Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.15.6

No permission to buy ($45.00)
Overview FAQ Updates (105) Reviews (21) History Discussion
Xon said:
Your reject reason wasn't actually being shown before this update :(
Click to expand...

That's really odd! It seems to be displaying both before and after the update. I have it set to reject anyone with a VPN over at Southwest Firearms. When I turn my VPN (Nord) on and try to register, I see the message (which is what I took a screenshot of).

You've forgotten way more than I know about this stuff so I know better than to argue, but I'm curious as to why I see it (and whether others are seeing it or something different). Maybe you can give it a shot on the site?
 
Today i had a user rejected coming from one of the many school district IP ranges.

1614130262429.webp
1614130398821.webp

1614130441870.webp



Is there a way to whitelist particular ASN's? or what is the best way to not have these users rejected.
 
@Xon, have a bit of a weird one for you.

For Multi-account Reporting, we have your software create a thread in a specific forum for us.

Here is the title of a typical thread:

UserX has 1 multiple accounts

Here is the body:

On Registration, UserX (Awaiting approval) has the following potential multiple account(s):
UserY (Awaiting email confirmation)
Ignore for future events

Triggered detection methods: Cookie IP address: XX.XXX.XXX.XXX

However, if you edit that body text you see this code:

Code: 
[multi_account_block]{"event":1030}[/multi_account_block]

The problem is, we would like to be able to search that forum that only contains those notices for the name "UserY" but the text "UserY" doesn't actually exist within the posts. Is there any way we can do this?
 
There was an option to embed a static copy into the post "Include raw information into reported content", this effectively disables the permission checking on who can view this information.

This sadly doesn't embed previous versions into search.

I'll need to think about a better solution
 
Joe Link said:
That's really odd! It seems to be displaying both before and after the update. I have it set to reject anyone with a VPN over at Southwest Firearms. When I turn my VPN (Nord) on and try to register, I see the message (which is what I took a screenshot of).

You've forgotten way more than I know about this stuff so I know better than to argue, but I'm curious as to why I see it (and whether others are seeing it or something different). Maybe you can give it a shot on the site?
Click to expand...

@Xon have you had a chance to take a look at this? I've tested it with multiple devices and a VPN, and it appears the message is displaying properly (though we're still getting the errors in the Server Error Log).
 
The latest version of this add-on contains a work-around for that error, which is very similar to how XF2.2.4 implements it.
 
Xon said:
They do offer a free plan. But frankly 500 registration attempts per day is a lot.
Click to expand...
That reminds me, your add-on was seriously tested by unwanted tiktok users, we didn't get any results though because the server blew up

tumblr_mk5jbtSlLe1qdlh1io1_400.gif

Capture.webp
 
  • Wow
Reactions: Xon
It will definitely allow for that. It does have some additional setting you may wish to consider such as ASN blocking (aka ISP), as well as country blocking. These can all be disabled by just blanking the relevant setting. They are grouped up so it is easier to handle.

The getipintel integration (disabled by default) is very useful for identifying unknown-ish problematic signup sources.
 
I've registered on your website in order to buy the addon. My username on your forum is the same as it is on here. I entered my validation token for my XenForo license.
 
Is there a way to use Country filtering/scoring without using cloudflare? I'm asking since I'm using amazon web services. Thanks!
 
Hello,

We are having some fun with users from a particular region of the world of late...

I'm not sure how/what is happening but it appears the user registration is rejected and yet they are still able to post a thread.

Here I see the user registration was rejected:
UsernameActionDateDetails
Maria27388RejectedToday at 1:55 AM

and yet this user was still able to create a spam thread
1620320238935.webp

Any thoughts on how this might be happening?
 

Attachments

  • 1620320169173.webp
    1620320169173.webp
    65.8 KB · Views: 0
Xon updated Signup abuse detection and blocking with a new update entry:

1.9.0 - Feature update

  • Use <xf:fa icon="..." /> instead of hard-coded icons
  • Ensure multi-account tracking isn't triggered from an admincp login
  • Correctly set tracking cookie on logout & keep-alive ping (previous code was ineffective as it had the wrong cookie path)
  • Capture client timezone & language into user registration log
  • Add filtering for allowed email domains in admincp
Click to expand...

Read the rest of this update entry...
 
You must log in or register to reply here.

Similar threads

dutchbb
  • Question Question
Post your (vB) Products & Plugins
2
Replies
38
Views
13K
Ranger375
Ranger375
Top Bottom