Signup abuse detection and blocking [Paid] 1.16.11

[ivp]

Is there a way to block disposable email providers?

 

[SeToY]

Not yet, but it has been suggested: https://xenforo.com/community/threa...and-blocking-paid.156501/page-13#post-1427885

 

[Alpha1]

Is there a way to block disposable email providers?

I would love an API check as well, but another method is upcoming. @Xon is implementing a number of features from my Registration Essentials for XF1 addon into Signup Abuse Detection. This will give you control over which email domains you allow, ban or moderate.

 

[Xon]

@Xon

any idea why i keep getting this error when a multi is detected?

array(4) {
  ["url"] => string(19) "/forum/reports/414/"
  ["referrer"] => string(42) "website.com/forum/reports/414/"
  ["_GET"] => array(1) {
    ["/forum/reports/414/"] => string(0) ""
  }
  ["_POST"] => array(0) {
  }
}

I need a stack trace of one of those errors to actually see what is being done.

I would love an API check as well, but another method is upcoming. @Xon is implementing a number of features from my Registration Essentials for XF1 addon into Signup Abuse Detection. This will give you control over which email domains you allow, ban or moderate.

Plan is to release the email domain handling bits on Monday

 

[RallyFan]

Plan is to release the email domain handling bits on Monday

Nice!!!!

 

[Deleted member 91401]

I need a stack trace of one of those errors to actually see what is being done.


Plan is to release the email domain handling bits on Monday

How do I get you a stack trace?

 

[Deleted member 91401]

@Xon I've got a stack trace for you

[HEADING=2]Stack trace[/HEADING]
#0 src/XF/Mvc/Entity/Entity.php(548): XF\Mvc\Entity\Entity->set('xfa_cui_params', Array)
#1 src/addons/XFA/CustomUsernameIcons/XF/Template/Templater.php(45): XF\Mvc\Entity\Entity->__set('xfa_cui_params', Array)
#2 [internal function]: XFA\CustomUsernameIcons\XF\Template\Templater->fnUsernameLink(Object(XFA\CustomUsernameIcons\XF\Template\Templater), false, Object(SV\SignupAbuseBlocking\XF\Entity\User), false, Array)
#3 src/XF/Template/Templater.php(936): call_user_func_array(Array, Array)
#4 internal_data/code_cache/templates/l1/s41/public/sv_multiple_account_macros.php(42): XF\Template\Templater->func('username_link', Array, false)
#5 src/XF/Template/Templater.php(701): XF\Template\Templater->{closure}(Object(XFA\CustomUsernameIcons\XF\Template\Templater), Array, Array)
#6 src/XF/Template/Templater.php(779): XF\Template\Templater->callMacro('sv_multiple_acc...', 'renderHtml', Array, Array)
#7 src/addons/SV/SignupAbuseBlocking/BbCode/MultiAccountBlock.php(98): XF\Template\Templater->renderMacro('public:sv_multi...', 'renderHtml', Array)
#8 [internal function]: SV\SignupAbuseBlocking\BbCode\MultiAccountBlock->renderTagMultiAccountBlock(Array, NULL, Array, Array, Object(MMO\TaggedUsers\XF\BbCode\Renderer\Html))
#9 src/XF/BbCode/Renderer/Html.php(295): call_user_func(Array, Array, NULL, Array, Array, Object(MMO\TaggedUsers\XF\BbCode\Renderer\Html))
#10 src/XF/BbCode/Traverser.php(61): XF\BbCode\Renderer\Html->renderTag(Array, Array)
#11 src/XF/BbCode/Traverser.php(37): XF\BbCode\Traverser->renderSubTree(Array, Array)
#12 src/XF/BbCode/Traverser.php(20): XF\BbCode\Traverser->renderAst(Array, Object(SV\SignupAbuseBlocking\XF\BbCode\RuleSet), Array)
#13 src/XF/SubContainer/BbCode.php(219): XF\BbCode\Traverser->render('[multi_account_...', Object(XF\BbCode\Parser), Object(SV\SignupAbuseBlocking\XF\BbCode\RuleSet), Array)
#14 src/XF/Template/Templater.php(2035): XF\SubContainer\BbCode->render('[multi_account_...', 'html', 'conversation_me...', Object(SV\ConversationImprovements\XF\Entity\ConversationMessage), Array)
#15 [internal function]: XF\Template\Templater->fnBbCode(Object(XFA\CustomUsernameIcons\XF\Template\Templater), false, '[multi_account_...', 'conversation_me...', Object(SV\ConversationImprovements\XF\Entity\ConversationMessage))
#16 src/XF/Template/Templater.php(936): call_user_func_array(Array, Array)
#17 internal_data/code_cache/templates/l1/s41/public/conversation_message_macros.php(79): XF\Template\Templater->func('bb_code', Array, false)
#18 src/XF/Template/Templater.php(701): XF\Template\Templater->{closure}(Object(XFA\CustomUsernameIcons\XF\Template\Templater), Array, Array)
#19 internal_data/code_cache/templates/l1/s41/public/conversation_view.php(238): XF\Template\Templater->callMacro('conversation_me...', 'message', Array, Array)
#20 src/XF/Template/Templater.php(1315): XF\Template\Templater->{closure}(Object(XFA\CustomUsernameIcons\XF\Template\Templater), Array)
#21 src/XF/Template/Template.php(24): XF\Template\Templater->renderTemplate('conversation_vi...', Array)
#22 src/XF/Mvc/Renderer/Html.php(48): XF\Template\Template->render()
#23 src/XF/Mvc/Dispatcher.php(458): XF\Mvc\Renderer\Html->renderView('XF:Conversation...', 'public:conversa...', Array)
#24 src/XF/Mvc/Dispatcher.php(440): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Html), Object(XF\Mvc\Reply\View))
#25 src/XF/Mvc/Dispatcher.php(400): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Html), Object(XF\Mvc\Reply\View))
#26 src/XF/Mvc/Dispatcher.php(58): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'html')
#27 src/XF/App.php(2184): XF\Mvc\Dispatcher->run()
#28 src/XF.php(391): XF\App->run()
#29 index.php(20): XF::runApp('XF\\Pub\\App')
#30 {main}

