Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.16.8

No permission to buy ($45.00)
Overview FAQ Updates (113) Reviews (22) History Discussion
I see a "Cloudflare GeoIP" function in options. Do I need a Cloudflare account or Cloudflare installed on my server?
 
Xon said:
Yes, it requires a Cloudflare account and Cloudflare setup infront of your site for that to work.
Click to expand...

Do you also need to enable "IP Geolocation", on Cloudflare, for that to work?

"IP Geolocation
Include the country code of the visitor location with all requests to your website."
 
DroidOne said:
Do you also need to enable "IP Geolocation", on Cloudflare, for that to work?

"IP Geolocation
Include the country code of the visitor location with all requests to your website."
Click to expand...
Yes, the feature links to the help page on how to turn that on for a cloudflare account
 
To illustrate why a whitelisting function for email domains is so valuable. A spammer registers at your forum with the email address sales@viagraonline.com and all other parameters are normal.
If there is a function to moderate registrations with a new email domain then this will come up. You will detect the spammer and block any further signups with that domain.
 
Alfa1 said:
To illustrate why a whitelisting function for email domains is so valuable. A spammer registers at your forum with the email address sales@viagraonline.com and all other parameters are normal.
If there is a function to moderate registrations with a new email domain then this will come up. You will detect the spammer and block any further signups with that domain.
Click to expand...
You can setup a whitelist by adding a email domain with;

Code: 
-3|example.com
+3|*

It matches all, so for the whitelisted domain it does -3 (then +3, for a total of 0), but for every other domain it adds +3 to the score.

At some stage I need to add configuration to control if the rules-scanning stops on the first match or goes for every match.
 
  • Like
Reactions: rdn
Up until now I've been deleting all my spammers. I should I ban instead them now for this plugin to work?

EDIT: Does this check users registered prior to installation?
 
Ugh, this add-on's additions to the approval queue don't show up in XF2.1, will be working on fixing that.

vbuser said:
Up until now I've been deleting all my spammers. I should I ban instead them now for this plugin to work?
Click to expand...
In XF2 the default is a 'reject' state and it keeps the information and doesn't delete the account. I'ld recommend banning rather than deleting as it leaves glue information for multi-account to work properly.

EDIT: Does this check users registered prior to installation?
Click to expand...
Nope.
 
Feature request: I'd like the ability to check all my users IP using Apility.io. I'm doing it from the command line right now.
 
We have the addon in use. Unfortunately, a banned test user needs only 2 seconds to bypass the addon. You just have to open a private browser window. it works also with another browser. It's very easy for blocked users to register again.
I do not know if it is due to the settings or it was really so easy thought.

The next minus point is that we all users manually sounded free and set in XF the user must first confirm their mail before they are unlocked in us.

Now I have to ask the user manually.

After he has confirmed his email, the same message appears again.

Maybe you have a solution??
 
Last edited:
vbuser said:
Feature request: I'd like the ability to check all my users IP using Apility.io. I'm doing it from the command line right now.
Click to expand...
There is rate limiting on Apility.io for the free account, please ensure you don't go over.

kelle67 said:
We have the addon in use. Unfortunately, a locked test user needs only 2 seconds to bypass the addon. You just have to open a private browser window.
I do not know if it is due to the settings or it was really so easy thought.
Click to expand...
The add-on description is up-front that this is about catching low-hanging fruit and the implication is you may be easily bypassed;

From (simple) multiple accounts detection to isp/connection fingerprinting with score-based moderating/rejecting logic. These are very effective low-hanging fruit at reducing spam.
Click to expand...

The next minus point is that we all users manually sounded free and set in XF the user must first confirm their mail before they are unlocked in us.

Now I have to ask the user manually.

After he has confirmed his email, the same message appears again.

Maybe you have a solution??
Click to expand...
This is what the "Require email confirmation (always notifies)" option in the approval queue is for, it kicks off the standard XenForo email confirmation process. Which is currently not displaying for XF2.1, but I plan to work on that in the next day.
 
A number of XF2.1 bugs have been spotted around templates (which block viewing multi-account reports), I've removed the XF2.1 support flag untill they can be fixed in the next few days
 
Xon updated Signup abuse detection and blocking with a new update entry:

1.0.8 - Bugfix update

  • Some XF2.1 compatibility fixes;
    • Fix "like_count" error using XF2.1 for MultiAccount reports
    • Fix "Require email confirmation (always notifies)" feature in Approval Queue for XF2.1
  • Support for "Send Report To Forum" XF core "feature"
  • Reduce redundant queries in Report Centre
  • Fix 'Allowed banned logout' feature
Not yet XF2.1 compatible, some approval queue features have not been ported yet. Getting close!
Click to expand...

Read the rest of this update entry...
 
You must log in or register to reply here.
Back
Top Bottom