Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.15.6

No permission to buy ($45.00)
Overview FAQ Updates (105) Reviews (21) History Discussion
Nirjonadda said:
@Xon Please can be add option set username for Rejected by?
Click to expand...
If you reject a user from the approval queue it sets who rejected them. Otherwise it is automatic so there isn't any point.

Nirjonadda said:
Also user can view log about that Signup abuse detection and blocking?
Click to expand...
The logs are under the AdminCP & logs section. The anti-spam logs are just the standard spam trigger log, and a custom "user registration log" for users who pass and to keep the record for longer than the spam trigger logs
 
Xon, the 1.15.3 (and later) versions broke my users' ability to edit their profiles.

My forum has an invisible profile field that users can't see or edit that contains a URL. Because this field was incorrectly subject to anti-spam checks, even though users can't see or edit it, nobody who had this field could save any profile update.

Ideas:
  • Anti-spam filtering for profile updates by users after registration is a nice idea, but it should not default to on for an addon that's meant to be about user registration.
  • "Link Spam checker: Default action" being set to "moderate" shouldn't cause anything to be outright rejected automatically.
  • The message that users get when a profile edit is rejected because it contains a link should just state "no links allowed" or something equally clear. Yeah, people might try to work around it if they know what the issue is, but they can figure out what the issue is anyway via trial and error, so being obscure about it doesn't help, it just frustrates real users.
  • Profile fields that the user cannot see, or cannot edit, should never be subject to anti-spam checks.
  • Heck, potentially only fields that the user is actually changing should be subject to anti-spam checks. If a user already has a URL in their profile data, after installing this addon it will cause their attempted edit to be rejected if they go to edit some other, unrelated field.

In the meantime, the only workaround I've found is to set the "Link Spam checker: Registration default action" option to "Allowed".
 
Last edited:
There is a bug where the spam check is checking non-editable fields. Should have a fix out for it sometime this weekend.

Wanderer77 said:
In the meantime, the only workaround I've found is to set the "Link Spam checker: Registration default action" option to "Allowed".
Click to expand...
You can send the domain in the Link Spam checker: Accept option, and it will whitelist those domains to not trigger the link checker.
 
Wanderer77 said:
That helps, but I still have to leave the option disabled because it will block people from updating their profile if they put a URL into the "website" profile field that this addon adds to the edit profile page. I have the option "Request website on signup" disabled, but the field still appears in the edit profile page.
Click to expand...
That is stock XenForo behavior, the website field is hard-coded to display. I might need to add an option to disable showing (and then spam checking) that field
 
@Xon Getting Server error log:

Code: 
XF\PrintableException: Job XF:ApprovalQueueProcess: Banned emails must be unique. The specified banned email is already in use. src/XF/Mvc/Entity/Entity.php:1228

Generated by: Unknown account Feb 23, 2024 at 11:53 AM

Stack trace

#0 src/XF/Repository/Banning.php(98): XF\Mvc\Entity\Entity->save()
#1 src/addons/SV/SignupAbuseBlocking/XF/ApprovalQueue/User.php(186): XF\Repository\Banning->banEmail('*@gmail.com')
#2 src/addons/SV/SignupAbuseBlocking/XF/ApprovalQueue/User.php(258): SV\SignupAbuseBlocking\XF\ApprovalQueue\User->doBanEmailDomain(Object(OzzModz\EmailWhitelist\XF\Entity\User))
#3 src/XF/ApprovalQueue/AbstractHandler.php(122): SV\SignupAbuseBlocking\XF\ApprovalQueue\User->actionReject(Object(OzzModz\EmailWhitelist\XF\Entity\User))
#4 src/XF/Job/ApprovalQueueProcess.php(67): XF\ApprovalQueue\AbstractHandler->performAction('reject', Object(OzzModz\EmailWhitelist\XF\Entity\User))
#5 src/XF.php(625): XF\Job\ApprovalQueueProcess->XF\Job\{closure}()
#6 src/XF/Job/ApprovalQueueProcess.php(53): XF::asVisitor(Object(OzzModz\EmailWhitelist\XF\Entity\User), Object(Closure))
#7 src/XF/Job/Manager.php(260): XF\Job\ApprovalQueueProcess->run(8)
#8 src/XF/Job/Manager.php(202): XF\Job\Manager->runJobInternal(Array, 8)
#9 src/XF/Job/Manager.php(118): XF\Job\Manager->runJobEntry(Array, 8)
#10 job.php(22): XF\Job\Manager->runByIds(Array, 8)
#11 {main}

Request state

array(4) {
  ["url"] => string(8) "/job.php"
  ["referrer"] => string(38) "/approval-queue/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(5) {
    ["only_ids"] => array(1) {
      [0] => string(7) "3070824"
    }
    ["_xfRequestUri"] => string(16) "/approval-queue/"
    ["_xfWithData"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["_xfResponseType"] => string(4) "json"
  }
}
 
Nirjonadda said:
@Xon Getting Server error log:

Code: 
XF\PrintableException: Job XF:ApprovalQueueProcess: Banned emails must be unique. The specified banned email is already in use. src/XF/Mvc/Entity/Entity.php:1228

