Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.15.6

No permission to buy ($45.00)
Xon updated Signup abuse detection and blocking with a new update entry:

1.10.8 - Bugfix update

  • Fix caching not occurring for external API calls if a caching provider is not setup
  • Fix "Undefined offset: 2" from ASN resolver attempting to extract a country when using non-Team Cymru/Ripe ASN providers.
  • Guard against add-ons which incorrectly implement XenForo Entities or content types when generating a list of content-types for the options;
    • Approval queue - skip click-to-shrink
    • Link Spam checker: Default action (by content type)
    This is known to affect add-ons by the Vault Wiki author who refuse to implement core XenForo functionality correctly

Read the rest of this update entry...
 
I only want to allow users to register who have a particular browser language and who have their browser set to one of three specific time zones. Is this possible?
 
@Xon I'm thoroughly embarrassed I did this but I have an issue.

I downloaded the xen update for v2.2.8. Patch 1. Currently I'm running v2.2.7 Patch 1

Anyway, like I said, had a brainfart, and tried to install this but I am guessing the version mismatch caused it?

Either way I want to resolve this and I'm not sure how to proceed. Thoughts?
addon.webp
 
Can we detect using same account by multiple people for somehow? Like for example we have an account and it used by 5 different people. We want to block it.
 
Last edited:
Can we detect using same account by multiple people for somehow? Like for example we have an account and it used by 5 different people. We want to block it?
That is not the purpose of this addon.

Apart from that: Even big companies like Netflix try hard to find account-sharing users and cannot really eliminate this problem effectively. You would have to look for different sessions of the same account online at at the same time - with the risk of having false positives (e.g. users, who switch devices frequently for whatever reason).
 
@Xon I'm thoroughly embarrassed I did this but I have an issue.

I downloaded the xen update for v2.2.8. Patch 1. Currently I'm running v2.2.7 Patch 1

Anyway, like I said, had a brainfart, and tried to install this but I am guessing the version mismatch caused it?

Either way I want to resolve this and I'm not sure how to proceed. Thoughts?
View attachment 263618
You'll need to check the add-on list for the one in that state (it'll have some red text under the title). After that it depends on the add-on!

Can we detect using same account by multiple people for somehow? Like for example we have an account and it used by 5 different people. We want to block it.
This is so hilariously hard I have no idea where to begin.
 
You'll need to check the add-on list for the one in that state (it'll have some red text under the title). After that it depends on the add-on!


This is so hilariously hard I have no idea where to begin.
I don't think I clearly defined what I meant. it was this addon (

Signup abuse detection and blocking [Paid] 1.10.8)​

that died with a permissions error. I just don't know if I should upgrade xf now, or even which wat to proceed. I've got no idea what other repercussions it might have to leave this in this state.

stack trace
Code:
Stack trace
#0 [internal function]: XF::handlePhpError(2, '[E_WARNING] mkd...', '/var/www/vhosts...', 283, Array)
#1 src/XF/Util/File.php(283): mkdir('/var/www/vhosts...')
#2 src/XF/Util/File.php(305): XF\Util\File::createDirectory('/var/www/vhosts...', false)
#3 src/XF/DevelopmentOutput.php(548): XF\Util\File::writeFile('/var/www/vhosts...', '{
    "edit_for...', false)
#4 src/XF/DevelopmentOutput/Option.php(52): XF\DevelopmentOutput->writeFile('options', 'SV/SignupAbuseB...', 'svSignupTorBloc...', '{
    "edit_for...')
#5 src/XF/DevelopmentOutput.php(55): XF\DevelopmentOutput\Option->export(Object(XF\Entity\Option))
#6 src/XF/Behavior/DevOutputWritable.php(52): XF\DevelopmentOutput->export(Object(XF\Entity\Option))
#7 src/XF/Mvc/Entity/Entity.php(1271): XF\Behavior\DevOutputWritable->postSave()
#8 src/addons/SV/SignupAbuseBlocking/Setup.php(236): XF\Mvc\Entity\Entity->save()
#9 src/XF/AddOn/StepRunnerInstallTrait.php(62): SV\SignupAbuseBlocking\Setup->installStep8(Array)
#10 src/XF/AddOn/StepRunnerInstallTrait.php(29): SV\SignupAbuseBlocking\Setup->installStepRunner(8, Array)
#11 src/XF/Admin/Controller/AddOn.php(419): SV\SignupAbuseBlocking\Setup->install(Array)
#12 src/XF/Mvc/Dispatcher.php(352): XF\Admin\Controller\AddOn->actionInstall(Object(XF\Mvc\ParameterBag))
#13 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XF:AddOn', 'Install', Object(XF\Mvc\RouteMatch), Object(TickTackk\DeveloperTools\XF\Admin\Controller\AddOn), NULL)
#14 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(TickTackk\DeveloperTools\XF\Admin\Controller\AddOn), NULL)
#15 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#16 src/XF/App.php(2345): XF\Mvc\Dispatcher->run()
#17 src/XF.php(512): XF\App->run()
#18 admin.php(13): XF::runApp('XF\\Admin\\App')
#19 {main}

