Signup abuse detection and blocking [Paid] 1.13.4

[ivp]

@Xon can you please implement https://xenforo.com/community/threads/signup-abuse-detection-and-blocking-paid.156501/post-1477157

Also when seeing Honeypot report, it could link to their website https://www.projecthoneypot.org/ip_AAA.BBB.CCC.DDD for more information about affected IP address.

 

[Rhodium]

I have this error under PHP 8.0 when entering in /admin.php?trophies:

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.8.8 - Bugfix update

• Fix 'attempt to read property "group_id" on null' error on viewing trophies

Read the rest of this update entry...

 

[JoyFreak]

Just upgraded and now have 3 people saying they can't sign-up. I'm also getting errors in my error log. I've attached the error over at your site. Please take a look. Thanks

 

[SeToY]

Can confirm.

ParseError: syntax error, unexpected '$query' (T_VARIABLE) src\addons\SV\SignupAbuseBlocking\Spam\Checker\Asn\Cymru.php:61

 

[Anomandaris]

The latest update (1.8.8.1 on XF2.1) is broken, no one is able to register.

Error: Class name must be a valid object or a string
src/addons/SV/SignupAbuseBlocking/Spam/Checker/EmailDomain.php:36

I fixed this by reverting this change on line 38 of EmailDomain.php:



Replace this:

$duringRegistration = Globals::$duringRegistration :: false;
if (!$email || !$duringRegistration)

with:

if (!$email || !Globals::$duringRegistration)

 

[JoyFreak]

The latest update (1.8.8.1 on XF2.1) is broken, no one is able to register.

Error: Class name must be a valid object or a string
src/addons/SV/SignupAbuseBlocking/Spam/Checker/EmailDomain.php:36

I fixed this by reverting this change on line 38 of EmailDomain.php:
View attachment 243167


Replace this:

$duringRegistration = Globals::$duringRegistration :: false;
if (!$email || !$duringRegistration)

with:

if (!$email || !Globals::$duringRegistration)

Confirmed.

 

[Xon]

Apologies for the last few buggy releases.

That line should be;

$duringRegistration = Globals::$duringRegistration ?? false;

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.8.9 - Bugfix update

• Fix error when doing email pattern check on registration

Read the rest of this update entry...

 

[Ivancas]

I've enabled the option to detect VPN but I'm getting this error when I attempt to register using a vpn:

Your registration has been rejected as it resembles spam-like or automated behaviour.

Is this the error users should see if they are rejected because they are using a VPN?

 

[JoyFreak]

I've enabled the option to detect VPN but I'm getting this error when I attempt to register using a vpn:

Is this the error users should see if they are rejected because they are using a VPN?

Correct.

 

[Faust]

Does this addon prevent spammers to signup ?

 

[JoyFreak]

Does this addon prevent spammers to signup ?

Yes.

 

[Faust]

Yes.

I believe automatically, without needing manual removal.

 

[JoyFreak]

I believe automatically, without needing manual removal.

You can control all that via the settings offered.

 

[Faust]

Also this addon is GDPR compliant?

 

[Xon]

This add-on is a tool-kit for preventing most spam, and while the defaults are decent this add-on is not set-and-forget.

There is an option to remove all information this add-on tracks for a user when their account is deleted, but that doesn't prevent the add-on from tracking and rediscovering additional accounts.

Also define "GDPR compliant". It is perfectly acceptable to retain tracking and identifying information of users under GDPR for core business functions. Such as preventing abuse of service.

 

[ivp]

I understand that IP Checking/Date range should check whether new user IP address matches some previous one.

But when set it to 10 minutes, new registration info still shows matches with IP addresses used a month ago?

 

[Xon]

The ip check feature checks the XF IP table with the date limit, so that IP was used recently.

 

[Stuart Wright]

Here is a potential issue. Stopforumspam acts on three elements: user name, email address and IP. On a new forum with only a few members, people may well register with a common user name like Dave which is quite likely to be in the Stopforumspam database.
Therefore matching the user name should carry less weight than matching the IP or email address. In fact, I want to automatically block everyone who matches on the IP or email in Stopforumspam, but put people who match on the user name into the moderation queue.
So I'm asking whether this differentiation could be added. Or is this something that's in the core and difficult to change?
Thanks.