Signup abuse detection and blocking [Paid] 1.13.4

[Xon]

That is already supported. Search for "svSFSExtendedConfig" in the admincp.




You can just put a +6 or similar for the email/ip score, and maybe +3 in the username. but this depends on the moderation vs reject thresholds.

This configuration doesn't support the score/moderate/reject functionality other parts support.

 

[Andy.N]

I just want to auto reject or auto ban new users who just sign up and has a url in their profile web field.
Looking via my database, these users dont post and just spam via their account.
How does this help? Which setting?

 

[Xon]

@Andy.N look for the "Link Spam checker" options. Specifically; "Link Spam checker: Registration default action"

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.8.10 - Maintenance update

• Improve User Registration log filtering

Read the rest of this update entry...

 

[Andy.N]

@Andy.N look for the "Link Spam checker" options. Specifically; "Link Spam checker: Registration default action"

Purchased.
Thanks

 

[Mete Turan]

I don't think this plugin will work. It cannot detect a person entering with a VPN.

 

[HJW]

Still getting my head around configuring this correctly, but looks good!

What I think would be good is a check box on signup to approve someone, but also add them to a usergroup. I often approve people but add them to a new group so that all their posts need to be approved first because so often it's impossible to tell if they're a wrongun or not from the registration info.

 

[Xon]

I don't think this plugin will work. It cannot detect a person entering with a VPN.

Most VPNs are not actually very smart at hiding. It doesn't catch all of them, but it does catch enough.

That said.

This is not a turn-key solution, and each site may require customization!

What I think would be good is a check box on signup to approve someone, but also add them to a usergroup. I often approve people but add them to a new group so that all their posts need to be approved first because so often it's impossible to tell if they're a wrongun or not from the registration info.

This is a good suggestion, I'll look into that

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.8.11 - Bugfx/Feature update

• Link spam checker now captures [media] embeds. If exists, the bb-code media site url is used otherwise the media embed is rendered and then any url(s) extracted

Read the rest of this update entry...

 

[Andy.N]

How do I set up this addon to prevent users who sign up, got their account verified and then update their profile to add spam links to the website profile field.

 

[Xon]

Setting up the "Link spam checker" to moderator/reject unknown domains, and ensuring the spam checker triggers below say 4 posts would help do that

 

[Joe Link]

@Xon

For the Link Spam checker: Default action setting, is there a way to set this to only check new users? I swear there was a way to limit it to checking their first X posts/conversation, but I can't seem to find it now.

 

[Xon]

It is the stock option "Maximum messages to check for spam"

 

[Sportsoutlaw]

Quick question.

I have this installed, and know it is to prevent spam registrations, but.....

Does it, in any way, block guest or bots from accessing the forum? I don't think it does, but wanted to check and be sure as I am having issues with the AMPXF bot from accessing my forum all of a sudden. I'm getting a 403 error for Openresty, and openresty is not even on the server. Only other potential roadblock is Cloudflare and they say it must be coming from the server.

I feel like it is Cloudflare, but trying to address any other options before pursuing that further.

 

[Xon]

This add-on doesn't interfere with viewing the forum, it's major work is done at signup/registration time.

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.8.12 - Bugfix update

• Fix 'no javascript' not working for external account association
• Fix multi-account detection not working for external account association
• Work-around for default reject reason phrase (spam_prevention_registration_rejected) being too long causing a 'string too long' phrase instead of the reject reason

Read the rest of this update entry...

 

[ivp]

@Xon is there any way to list users having multiple accounts in the last 30 days? Some SQL query?

 

[Xon]

There isn't any log in XF, but this SQL query should get you started;

select * 
from xf_sv_multiple_account_event
join xf_sv_multiple_account_log on xf_sv_multiple_account_log.event_id = xf_sv_multiple_account_event.event_id 
where detection_date > unix_timestamp() - 30*86400 and xf_sv_multiple_account_log.active = 1
order by detection_date desc 
limit 50;

 

[Joe Link]

@Xon

Just updated to 1.8.12 and I'm seeing the notice about being too long.

ErrorException: Reject reason is too long (555 > 200), check spam_prevention_registration_rejected phrase src/XF/Error.php:75

I've customized that phrase to be more useful. Is there a way I can keep this customization and avoid that error?

 

[Xon]

@Joe Link the problem is the reject_reason is saved to the database to a string which is 200 characters. Your reject reason wasn't actually being shown before this update

I've created an XF bug report for this;

Fixed - "Please enter a value using 200 characters or fewer." error on rejected registration

If the phrase spam_prevention_registration_rejected is longer than 200 characters, then this error will occur instead of giving the actual reject reason and saving the rejected user.

xenforo.com