Signup abuse detection and blocking [Paid] 1.16.11

[sub_ubi]

I have other software handling registration (aMember) will this addon detect multiple accounts after registration?

 

[Xon]

@sub_ubi yeah it does do multiple account checking on login in addition to registration

 

[Gossipy]

We recently purchased this and we discovered something weird that happens with it installed and disabled. I haven't had a chance yet to test if it happens with it enabled.

Situation

• ACP > Registration > Enable email confirmation: ON
• ACP > Registration > Enable manual approval: ON
• This add-on is installed and disabled

Problem

In the above configuration, the new user registration process skips the email confirmation step. The user skips the "Awaiting email confirmation" state and moves directly to the "Awaiting Approval" state.

As soon as we uninstalled the add-on, the process went back to behaving as expected.

 

[Xon]

@Gossipy you are using the latest version of XenForo?

This sounds like XenForo hasn't fully disabled the add-on, which is really bizarre.

 

[MilkyMeda]

We are getting some error logs from this add-on:

LogicException: Attempted to set 'content_info' while a save was pending without forceSet src/XF/Mvc/Entity/Entity.php:575


#0 src/XF/Mvc/Entity/Entity.php(548): XF\Mvc\Entity\Entity->set('content_info', Array)
#1 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(413): XF\Mvc\Entity\Entity->__set('content_info', Array)
#2 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(386): SV\SignupAbuseBlocking\Repository\MultipleAccount->reportCommentCreator(Object(SV\SignupAbuseBlocking\XF\Entity\Report), Object(SV\SignupAbuseBlocking\Entity\LogEvent))
#3 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(225): SV\SignupAbuseBlocking\Repository\MultipleAccount->bumpReportEntries(Array, Object(SV\SignupAbuseBlocking\Entity\LogEvent))
#4 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(57): SV\SignupAbuseBlocking\Repository\MultipleAccount->processMultipleAccountDetectionInternal(Object(SV\SignupAbuseBlocking\XF\Entity\User), Array, 'login')
#5 src/XF.php(478): SV\SignupAbuseBlocking\Repository\MultipleAccount->SV\SignupAbuseBlocking\Repository\{closure}()
#6 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(58): XF::asVisitor(Object(SV\SignupAbuseBlocking\XF\Entity\User), Object(Closure))
#7 src/addons/SV/SignupAbuseBlocking/XF/ControllerPlugin/Login.php(94): SV\SignupAbuseBlocking\Repository\MultipleAccount->processMultipleAccountDetection(Object(SV\SignupAbuseBlocking\XF\Entity\User), Array, 'login')
#8 src/XF/Pub/Controller/Login.php(112): SV\SignupAbuseBlocking\XF\ControllerPlugin\Login->completeLogin(Object(SV\SignupAbuseBlocking\XF\Entity\User), true)
#9 src/XF/Mvc/Dispatcher.php(321): XF\Pub\Controller\Login->actionLogin(Object(XF\Mvc\ParameterBag))
#10 src/XF/Mvc/Dispatcher.php(244): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'Login', Object(XF\Mvc\RouteMatch), Object(LiteSpeedCache\XF\Pub\Controller\Login), NULL)
#11 src/XF/Mvc/Dispatcher.php(100): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(LiteSpeedCache\XF\Pub\Controller\Login), NULL)
#12 src/XF/Mvc/Dispatcher.php(50): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#13 src/XF/App.php(2177): XF\Mvc\Dispatcher->run()
#14 src/XF.php(390): XF\App->run()
#15 index.php(20): XF::runApp('XF\\Pub\\App')
#16 {main}

 

[Xon]

@MilkyMeda please ensure you've updated the add-on to the latest version; that was fixed a few versions ago.

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.2.3 - Bugfix update

• Add work-around for possible race conditions & duplicate key exceptions

Read the rest of this update entry...

 

[Gossipy]

@Gossipy you are using the latest version of XenForo?

This sounds like XenForo hasn't fully disabled the add-on, which is really bizarre.

Yes we are using 2.1.2.

 

[AndrewSimm]

@Xon

I got a question! Where would multiple accounts be visible if not sent to a thread? Is there a separate report that shows multiple accounts?

 

[MilkyMeda]

You need to enable the report option:

 

[AndrewSimm]

I guess what I am asking is, is there a frontend other than a created thread?

 

[Xon]

It can create notifications via;

• Reports
• Threads (with add-on)
• Conversations (with add-on)

You can view multiple-account's detected on account via;

• User's profile in the admincp
• User's profile in the front-end

 

[AndrewSimm]

It can create notifications via;

• Reports
• Threads (with add-on)
• Conversations (with add-on)

You can view multiple-account's detected on account via;

• User's profile in the admincp
• User's profile in the front-end

Would "Reports" appear at the following link?

https://www.website.com/reports/

 

[Xon]

Yes, by reports I mean the report centre. Also works with my Report Improvements and Report Centre Essential add-ons

 

[AndrewSimm]

Yes, by reports I mean the report centre. Also works with my Report Improvements and Report Centre Essential add-ons

Perfect, I assume the best way to track history would be to have a thread created?

 

[Xon]

Report system doesn't add any extra overheads, while Threads need to add some extra state to the thread.

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.2.4 - Compatibility update

• Compatibility fix for New Registration Email (multiple-account not linking to detected account due to non-canonical URLs)

Read the rest of this update entry...

 

[MilkyMeda]

Why does it report with no second user like this:

 

[Xon]

You probably don't have permission to see the reporting methods, check permissions (the defaults may not be working for you)

 

[MilkyMeda]

I can see all the methods already and there is no method related permission I can find.

We only use the Cookie method anyway.

This happens only in particular users like above, the rest is just fine.