Signup abuse detection and blocking

Signup abuse detection and blocking 1.14.0

No permission to buy ($45.00)
  • Like
Reactions: Sunka
  • Update installer to not wipe the "Link Spam checker" URL options. Retrieving this information can be done via using SQL to find the last update and manually extract it from the relevent json;
    select * 
    from xf_admin_log 
    where request_data like '%svLinkSpamCheckerBlackList%'
    order by 1 desc limit 1;
  • Like
Reactions: Sunka
  • Fix "Duplicate entry 'xx-0' for key 'report'" when a race condition occurs and the record is saved but not reported
  • Only delete "User registration log" entry for a deleted user if "Full delete for GDPR" option is set

New features:
  • Rework "ignore for future events" option to actively exclude that set of users detected with those detection details rather than passively being ignored
  • Run Xenforo's spam checker over user profile fields and custom fields on signup
  • Add option "Registration spam phrases" (default empty)
  • Add option "Link Spam checker: Registration default action" (default moderate)
  • Add option "Request Website on signup" (default disabled)
  • "Email domain moderation" ie require explicit approval by domain and moderate unknown email domains
    • Add option "Non-allowed email action" (default none)
    • New permission; "[SignupAbuse] Allow approving email domains" (default not granted)
    • Import/export as CSV or XML
  • Allow banning an email domain from the approval queue
    • New permission; "[SignupAbuse] Allow banning email domains" (default not granted)
  • Allow banning an ISP/ASN from the approval queue
    • New permission; "[SignupAbuse] Allow banning ASN" (default not granted)
  • Work-around for a user approval design flaw in XenForo where a user may not have yet had their email confirmed.

    When manual approval is configured, there are two flows which result in the use user ending in the approval queue;
    • register => spam checker says moderate => approval queue. No email confirmation.
    • register => email confirm => approval queue. Has email confirm.
    The only hint on which flow has triggered is the user registration record has a non-approved status.
    The "Require email confirmation (always notifies)" feature is now flagged enabled if it detects the user's email likely has not been confirmed and avoids the email_confirm => moderated => email_confirm loop that could potentially happen
  • Fix that disabling "Use RIPE HTTP API for ASN lookup" didn't actually work which could cause unexpected slow downs
  • Like
Reactions: Sunka and RallyFan
  • Fix phrase reporting when a report was re-opened due to an unknown multi-account​
  • Like
Reactions: Sunka
  • Fix filter suppressing previously seen multi-account pairs re-opening a resolved report was checking the wrong id
  • Add option to log reason for why a report is bumped (default enabled)
  • Like
Reactions: Joe Link and Sunka
  • Be explicit about legacy detection events (ie log a detection method of 'legacy'). Not a retroactive change
  • Order per-account multi-account list by most recent event first
  • Improve robustness of 'Permit Duplicate Report' to not suppress reporting of new multi-account pairs
  • Improve onboarding process by hooking XF's periodic 'keep-alive' beacons, and checking that the tracking cookie is set
  • Improve reliability of tracking multiple accounts in some cases
  • Fix "Add to group"/"Reject" direct rules not working for multi-account actioning on registration
  • Fix "Do not save users rejected on signup" option with XF2.1.6+
  • Like
Reactions: Sunka
  • Fix that the email bb-code was not being checked for url domain filtering
  • Like
Reactions: Sunka
  • Fix "add to group" option being considered a custom option
  • Fix multiple account filtering in admincp's user edit page
  • Like
Reactions: Sunka
Top Bottom