Generated by: Unknown account Feb 23, 2024 at 11:53 AM

Stack trace

#0 src/XF/Repository/Banning.php(98): XF\Mvc\Entity\Entity->save()
#1 src/addons/SV/SignupAbuseBlocking/XF/ApprovalQueue/User.php(186): XF\Repository\Banning->banEmail('*@gmail.com')
#2 src/addons/SV/SignupAbuseBlocking/XF/ApprovalQueue/User.php(258): SV\SignupAbuseBlocking\XF\ApprovalQueue\User->doBanEmailDomain(Object(OzzModz\EmailWhitelist\XF\Entity\User))
#3 src/XF/ApprovalQueue/AbstractHandler.php(122): SV\SignupAbuseBlocking\XF\ApprovalQueue\User->actionReject(Object(OzzModz\EmailWhitelist\XF\Entity\User))
#4 src/XF/Job/ApprovalQueueProcess.php(67): XF\ApprovalQueue\AbstractHandler->performAction('reject', Object(OzzModz\EmailWhitelist\XF\Entity\User))
#5 src/XF.php(625): XF\Job\ApprovalQueueProcess->XF\Job\{closure}()
#6 src/XF/Job/ApprovalQueueProcess.php(53): XF::asVisitor(Object(OzzModz\EmailWhitelist\XF\Entity\User), Object(Closure))
#7 src/XF/Job/Manager.php(260): XF\Job\ApprovalQueueProcess->run(8)
#8 src/XF/Job/Manager.php(202): XF\Job\Manager->runJobInternal(Array, 8)
#9 src/XF/Job/Manager.php(118): XF\Job\Manager->runJobEntry(Array, 8)
#10 job.php(22): XF\Job\Manager->runByIds(Array, 8)
#11 {main}

Request state

array(4) {
  ["url"] => string(8) "/job.php"
  ["referrer"] => string(38) "/approval-queue/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(5) {
    ["only_ids"] => array(1) {
      [0] => string(7) "3070824"
    }
    ["_xfRequestUri"] => string(16) "/approval-queue/"
    ["_xfWithData"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["_xfResponseType"] => string(4) "json"
  }
}
Click to expand...
This happens when a moderator attempts to ban the same email domain multiple times from the approval page. If they just ban it once it will not error.

This will be fixed for the next version, which should be out later before the weekend
 
Can someone tell me what "AS Match" means when new signups are sent to the Approval Queue? I'm getting a significant number of new signups getting sent to the Approval Queue because they have an "AS Match" which assigns them +3 and thus exceeds the threshold I've set. At first glance these all appear to be genuine customers.
 
051119 said:
Can someone tell me what "AS Match" means when new signups are sent to the Approval Queue? I'm getting a significant number of new signups getting sent to the Approval Queue because they have an "AS Match" which assigns them +3 and thus exceeds the threshold I've set. At first glance these all appear to be genuine customers.
Click to expand...
It's matching the AS (Autonomous System) network ID in the list in the addon settings. There are some default ones in the addon that are known problem sources. You can adjust these on your own... to your specific needs.

Here: ../admin.php?options/groups/svSignupAbuseBlocking/
Scroll down to "AS Name" and make adjustments as you see fit.

1709561460700.webp
 
For most users, "AS Match" should probably be renamed as "ISP match". It isn't technically correct but it is the most useful way for end-users to think about it.
 
Xon said:
For most users, "AS Match" should probably be renamed as "ISP match". It isn't technically correct but it is the most useful way for end-users to think about it.
Click to expand...

I owned an ISP back in the day. We always used the abbreviation ASN. ISP is probably better for end users though, I agree.

www.arin.net

Autonomous System Numbers

An Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly defined routing policy.
www.arin.net www.arin.net
 
Thanks for the replies, understood all. l think the issue l was experiencing is that TalkTalk, which is the 4th biggest lSP in the UK, appeared on the list (l have subsequently removed it). As a UK-based forum it was not surprising that a significant amount of my patronage was affected!
 
  • Like
Reactions: Xon
ekool said:
I owned an ISP back in the day. We always used the abbreviation ASN. ISP is probably better for end users though, I agree.

www.arin.net

Autonomous System Numbers

An Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly defined routing policy.
www.arin.net www.arin.net
Click to expand...
The add-on was inconsistent about referencing it as ASN, the last update ensures it says "ASN" rather than "AS" or "Asn" etc. I'm in the middle of a major feature update, and once that is done I'll review how the ASN phrasing is used and likely change the front-end to be more clear that it is aimed at ISP-level blocking.

051119 said:
Thanks for the replies, understood all. l think the issue l was experiencing is that TalkTalk, which is the 4th biggest lSP in the UK, appeared on the list (l have subsequently removed it). As a UK-based forum it was not surprising that a significant amount of my patronage was affected!
Click to expand...
I'll look into removing that from the defaults, not sure how it crept in.
 
Hello, sorry it’s me again.

I was wondering why none of my Super Moderators were dealing with duplicate account reports since l installed the plug-in two weeks ago and then l realised that none of them can see the reports.

ls this an error / intentional or is there some kind of permissions I’ve got set wrong? l cannot see anything in any of the settings.
 
Xon said:
That is up to standard XenForo permissions around "approving users"
Click to expand...
Hi, do you know in particular what permission is required, as all my Super Moderators can already “approve / reject users,” and indeed can see any users that are suspect of spam thrown up by this plugin and act upon it, they just cannot see the reports for duplicate accounts.
 
051119 said:
Hi, do you know in particular what permission is required, as all my Super Moderators can already “approve / reject users,” and indeed can see any users that are suspect of spam thrown up by this plugin and act upon it, they just cannot see the reports for duplicate accounts.
Click to expand...
Under the "Multiple account handling permissions" group, the "View reportings" permission. Next version I'll update that permission name to be more useful for the filter/search feature.
 
You must log in or register to reply here.
Top Bottom