Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.15.6

No permission to buy ($45.00)
That is already supported. Search for "svSFSExtendedConfig" in the admincp.

1610190981356.png


You can just put a +6 or similar for the email/ip score, and maybe +3 in the username. but this depends on the moderation vs reject thresholds.

This configuration doesn't support the score/moderate/reject functionality other parts support.
 
I just want to auto reject or auto ban new users who just sign up and has a url in their profile web field.
Looking via my database, these users dont post and just spam via their account.
How does this help? Which setting?
 
Still getting my head around configuring this correctly, but looks good!

What I think would be good is a check box on signup to approve someone, but also add them to a usergroup. I often approve people but add them to a new group so that all their posts need to be approved first because so often it's impossible to tell if they're a wrongun or not from the registration info.
 
I don't think this plugin will work. It cannot detect a person entering with a VPN.
Most VPNs are not actually very smart at hiding. It doesn't catch all of them, but it does catch enough.

That said.
This is not a turn-key solution, and each site may require customization!

What I think would be good is a check box on signup to approve someone, but also add them to a usergroup. I often approve people but add them to a new group so that all their posts need to be approved first because so often it's impossible to tell if they're a wrongun or not from the registration info.
This is a good suggestion, I'll look into that
 
How do I set up this addon to prevent users who sign up, got their account verified and then update their profile to add spam links to the website profile field.
 
Setting up the "Link spam checker" to moderator/reject unknown domains, and ensuring the spam checker triggers below say 4 posts would help do that
 
@Xon

For the Link Spam checker: Default action setting, is there a way to set this to only check new users? I swear there was a way to limit it to checking their first X posts/conversation, but I can't seem to find it now.
 
Quick question.

I have this installed, and know it is to prevent spam registrations, but.....

Does it, in any way, block guest or bots from accessing the forum? I don't think it does, but wanted to check and be sure as I am having issues with the AMPXF bot from accessing my forum all of a sudden. I'm getting a 403 error for Openresty, and openresty is not even on the server. Only other potential roadblock is Cloudflare and they say it must be coming from the server.

I feel like it is Cloudflare, but trying to address any other options before pursuing that further.
 
There isn't any log in XF, but this SQL query should get you started;
SQL:
select * 
from xf_sv_multiple_account_event
join xf_sv_multiple_account_log on xf_sv_multiple_account_log.event_id = xf_sv_multiple_account_event.event_id 
where detection_date > unix_timestamp() - 30*86400 and xf_sv_multiple_account_log.active = 1
order by detection_date desc 
limit 50;
 
  • Like
Reactions: ivp
@Xon

Just updated to 1.8.12 and I'm seeing the notice about being too long.

Code:
ErrorException: Reject reason is too long (555 > 200), check spam_prevention_registration_rejected phrase src/XF/Error.php:75

I've customized that phrase to be more useful. Is there a way I can keep this customization and avoid that error?

1614116895375.webp
 
@Joe Link the problem is the reject_reason is saved to the database to a string which is 200 characters. Your reject reason wasn't actually being shown before this update :(

I've created an XF bug report for this;
 
Top Bottom