Request state
Code:
array(4) {
  ["url"] => string(49) "/admin.php?add-ons/SV-SignupAbuseBlocking/install"
  ["referrer"] => string(74) "https://**************.com/admin.php?add-ons/SV-SignupAbuseBlocking/install"
  ["_GET"] => array(1) {
    ["add-ons/SV-SignupAbuseBlocking/install"] => string(0) ""
  }
  ["_POST"] => array(7) {
    ["_xfProcessing"] => string(1) "1"
    ["continue"] => string(1) "1"
    ["confirm"] => string(1) "1"
    ["params"] => string(2) "[]"
    ["count"] => string(1) "1"
    ["finished"] => string(1) "0"
    ["_xfToken"] => string(8) "********"
  }
}
 
This is so hilariously hard I have no idea where to begin.
Maybe via SSL/TLS Fingerprinting https://www.akamai.com/blog/security/bots-tampering-with-tls-to-avoid-detection ? i.e. JA3 Fingerprints https://medium.com/cu-cyber/impersonating-ja3-fingerprints-b9f555880e42 ? :) Cloudflare's Enterprise plan Firewall has JA3 Fingerprint support https://developers.cloudflare.com/bots/concepts/ja3-fingerprint :)

More info https://github.com/salesforce/ja3

and Nginx JA3 Fingerprint module https://github.com/phuslu/nginx-ssl-fingerprint - I added optional support to Centmin Mod Nginx too :)

For log4j scan detecting via JA3 fingerprints - X-FP and X-FP-Hash

Code:
curl -4Ik https://log4j.domain.com
HTTP/1.1 200 OK
Date: Tue, 14 Dec 2021 15:05:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 6592
Last-Modified: Mon, 13 Dec 2021 04:21:48 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "61b6ca5c-19c0"
Server: nginx centminmod
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-FP: 771,49196-49162-49195-52393-49161-49200-49172-49199-52392-49171-159-57-56-107-158-52394-51-50-103-22-19-157-53-61-156-47-60-10,0-23-65281-10-11-13-28,29-23-24-25,0
X-FP-Hash: c8446f59cca2149cb5f56ced4b448c8d
Accept-Ranges: bytes
 
I don't think I clearly defined what I meant. it was this addon (

Signup abuse detection and blocking [Paid] 1.10.8)​

that died with a permissions error. I just don't know if I should upgrade xf now, or even which wat to proceed. I've got no idea what other repercussions it might have to leave this in this state.