 

[Xon]

@Xon I've got a stack trace for you

[HEADING=2]Stack trace[/HEADING]
#0 src/XF/Mvc/Entity/Entity.php(548): XF\Mvc\Entity\Entity->set('xfa_cui_params', Array)
#1 src/addons/XFA/CustomUsernameIcons/XF/Template/Templater.php(45): XF\Mvc\Entity\Entity->__set('xfa_cui_params', Array)
#2 [internal function]: XFA\CustomUsernameIcons\XF\Template\Templater->fnUsernameLink(Object(XFA\CustomUsernameIcons\XF\Template\Templater), false, Object(SV\SignupAbuseBlocking\XF\Entity\User), false, Array)
#3 src/XF/Template/Templater.php(936): call_user_func_array(Array, Array)
#4 internal_data/code_cache/templates/l1/s41/public/sv_multiple_account_macros.php(42): XF\Template\Templater->func('username_link', Array, false)
#5 src/XF/Template/Templater.php(701): XF\Template\Templater->{closure}(Object(XFA\CustomUsernameIcons\XF\Template\Templater), Array, Array)
#6 src/XF/Template/Templater.php(779): XF\Template\Templater->callMacro('sv_multiple_acc...', 'renderHtml', Array, Array)
#7 src/addons/SV/SignupAbuseBlocking/BbCode/MultiAccountBlock.php(98): XF\Template\Templater->renderMacro('public:sv_multi...', 'renderHtml', Array)
#8 [internal function]: SV\SignupAbuseBlocking\BbCode\MultiAccountBlock->renderTagMultiAccountBlock(Array, NULL, Array, Array, Object(MMO\TaggedUsers\XF\BbCode\Renderer\Html))
#9 src/XF/BbCode/Renderer/Html.php(295): call_user_func(Array, Array, NULL, Array, Array, Object(MMO\TaggedUsers\XF\BbCode\Renderer\Html))
#10 src/XF/BbCode/Traverser.php(61): XF\BbCode\Renderer\Html->renderTag(Array, Array)
#11 src/XF/BbCode/Traverser.php(37): XF\BbCode\Traverser->renderSubTree(Array, Array)
#12 src/XF/BbCode/Traverser.php(20): XF\BbCode\Traverser->renderAst(Array, Object(SV\SignupAbuseBlocking\XF\BbCode\RuleSet), Array)
#13 src/XF/SubContainer/BbCode.php(219): XF\BbCode\Traverser->render('[multi_account_...', Object(XF\BbCode\Parser), Object(SV\SignupAbuseBlocking\XF\BbCode\RuleSet), Array)
#14 src/XF/Template/Templater.php(2035): XF\SubContainer\BbCode->render('[multi_account_...', 'html', 'conversation_me...', Object(SV\ConversationImprovements\XF\Entity\ConversationMessage), Array)
#15 [internal function]: XF\Template\Templater->fnBbCode(Object(XFA\CustomUsernameIcons\XF\Template\Templater), false, '[multi_account_...', 'conversation_me...', Object(SV\ConversationImprovements\XF\Entity\ConversationMessage))
#16 src/XF/Template/Templater.php(936): call_user_func_array(Array, Array)
#17 internal_data/code_cache/templates/l1/s41/public/conversation_message_macros.php(79): XF\Template\Templater->func('bb_code', Array, false)
#18 src/XF/Template/Templater.php(701): XF\Template\Templater->{closure}(Object(XFA\CustomUsernameIcons\XF\Template\Templater), Array, Array)
#19 internal_data/code_cache/templates/l1/s41/public/conversation_view.php(238): XF\Template\Templater->callMacro('conversation_me...', 'message', Array, Array)
#20 src/XF/Template/Templater.php(1315): XF\Template\Templater->{closure}(Object(XFA\CustomUsernameIcons\XF\Template\Templater), Array)
#21 src/XF/Template/Template.php(24): XF\Template\Templater->renderTemplate('conversation_vi...', Array)
#22 src/XF/Mvc/Renderer/Html.php(48): XF\Template\Template->render()
#23 src/XF/Mvc/Dispatcher.php(458): XF\Mvc\Renderer\Html->renderView('XF:Conversation...', 'public:conversa...', Array)
#24 src/XF/Mvc/Dispatcher.php(440): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Html), Object(XF\Mvc\Reply\View))
#25 src/XF/Mvc/Dispatcher.php(400): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Html), Object(XF\Mvc\Reply\View))
#26 src/XF/Mvc/Dispatcher.php(58): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'html')
#27 src/XF/App.php(2184): XF\Mvc\Dispatcher->run()
#28 src/XF.php(391): XF\App->run()
#29 index.php(20): XF::runApp('XF\\Pub\\App')
#30 {main}

