Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.15.6

No permission to buy ($45.00)
Overview FAQ Updates (105) Reviews (21) History Discussion
WoodiE said:
Trying to upgrade from version 1.6.5 to 1.6.7 and getting an error " This add-on contains the following files which have unexpected contents: src/addons/SV/Utils/InstallerHelper.php."

View attachment 227053


Is this expected behavior and am okay to proceed or did I miss something?
Click to expand...
That file hasn't changes from 1.6.5 => 1.6.7, try re-uploading files?

The file hash is the same for both versions;
"src/addons/SV/Utils/InstallerHelper.php": "220f1e9f7f61f4580ca00ea22af7d749f13fb9bbda6c4672017b559d54989189",
 
WoodiE said:
" This add-on contains the following files which have unexpected contents: src/addons/SV/Utils/InstallerHelper.php."
Click to expand...
Can confirm. Happens for me with Alert Improvements, ConvEss, ConvImprovements, UserEssentials, Tickets and a variety of others

Xon said:
That file hasn't changes from 1.6.5 => 1.6.7, try re-uploading files?
Click to expand...
Update: Have re-uploaded Signup abuse and the errors for all the aforementioned add-ons are gone. However, now "User onboarding" by @NixFifty is off in regards of "Unexpected contents" in InstallHelper.php.

Update 2:
Left - Signup abuse
Right - User onboarding

1591433955864.png

Appears to be a leftover debugging statement for User Onboarding 1.0.3.
 
Last edited:
  • Like
Reactions: Xon
SeToY said:
Can confirm. Happens for me with Alert Improvements, ConvEss, ConvImprovements, UserEssentials, Tickets and a variety of others


Update: Have re-uploaded Signup abuse and the errors for all the aforementioned add-ons are gone. However, now "User onboarding" by @NixFifty is off in regards of "Unexpected contents" in InstallHelper.php.

Update 2:
Left - Signup abuse
Right - User onboarding

View attachment 227074

Appears to be a leftover debugging statement for User Onboarding 1.0.3.
Click to expand...
Thanks! I just pushed an update to resolve that. :oops:
 
  • Like
Reactions: Xon
SeToY said:
Update: Have re-uploaded Signup abuse and the errors for all the aforementioned add-ons are gone. However, now "User onboarding" by @NixFifty is off in regards of "Unexpected contents" in InstallHelper.php.
Click to expand...
Thanks for the info @SeToY as maybe this was my issue as well then as I went to upgrade Signup Abuse Detection and also install the newly purchased User onboarding from @NixFifty

After re-uploading the signup abuse files by @Xon again and the newly released 1.0.4 user onboarding files all seems good now.

Thanks guys!
 
Hello

updated to 1.6.7

shoukd I still be seeing this error?

  • XF\Db\DuplicateKeyException: MySQL query error [1062]: Duplicate entry '122-0' for key 'report'
  • src/XF/Db/AbstractStatement.php:228
  • Generated by: blueboy
  • Jun 6, 2020 at 5:18 PM
Stack trace
UPDATE xf_sv_multiple_account_report_data SET report_id = ?, active = ? WHERE report_data_id = 74
------------

#0 src/XF/Db/Mysqli/Statement.php(196): XF\Db\AbstractStatement->getException('MySQL query err...', 1062, '23000')
#1 src/XF/Db/Mysqli/Statement.php(78): XF\Db\Mysqli\Statement->getException('MySQL query err...', 1062, '23000')
#2 src/XF/Db/AbstractAdapter.php(94): XF\Db\Mysqli\Statement->execute()
#3 src/XF/Db/AbstractAdapter.php(327): XF\Db\AbstractAdapter->query('UPDATE `xf_sv_...', Array)
#4 src/XF/Mvc/Entity/Entity.php(1468): XF\Db\AbstractAdapter->update('xf_sv_multiple_...', Array, '`report_data_id...')
#5 src/XF/Mvc/Entity/Entity.php(1195): XF\Mvc\Entity\Entity->_saveToSource()
#6 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(226): XF\Mvc\Entity\Entity->save()
#7 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(59): SV\SignupAbuseBlocking\Repository\MultipleAccount->processMultipleAccountDetectionInternal(Object(SV\SignupAbuseBlocking\XF\Entity\User), Array, 'login')
#8 src/XF.php(479): SV\SignupAbuseBlocking\Repository\MultipleAccount->SV\SignupAbuseBlocking\Repository\{closure}()
#9 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(60): XF::asVisitor(Object(SV\SignupAbuseBlocking\XF\Entity\User), Object(Closure))
#10 src/addons/SV/SignupAbuseBlocking/XF/ControllerPlugin/Login.php(94): SV\SignupAbuseBlocking\Repository\MultipleAccount->processMultipleAccountDetection(Object(SV\SignupAbuseBlocking\XF\Entity\User), Array, 'login')
#11 src/XF/Pub/Controller/Login.php(117): SV\SignupAbuseBlocking\XF\ControllerPlugin\Login->completeLogin(Object(SV\SignupAbuseBlocking\XF\Entity\User), true)
#12 src/XF/Mvc/Dispatcher.php(350): XF\Pub\Controller\Login->actionLogin(Object(XF\Mvc\ParameterBag))
#13 src/XF/Mvc/Dispatcher.php(262): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'login', Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Login), NULL)
#14 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Login), NULL)
#15 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#16 src/XF/App.php(2190): XF\Mvc\Dispatcher->run()
#17 src/XF.php(391): XF\App->run()
#18 index.php(20): XF::runApp('XF\\Pub\\App')
#19 {main}
Request state
array(4) {
["url"] => string(12) "/login/login"
["referrer"] => string(32) "https://shooting-the-breeze.com/"
["_GET"] => array(0) {
}
["_POST"] => array(5) {
["login"] => string(7) "blueboy"
["password"] => string(8) "********"
["remember"] => string(1) "1"
["_xfRedirect"] => string(32) "https://shooting-the-breeze.com/"
["_xfToken"] => string(8) "********"
}
}
 
