getipintel feature has a 500 queries per day limit on the free plan.

When using shared hosting, this include XenForo Cloud, you may receive the following error:
[SignupAbuseBlocking] Server appears banned from https://getipintel.net/, disabling getipintel option

If this happens, you can contact getipintel for information about a paid plan. Re-enabling the integration using the free plan may result in further (and longer lasting) IP bans from this service.
  • Require Standard Library by Xon v1.18.0+.
  • Fix "Allowed email domains" admincp page didn't assert a specific admin permission
  • Fix warning being logged when viewing Signup Abuse blocking options & Content Title history add-on is enabled
  • Detect multi-account usage for api-token logins (exposed via Frictionless Login 3rd party add-on)
  • Update default ASN block lists, this does not affect existing sites.
  • Ensure https://getipintel.com API integration is configured by default.
    • For existing installs; If this feature has been explicitly turned off, it will not be enabled.
  • Ensure various permissions are assigned to the stock admin group:
    • [SignupAbuse] Banning email domains
    • [SignupAbuse] Banning ASN
    • [SignupAbuse] Approving email domains
  • Add "Anti-Spam" navigation group under the user block in the admincp, with an updatable list of anti-spam related options.
  • Add new "Manage anti-spam" admin permission, automatically assigned to users with "options", which controls managing the above anti-spam options.
  • Add expiry & ban reason when banning users via batch user update
  • Add "Enable open port scan feature" option. This is default disabled, for sites using this feature it must be explicitly enabled
  • Fix detection of per-user email links being touched by the wrong user did not generate multi-account reports
  • Like
Reactions: VBX Co
Back
Top Bottom