This is likely a compatibility issue with XFA/CustomUsernameIcons with another add-on, not this add-on.

Signup Abuse Detection & Blocking add-on doesn't mark the user entity as read-only, and very few of my add-ons do.

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.7.0 - Feature update

Fixes:

• Fix "Duplicate entry 'xx-0' for key 'report'" when a race condition occurs and the record is saved but not reported
• Only delete "User registration log" entry for a deleted user if "Full delete for GDPR" option is set

New features:

• Rework "ignore for future events" option to actively exclude that set of users detected with those detection details rather than passively being ignored
• Run Xenforo's spam checker over user profile fields and custom fields...

Read the rest of this update entry...

 

[ivp]

• "Email domain moderation" ie require explicit approval by domain and moderate unknown email domains
  • Add option "Non-allowed email action" (default none)
  • New permission; "[SignupAbuse] Allow approving email domains" (default not granted)
  • Import/export as CSV or XML
• Allow banning an email domain from the approval queue
  • New permission; "[SignupAbuse] Allow banning email domains" (default not granted)

@Xon can you please explain what is the recommended use of new email options?

Once the new email domain is approved, will it be stored in some database, so it won't be necessary to approve it again? Will it behave the same when banning email domains?

 

[Alpha1]

The new version has the following benefits:

1. You can set it to moderate/reject accounts that have links or keywords in user profile fields. You can set the links & keywords for this. Its especially useful if you make soem fields mandatory at registration or as a replacement for Q&A.
2. You can set it to ask the homepage on registration.
3. You can set it to moderate if the homepage field is filled in. You can also ignore common URLs like google.com etc.
4. You can whitelist email domains. If an account is created with an unknown domain, then the account will be moderated. From the moderation queue you can do a search for the email domain. You can whitelist or blacklist new email domains from within the user moderation queue.
5. You can also import a list of allowed email domains.
6. You can reject/moderate registrations coming from a specific ISP ASN.

The first 5 functions were ported from my Registration Essentials addon for XF1. I have used these functions for a decade on my big board and these are a life saver. I strongly suggest to try these out. Together with the mass of features that this addon already had, it gives you very advanced control over who you allow to register on your community.

 

[Xon]

@Xon can you please explain what is the recommended use of new email options?

By default, this feature isn't active. And the recommended use is to only use them if you require a manual white-list of domains or want to have a known-ok/approved list.

Once the new email domain is approved, will it be stored in some database, so it won't be necessary to approve it again? Will it behave the same when banning email domains?

Correct. If you approve an email domain it is stored in an approved email domain list. This then shows up as an 'known email domain' vs 'unknown email domain' in the spam trigger details during signup

 

[ivp]

Thanks for the explanation. Is there a screenshot showing how email domain (dis)approval works?

 

[JasonBrody]

@Xon I couldn't find option where I could whitelist a email domain (ex: I'd like member's only to register via gmail.com, no other email domains are eligible for registration) .

 

[Alpha1]

@Xon I couldn't find option where I could whitelist a email domain (ex: I'd like member's only to register via gmail.com, no other email domains are eligible for registration) .

/admin.php?banning/allowed-email-domains
Or Acp → Users → User Discipline → Allowed Email Domains

 

[ivp]

Is there some additional button or option in the front end for (dis)approving email domains?

How do "[SignupAbuse] Approving email domains" and "[SignupAbuse] Banning email domains" permissions work?

 

[nocte]

By default, this feature isn't active.

That's not right for my installation. How can this be turned off?

 

[Xon]

Is there some additional button or option in the front end for (dis)approving email domains?

How do "[SignupAbuse] Approving email domains" and "[SignupAbuse] Banning email domains" permissions work?

You give them to a user(group), and they can add email domains and ban email domains from the approval queue without needing to log into the admincp

That's not right for my installation. How can this be turned off?

Apologies, what I mean is the feature doesn't do anything but does report the extracted email domain.

 

[Stuart Wright]

@Xon would it be possible to always link referenced users in the moderation queue to their account?
E.g.

• Shared IP with banned users (tabby65)
• Multiple account johnc519 is banned.

Would be great to be able to click from their name to their account and open it in a new window. Or modal if that's doable and better.

 

[Xon]

I can look into that now that I've rewritten how the user registration record, I'll see if I can inject the extra information.