@Robf23 that is a race condition that isn't being handled properly (basically someone is logging in twice at exactly the same time). I'ld recommend setting "Login flood timer" to a value of 1 to 5 seconds or so to work-around this.

Plan to fix it in the next version which is currently held up with testing of some new features
 
Apility API is already used for IP and ASN resolving: https://apility.io/apidocs/
Apitity supports blacklisting of bad IPs, email, domains and ASN's. Hopefully Xon will find time to add this is a future release. It would have a significant effect on abusive registrations.

Edit: Apility was recently bought by Auth0, so I'm not sure if it will continue to be a good provider for this purpose.
 
Alfa1 said:
Edit: Apility was recently bought by Auth0, so I'm not sure if it will continue to be a good provider for this purpose.
Click to expand...

Yep that's the downside. Auth0 sound like they are going to EOL apility, or integrate it into an existing product.

I think things are getting a locked down as they can to be honest. One thing I noticed a while back is most creating legit accounts, laying dormant, then letting rip in the future.

Of course when your forum/site is region locked, that cuts down such instances by a HUGE amount :)
 
I have been dealing with a massive amount of DDOS and spam registrations all from VPN/TOR ASN and IP that are 99% blacklisted by the cleantalk blacklist. Apility has this blacklist included and a bunch of other useful blacklists. It would even be useful to block such users on cloudflare WAF level through cloudflare API. hint, hint @eva2000
 
@Alfa1 CloudFlare's web-firewall stuff can trigger of ASN (and geoip) which makes manually blacklisting bad ISPs fairly straightforward. You can just feed the one rule a list of ASNs too rather than a single rule per ASN/IP
 
Yes, I am using this by analyzing Ips used in attacks and then adding those to the blacklist. However, that is protection after the fact. If heavily abused ASN/IP are proactively blocked by default through WAF then that would be even better.
 
Alfa1 said:
I have been dealing with a massive amount of DDOS and spam registrations all from VPN/TOR ASN and IP that are 99% blacklisted by the cleantalk blacklist. Apility has this blacklist included and a bunch of other useful blacklists. It would even be useful to block such users on cloudflare WAF level through cloudflare API. hint, hint @eva2000
Click to expand...
tried utilising Cloudflare Firewall's threatscore in your rules How can I use the Threat Score effectively? ?
 
The scripts folder isn't required in most cases, as it is a simple port-scanner script to allow you to run on a bastion server instead of your webserver (ie so it can be DDoS'ed and not the webserver itself. This isn't needed if you are not using the port scan feature
 
BMajumdar said:
@Xon May be I'm missing some configuration tactics, but I'd like to know how to block vpn / proxy usage completely ?
Click to expand...
From the FAQ;
This is not a turn-key solution for blocking spam, but rather a toolkit.
  • On banning a spammer, it is recommended to check the "User Registration Record" for that user and check the signup IP to see if it is associated with an ISP which provides VPN, hosting, or proxy services but not residential services
    If so, you may wish to consider adding that ISP to be grey listed (ie auto-moderate) or blacklisted (auto-reject).
Click to expand...
This add-on is more of a tool-kit to incrementally block vpn/proxy usage. I'ld recommend ensuring the getipintel feature is enabled and configured (add an valid email address & enable it), this will help building ISP block lists.
 
@Xon

any idea why i keep getting this error when a multi is detected?

x7dvJi.png


Code: 
array(4) {
  ["url"] => string(19) "/forum/reports/414/"
  ["referrer"] => string(42) "website.com/forum/reports/414/"
  ["_GET"] => array(1) {
    ["/forum/reports/414/"] => string(0) ""
  }
  ["_POST"] => array(0) {
  }
}
 
You must log in or register to reply here.
Top Bottom