Signup abuse detection and blocking

Signup abuse detection and blocking 1.16.8

No permission to buy ($45.00)
  • Require php 7.2+
  • Fix score-based option did not correctly show the hint/explain text in admincp
  • Move "Non-allowed email action" option into "Connection Profiling - Passive" group
  • Extend "Writing before registering" spam-checks to use add-on's scoring system, with defaults to moderate if the linked content is moderated or rejected (XF default)
  • Add "[SignupAbuse] Limit user to replies per day" per-forum user-froup permission
    • Limit a member (not guest!) to X replies/new-threads per-day (ie the last 24 hours)
    • 0 or -1 mean no limit
    • Does not apply to users with "Manage any thread" permission
  • Like
Reactions: VBX Co
  • Fix "accept/moderate/reject/addToGroup" as score values where not phrased
  • Fix link checker could missing some URLs.
    • Raw IPv6 and international domains (aka punnycode encoded) where not reliably detected
  • Fix XFMG media item description did not reliably trigger the link checker
  • Improve compatibility with 3rd party add-ons which implement a search handler but not the entity handler for the backing type
  • Require Xenforo 2.2+
  • Add support for NixFifty's Tickets v2.5.0 approving/rejecting users from tickets
  • Fix "[E_WARNING] Undefined array key" in language matching.
  • Fix unknown langauges wouldn't always be explicitly marked as such.
  • Add "Only score unknown language once" option (default true). Makes the "Country language - Unknown" setting more consistant to use.
  • Reduce false positives from country/language matching.
    • Remove various 0|countryCode-language-countryCode entires from the "Country language" option as these are no longer required.
  • Update options "Country timezone - Unknown" and "Country language - Unknown"
    • Update defaults to more sensible values
    • Change options "Country timezone - Unknown" and "Country language - Unknown" from "moderate" to "none" scoring due to v1.11.1 having bad defaults.
    • Explicitly report unknown language/timezone rather than giving it a score (or not)
  • Fix php 8.1 compatibility bug on user registration when multi-account detection triggers
  • Fix php 8.1 compatibility bug in non-cloudflare TOR detection
  • Fix a too long reject reason from the approval queue would be truncated instead of allowing to error
  • Fix GeoIP country from the ASN lookup when no other GeoIP provider is configured
  • Fix error viewing multi-account logs for a user which had a linked account that was fully-deleted instead of disabled
  • Add rules trigger scoring based on browser language, with initial defaults based on official langauges per country
  • Add rules trigger scoring based on browser timezone, with initial defaults based on XF supported timezones per country
  • Add defaults for permissions;
    • [SignupAbuse] Banning ASN
    • [SignupAbuse] Approving email domains
    • [SignupAbuse] Banning email domains
  • Add content spam checker to verify various signup details match the what is used for the content:
    • "Asn content spam check action" (Default: Allowed)
    • "GeoIp content spam check action" (Default: Moderated)
    • "Language content spam check action" (Default: Allowed)
    • "Timezone content spam check action" (Default: Allowed)
  • On signup, log required on signup fields (website/location/date-of-birth) into user change log
  • Add option "Show date of birth in approval queue" option, default false. If true, the date of birth fields are rendered as a single field instead of 3 fields.
  • Detect cases where User B uses User A's email/password reset links as a multi-account.
  • When multi-account report creator validation fails, log an error to help diagnose why
  • Fix handling DuplicateKeyException when detecting multiple accounts
  • When preventing internal errors in this add-on from blocking login:
    • Catch Throwable (php7+) which is broader than Exception
    • Rethrow exceptions when development is enabled, not when debug mode is enabled.
Back
Top Bottom