Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.6.1

No permission to buy ($45.00)

Xon

Well-known member
Yes, there is a shared ip with a time limit detection option. It only is checked on login/registration tho
 

Xon

Well-known member
At the moment it just checks to see if anyone else has used that IP in the given timeframe. without a 'new registration' threhold bit.
 

Mr. Jinx

Well-known member
Something weird happens when translating some phrases.
For example this phrase: option.svSignupOpenPortBlockingRule
Once translated, it appears as an 'outdate phrase'.

This seems to be related to this problem?
 

Xon

Well-known member
Is it possible to block registrations from certain IPs? Not to block all traffic, but registrations only.
You can use the "banned IP" feature that XF for that. This add-on works with "ASN" or "autonomous system number" which instead targets the entire ISP instead of individual IP ranges, which is much more flexible.

Something weird happens when translating some phrases.
For example this phrase: option.svSignupOpenPortBlockingRule
Once translated, it appears as an 'outdate phrase'.

This seems to be related to this problem?
Yeah looks like it is hitting the XF bug for this;
Code:
<phrase title="option.svSignupOpenPortBlockingRule" version_id="2000002" version_string="2.0.0"><![CDATA[Open TCP port scan]]></phrase>
Next release I'll clamp the version the the current version in my environment so this stops happening.

So that doesn't seem to work as intended. Here's what I'm seeing in the logs:

  • -3. Country matched: US
  • +1. AS matched: ASN21928, AS19271 Peak 10
  • Hostname detected: xx.xx.xx.xx
  • +2. Javascript disabled
  • Total score: 0
I have in the options:
+3|*
-3|US

The * rule is never taken into consideration.
Fixed for the next version, country wildcards weren't supported
 

Xon

Well-known member
You can use discourage IP to block signups. I strongly recommend you disable the various punishment options for discourage as most of them make your site look flaky and the delay option can impact performance for other users.
 

Revenact

Member
Hi, I want to ask a few questions before buying
1. Is it possible to make it only report suspected accounts to admins without actually blocking people from signing up?
2. For an existing forum, is it possible to scan the entire forum for suspicious users?
 

Xon

Well-known member
1. yes, you just need to configure it to not block detected multiple accounts.
2> no, the add-on only triggers on login or registration due to how it works.
 

WoodiE

Well-known member
@Xon I'm using another add-on to manage spammers from registering that's been working nicely, however what I'd most like to have and use this signup abuse add-on to detect users with multiple accounts or banned users trying to create new accounts.

What is the best settings to achieve this using this addon?
 

Xon

Well-known member
For the most part; default settings will work. Most of the value is restricting VPNs from working on signup making it more likely they'll make mistakes switching accounts.

Next major version will have an "Add to group" option which can be handy
 

Movie Prop Sites

Active member
@Xon,

We are having an issue with regard to Multi-User Login notifications. We click "Ignore for Future Events" for both members who are dinged as multi-account and yet every time those users login (we have two test users we are trying this out on), we get another notification post. Am I misunderstanding what the "Ignore for Future Events" button does? I would assume once that is clicked we would get no more notifications for those two users but we do.
 

anon666

Member
Can you give me an example to block the registrations of new users made from the browser opera with vpn activated?
And also to prevent messages from being sent from that vpn of the browser opera. Thank you
 

Xon

Well-known member
Can you give me an example to block the registrations of new users made from the browser opera with vpn activated?
The AS rule;
Code:
reject|39832
or the hostname rule;
Code:
reject|*.opera-mini.net
And also to prevent messages from being sent from that vpn of the browser opera. Thank you
This isn't supported
 

Xon

Well-known member
Xon updated Signup abuse detection and blocking with a new update entry:

1.6.0 - Feature update

  • Fix port scanning error when some socket functions are unexpectedly disabled but others are not
  • Fix race condition between user being deleted and the approval queue entry being removed
  • Enable wildcard support in geoip block country matching rules
  • Improve text rules descriptions
  • Implement "Add to group" if the score is above some threshold, or if directly triggered. Use "addToGroup" in text rules. Can be applied even if moderation/rejection rules are applied
  • Implement...
Read the rest of this update entry...
 

Tai Coromandel

Active member
I've been using the GetIPIntel integration and add to group features for the last couple of weeks now. GetIPIntel does a really great job at helping not only combat spam, but detecting folks who are trying to circumnavigate bans to troll using VPNs/Proxies etc. Check it out here: http://getipintel.net/

Seriously, in combination with all the other factors in this addon, it makes it very hard to avoid a ban.
 
  • Like
Reactions: Xon

SeToY

Well-known member
It appears as GetIPIntel has a problem with users registering via Google connected accounts?

Code:
Checking: USERNAME, USERNAME@gmail.com, 128.90.165.250
Country detected: LU
ASN22363, Powerhouse Management, Inc.
Hostname detected: undefined.hostname.localhost
+2. Javascript disabled
+4. IP threat score: 1
Code:
 ["url"] => string(44) "/register/connected-accounts/google/register"
  ["referrer"] => string(72) "https://domain.com/register/connected-accounts/google/"
 
Top