Signup abuse detection and blocking [Paid] 1.15.6

[Xon]

If I have country ban set up in Apility, will your plugin reject that user registration?

No, as it just uses the country lookup results and then processes the result itself

 

[frm]

@Xon

I don't mind if people have multiple accounts for whatever reason, even allow it for some groups with my site's ToS. But, I do not want to end up getting a barrage of forum bot signups where I get like tens to hundreds of new users per day that just want signature links, etc.. Will this + CAPTCHA protect against that?

 

[Xon]

The multiple account handling is purely optional, the other parts of the add-on are related to connection profiling. A large amount of spam tends to come from either VPN/Colo/hosting providers or is human spam from countries that me not be your target audience. While this don't block all spam, it is a great starting point to reduce it and a toolkit to block common spammy providers.

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.0.11 - Bugfix update

• Missing phrase usage in bbcode template
• Fix _preSave/_postSave in some entities was not protected
• Add "Include raw information into reported content" option (default disabled) used to expose the information to search.
• Add permission checks to multi-account bbcode block
• Push can-view-multi-account permission check into bbcode rendering and viewing a multi-account thread/conversation/report
• Update...

Read the rest of this update entry...

 

[Rhodium]

• Add permission checks to multi-account bbcode block

Now that block dissapear in my thread detections and i don't know how to enable...

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.0.12 - Bugfix update

• Correctly check "Multiple account View reportings" permission

Read the rest of this update entry...

 

[Xon]

Now that block dissapear in my thread detections and i don't know how to enable...

View attachment 191470

Oops, fixed now!

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.0.13 - Maintenance update

• Properly migrate XF1 alterego report format into a XF2.1 compatible structure
  • Required if upgrading to XF2.1 reports; Error doing JSON conversion xf_report.content_info (report_id=24745): Malformed UTF-8 characters, possibly incorrectly encoded

Read the rest of this update entry...

 

[dethfire]

Updated from XF 1.5 version and updated the reports. Not sure it updated the count in the title correctly?

For example:

memberX has 0 multiple accounts
On registration, it looks like memberx is an alter ego of memberz...

memberx , Triggered detection methods:
- Cookie

Shouldn't that count be 2?

 

[Xon]

@dethfire It looks like it didn't migrate some of the report data across properly or was unable to extract it

I'll need to look into that in more depth.

 

[dethfire]

I'll need to look into that in more depth.

not super important as long as it has the right count for new reports

 

[Xon]

not super important as long as it has the right count for new reports

Yeah, it will get that right at least for new reports

 

[limboclub]

How do you import the old TPU options to this addon?

 

[Xon]

How do you import the old TPU options to this addon?

They should be automatically copied from the legacy TPU add-on when installing this add-on

 

[Movie Prop Sites]

@Xon , this is great and what we have been waiting on in order to go to XF 2.1! I do have a question; one of the things that has always plagued us is multi-hits on people we KNOW to be ok, like husbands and wives or roommates. Is there any way to make a whitelist for such connections?

 

[Xon]

@Xon , this is great and what we have been waiting on in order to go to XF 2.1! I do have a question; one of the things that has always plagued us is multi-hits on people we KNOW to be ok, like husbands and wives or roommates. Is there any way to make a whitelist for such connections?

You can give them permission to bypass the alter-ego detector, you can disable reporting for that combination, or disable reporting for a particular account.

 

[Movie Prop Sites]

You can give them permission to bypass the alter-ego detector, you can disable reporting for that combination, or disable reporting for a particular account.

That is FANTATSTIC!!! The ability to disable reporting for particular combinations is exactly what we have needed for years and years! I am sold! We will be buying this for all our sites and pushing to XF 2.1. Thank you!

 

[Xon]

That is FANTATSTIC!!! The ability to disable reporting for particular combinations is exactly what we have needed for years and years! I am sold! We will be buying this for all our sites and pushing to XF 2.1. Thank you!

That functionality might be a little wonky, but that is what bugfix updates are for!

 

[woody]

Discovered a bug this morning:

User registered an account, screwed up the username, then registered a 2nd account. Account was caught correctly and reported.

I then deleted the first registration, so the 2nd would go thru correctly. The user still cannot confirm their registration, and still gets the "duplicate account" error.

I then accessed my Admin panel, and their Multiple Account tab. The deleted account still appears on the list, despite no longer being in the system. When I select "Ignore for future events", I get an error - "the reported user could not be found"

[LIST]
[*]Action: Moderated
[*]Generated by: username2
[*]Friday at 8:30 AM
[*]Checking: username2, user@domain.com, 1.1.1.1
[*]Moderating, Multiple account - Cookie, IP address: 1.1.1.1 - Username: usermane1, UserId: 123456
[*]Country detected: US
[*]ASN2386, AT&T Data Communications Services
[*]Hostname detected: 1.1.1.1
[*]Registration form completed: 75 sec
[*]Total score: 0
[*]Moderated. Direct rule selection
[/LIST]

---- EDIT ----

Changed the User State from "Rejected" to "Awaiting Email Confirmation" and suspect that will allow the user to confirm correctly. Will report back once they follow thru on their end.

 

[Xon]

"Rejected" is not the same as deleted, so the duplicate account error is expected. Will look into why "the reported user could not be found" bit didn't work however.