stack trace
Code:
Stack trace
#0 [internal function]: XF::handlePhpError(2, '[E_WARNING] mkd...', '/var/www/vhosts...', 283, Array)
#1 src/XF/Util/File.php(283): mkdir('/var/www/vhosts...')
#2 src/XF/Util/File.php(305): XF\Util\File::createDirectory('/var/www/vhosts...', false)
#3 src/XF/DevelopmentOutput.php(548): XF\Util\File::writeFile('/var/www/vhosts...', '{
    "edit_for...', false)
#4 src/XF/DevelopmentOutput/Option.php(52): XF\DevelopmentOutput->writeFile('options', 'SV/SignupAbuseB...', 'svSignupTorBloc...', '{
    "edit_for...')
#5 src/XF/DevelopmentOutput.php(55): XF\DevelopmentOutput\Option->export(Object(XF\Entity\Option))
#6 src/XF/Behavior/DevOutputWritable.php(52): XF\DevelopmentOutput->export(Object(XF\Entity\Option))
#7 src/XF/Mvc/Entity/Entity.php(1271): XF\Behavior\DevOutputWritable->postSave()
#8 src/addons/SV/SignupAbuseBlocking/Setup.php(236): XF\Mvc\Entity\Entity->save()
#9 src/XF/AddOn/StepRunnerInstallTrait.php(62): SV\SignupAbuseBlocking\Setup->installStep8(Array)
#10 src/XF/AddOn/StepRunnerInstallTrait.php(29): SV\SignupAbuseBlocking\Setup->installStepRunner(8, Array)
#11 src/XF/Admin/Controller/AddOn.php(419): SV\SignupAbuseBlocking\Setup->install(Array)
#12 src/XF/Mvc/Dispatcher.php(352): XF\Admin\Controller\AddOn->actionInstall(Object(XF\Mvc\ParameterBag))
#13 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XF:AddOn', 'Install', Object(XF\Mvc\RouteMatch), Object(TickTackk\DeveloperTools\XF\Admin\Controller\AddOn), NULL)
#14 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(TickTackk\DeveloperTools\XF\Admin\Controller\AddOn), NULL)
#15 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#16 src/XF/App.php(2345): XF\Mvc\Dispatcher->run()
#17 src/XF.php(512): XF\App->run()
#18 admin.php(13): XF::runApp('XF\\Admin\\App')
#19 {main}

Request state
Code:
array(4) {
  ["url"] => string(49) "/admin.php?add-ons/SV-SignupAbuseBlocking/install"
  ["referrer"] => string(74) "https://**************.com/admin.php?add-ons/SV-SignupAbuseBlocking/install"
  ["_GET"] => array(1) {
    ["add-ons/SV-SignupAbuseBlocking/install"] => string(0) ""
  }
  ["_POST"] => array(7) {
    ["_xfProcessing"] => string(1) "1"
    ["continue"] => string(1) "1"
    ["confirm"] => string(1) "1"
    ["params"] => string(2) "[]"
    ["count"] => string(1) "1"
    ["finished"] => string(1) "0"
    ["_xfToken"] => string(8) "********"
  }
}
You've got debug/developer mode on and don't have permission to write to the expected places. You'll run into a pile of odd addon's which have issues in that configuration.

Should be able to just run the installer again and it will pick off and do the right thing.
 
You've got debug/developer mode on and don't have permission to write to the expected places. You'll run into a pile of odd addon's which have issues in that configuration.

Should be able to just run the installer again and it will pick off and do the right thing.
You are correct. I removed that and it finished the install fine. Thanks @Xon
 
A possible race condition:
Code:
XF\Db\DuplicateKeyException: MySQL query error [1062]: Duplicate entry 'multiple_account-525343' for key 'content_type_content_id' src/XF/Db/AbstractStatement.php:230

Stack trace
INSERT  INTO `xf_report` (`content_type`, `content_id`, `content_user_id`, `content_info`, `first_report_date`, `last_modified_date`, `last_modified_user_id`, `last_modified_username`, `report_id`, `report_state`, `assigned_user_id`, `comment_count`, `report_count`, `last_modified_id`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
------------

