Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.16.8

No permission to buy ($45.00)
Anyone can help with the following. It seems like every new registration is put in the moderation queue even if the score is 1. I remember in the past, it has to reach a certain score for it to go to moderation.
Here are the few recent sign ups that in moderation queue.
1727815473232.webp

maybe one of the unknowns is set to moderate.
 
Hi @Xon - I have been getting quite a bit of false positives, blocking legit members from signing up. A few examples found in the spam trigger log include:

Action: Rejected Checking: lesliehuntsman, xxxxxx@me.com, 2601:380:8200:1450:ddd6:9f21:fb82:619, reject. ASN matched: ASN 7922, COMCAST-7922, US, Country detected: US, Hostname detected: 2601:380:8200:1450:ddd6:9f21:fb82:619, Registration form completed: 160 sec, accept. Unknown email domain: <a href="{search}" target="_blank">me.com</a>, Browser language: en, Browser language: en-US, Browser timezone: America/Chicago, Total score: 0, Rejected. Direct rule selection


Action: Rejected Checking: Beautiful_blue_ocean, xxxxxx@comcast.net, 73.47.145.138, reject. ASN matched: ASN 7922, COMCAST-7922, US, Country detected: US, Hostname detected: c-73-47-145-138.hsd1.ma.comcast.net, Registration form completed: 67 sec, accept. Unknown email domain: <a href="{search}" target="_blank">comcast.net</a>, Browser language: en, Browser language: en-US, Browser timezone: America/New_York, Total score: 0, Rejected. Direct rule selection

The scores are 0, yet the registration is rejected. Why are the IPs rejected outright and how can I change this setting in the admin? Thanks!

edit: just did some digging, and it turns out that the ASN for the IPs was set to auto reject. That explains it!
 
Last edited:
Hi @Xon - I have been getting quite a bit of false positives, blocking legit members from signing up. A few examples found in the spam trigger log include:






The scores are 0, yet the registration is rejected. Why are the IPs rejected outright and how can I change this setting in the admin? Thanks!

edit: just did some digging, and it turns out that the ASN for the IPs was set to auto reject. That explains it!
What rules have you got that are set to "reject"?
 
What rules have you got that are set to "reject"?

Under Connection profiling - ASN and ISP or ASN rules, there was an entry towards the bottom of

reject|7922

This rejected Comcast customers from many US cities on the East Coast. I never added this entry, I imagine it comes by default in the addon.
 
Under Connection profiling - ASN and ISP or ASN rules, there was an entry towards the bottom of

reject|7922

This rejected Comcast customers from many US cities on the East Coast. I never added this entry, I imagine it comes by default in the addon.
not in default , at least on mine.
 
Hmm so strange. I wouldn't even know how to get an ASN number for any given ISP, so I am really puzzled how Comcast showed up in that list.
when in doubt, gremlins.

Gremlins Laughing GIF
 
The scores are 0, yet the registration is rejected. Why are the IPs rejected outright and how can I change this setting in the admin? Thanks!

edit: just did some digging, and it turns out that the ASN for the IPs was set to auto reject. That explains it!
It is this fragment:
Code:
reject. ASN matched: ASN 7922
...
Total score: 0, Rejected. Direct rule selection
Basically when it says Direct rule selection, it means there is a hard reject statement somewhere and you need to huntdown exactly which rule triggered it.
 
Hmm so strange. I wouldn't even know how to get an ASN number for any given ISP, so I am really puzzled how Comcast showed up in that list.
It can happen if you accidentally choose the ban ASN option on the approval queue page. I’ve done this a few times.
 
Have this one in my moderation queue today. I can't find what caused this to not be approved automatically.

IMG_5213.webp
 
It is the line:
Code:
Moderated. IP threat score: 1

This is from the getipintel integration, probably from the ASN is oracle's VM cloud solution aka proxy services
 
It is the line:
Code:
Moderated. IP threat score: 1

This is from the getipintel integration, probably from the ASN is oracle's VM cloud solution aka proxy services
Here is my setting. I feel it's getting harder to understand the numerous options available here.
screencapture-quantnet-admin-php-2024-10-03-12_40_32.webp
screencapture-quantnet-admin-php-2024-10-03-12_40_32-2.webp
 
Back
Top Bottom