#0 src/XF/Db/Mysqli/Statement.php(198): XF\Db\AbstractStatement->getException('MySQL query err...', 1062, '23000')
#1 src/XF/Db/Mysqli/Statement.php(79): XF\Db\Mysqli\Statement->getException('MySQL query err...', 1062, '23000')
#2 src/XF/Db/AbstractAdapter.php(96): XF\Db\Mysqli\Statement->execute()
#3 src/XF/Db/AbstractAdapter.php(220): XF\Db\AbstractAdapter->query('INSERT  INTO `x...', Array)
#4 src/XF/Mvc/Entity/Entity.php(1514): XF\Db\AbstractAdapter->insert('xf_report', Array, false)
#5 src/XF/Mvc/Entity/Entity.php(1246): XF\Mvc\Entity\Entity->_saveToSource()
#6 src/XF/Service/Report/Creator.php(201): XF\Mvc\Entity\Entity->save(true, false)
#7 src/addons/SV/ReportImprovements/XF/Service/Report/CreatorPatch.php(58): XF\Service\Report\Creator->_save()
#8 src/XF/Service/ValidateAndSavableTrait.php(42): SV\ReportImprovements\XF\Service\Report\CreatorPatch->_save()
#9 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(352): XF\Service\Report\Creator->save()
#10 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(312): SV\SignupAbuseBlocking\Repository\MultipleAccount->reportCreator(Object(SV\SignupAbuseBlocking\Entity\LogEvent))
#11 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(239): SV\SignupAbuseBlocking\Repository\MultipleAccount->createNewReportEntries(Object(SV\SignupAbuseBlocking\Entity\LogEvent))
#12 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(63): SV\SignupAbuseBlocking\Repository\MultipleAccount->processMultipleAccountDetectionInternal(Object(SV\ElasticSearchEssentials\XF\Entity\User), Array, 'login')
#13 src/XF.php(618): SV\SignupAbuseBlocking\Repository\MultipleAccount->SV\SignupAbuseBlocking\Repository\{closure}()
#14 src/addons/SV/SignupAbuseBlocking/Repository/MultipleAccount.php(64): XF::asVisitor(Object(SV\ElasticSearchEssentials\XF\Entity\User), Object(Closure))
#15 src/addons/SV/SignupAbuseBlocking/XF/ControllerPlugin/Login.php(101): SV\SignupAbuseBlocking\Repository\MultipleAccount->processMultipleAccountDetection(Object(SV\ElasticSearchEssentials\XF\Entity\User), Array, 'login')
#16 src/XF/Pub/Controller/Login.php(115): SV\SignupAbuseBlocking\XF\ControllerPlugin\Login->completeLogin(Object(SV\ElasticSearchEssentials\XF\Entity\User), true)
#17 src/XF/Mvc/Dispatcher.php(352): XF\Pub\Controller\Login->actionLogin(Object(XF\Mvc\ParameterBag))
#18 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XF:Login', 'Login', Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Login), NULL)
#19 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Login), NULL)
#20 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#21 src/XF/App.php(2351): XF\Mvc\Dispatcher->run()
#22 src/XF.php(517): XF\App->run()
#23 index.php(20): XF::runApp('XF\\Pub\\App')
#24 {main}
 
@Xon Under Options>User Registration I have this setting.

1646889518956.webp

My understanding is that this disables the time.

However, I am getting this:

1646889603286.webp

We have Google Registration enabled. This only seems to happen when someone uses Google to register. Is it possible that something in Signup abuse detection and blocking is being triggered here? If so, I can't find the setting to modify to stop this from happening.
 
@Xon Under Options>User Registration I have this setting.

View attachment 265778

My understanding is that this disables the time.

However, I am getting this:

View attachment 265779

We have Google Registration enabled. This only seems to happen when someone uses Google to register. Is it possible that something in Signup abuse detection and blocking is being triggered here? If so, I can't find the setting to modify to stop this from happening.
Looks for the options: "Minimum time for registration" and "Minimum time for registration score" which are different from the XF registration timer.

That is signup is being rejected by the "Get IP Intel" option's "High confidence score" argument.
 
What is the format for the entry for user notification creator.

It says "The user(and language) to create notifications with. This is required."

So userxyz(english) ? That seems odd
 
Top Bottom