Signup abuse detection and blocking [Paid] 1.15.6

[Xon]

You should be able to get getContentTitle, but there really isn't much point to replicating getContentTitle into getContentMessage. getContentMessage is only used when posting a report to a thread. But the thread creation on a multi-account eveent is handled by the SV/MultipleAccountToThread add-on.

You can always just extend that method and then use this code snippet to build an interesting (or useful) message body:

$primaryUser = $report->ReportData->MultipleAccountLogs['primaryUser'] ?? null;
$users = $report->ReportData->MultipleAccountLogs['users'] ?? [];

 

[Joeychgo]

ok so what does Country Timezone do exactly? I mean, does it exclude timezones or accept them?

 

[ENF]

ok so what does Country Timezone do exactly? I mean, does it exclude timezones or accept them?

You can set Timezone evaluation in the admin.php?options/groups/svSignupAbuseBlocking/ "Country Timezone" section of the addon setup. If you feel that a certain timezone carries more risk, you can elevate the scoring for each time zone. The default setting is zero (0) which basically skips this check if all are set to 0.

There are three areas for timezone related settings:
Country Timezone
Country Timezone - Unknown > You can select an action if the timezone comes back as unknown.
Timezone content spam check > Crosschecks content timezone against registration record and applies action if there's a discrepancy.

 

[Xon]

ok so what does Country Timezone do exactly? I mean, does it exclude timezones or accept them?

In compares the GeoIP and a map of known timezones for that region, so if they are using a timezone which isn't known for that area it can be flagged.

An example is detecting a timezone from the south-east-asia for a GeoIP which resolves to the USA

 

[Joeychgo]

Country Timezone - Unknown > You can select an action if the timezone comes back as unknown.

An example is detecting a timezone from the south-east-asia for a GeoIP which resolves to the USA

This is what I have. the countries are not selectable. I dont understand what this does or how I should set it.

 

[Xon]

The format is score|country-timezone

I would suggest setting "country timezone - unknown" to "moderated" or a +3 score at most.

 

[woody]

This is what I have. the countries are not selectable. I dont understand what this does or how I should set it.

0|CA-America/Caracas
0|CA-America/Chicago
0|CA-America/Denver
0|CA-America/Halifax
0|CA-America/Los_Angeles
0|CA-America/New_York
0|CA-America/Phoenix
0|CA-America/St_Johns
0|CC-Asia/Yangon
moderate|CD-Africa/Algiers
+2|CD-Africa/Johannesburg
moderate|CF-Africa/Algiers
moderate|CG-Africa/Algiers
0|CH-Europe/Amsterdam
0|CI-Atlantic/Reykjavik
0|CK-Pacific/Honolulu
0|CL-America/Argentina/Buenos_Aires
0|CL-America/Cuiaba
moderate|CM-Africa/Algiers
0|CN-Asia/Dhaka

Simple enough.

 

[Mr. Jinx]

Just wanted to let you know that geop ip & content matching works very well!

There was a user that registered from the same country as my forum, so it was accepted. Nothing weird.
Few days later, the same user posted relevant looking content in the same language as my forum, but from location India.
The post went automatically to the approval queue for investigation.
It was very sophisticated spam I would normally not have recognized, but this add-on detected it!

 

[Alpha1]

If you keep an eye on the software that Spammers use, then it becomes obvious that a way to detect AI generated content would be very welcome. I recently watched some YouTube videos on the topic and it blew me away how advanced their toolbox is and how much more advanced and ahead of us they are getting. I'm not going to post details here for obvious reasons.
Spammers are able to post thousands of unique elaborate AI generated messages per minute to many online forums, and keep replies coming. AI written posts are quite hard to spot by moderators. They often feel off, but mostly do not look like spam until links are edited in or new replies with spam links are added. I know various online forums are just becoming aware of this. @cdub @thomas1

@Xon have you considered doing something with AI content checks on posts? What are your thoughts on this topic?

Here are some AI content checkers:

AI Content Detector, AI Plagiarism Checker, & AI Humanizer

AI Content Detector, with an impressive 98% accuracy rate, checks between human and AI-generated content from ChatGPT, GPT4, Bard, Claude, and Gemini.

contentatscale.ai

AI content detector

Check what percentage of your content is seen as human-generated with this free AI content detector tool. Paste in text or a URL to find out.

writer.com

AI Content Detector | AI Detector | ChatGPT Detector - Copyleaks

The Copyleaks AI Content Detector helps you know if what you’re reading was written by a person or generated by AI, including ChatGPT.

copyleaks.com

AI Content Detector

The AI Content Detector uses advanced machine learning algorithms to analyze and identify the content of a given text.

crossplag.com

 

[Xon]

@Xon have you considered doing something with AI content checks on posts? What are your thoughts on this topic?

I've actually done some preliminary work to add content scanning on new or edited content (via regex, but could use a service) but never really finalized it.

One of the blockers is the approval queue just isn't suitable for this thing, and the report system is actually more useful but needs additional UI work to add quick actions for reported content.

I've been fairly busy this last year with other projects so haven't been able to work through the backlog of features I wanted to add to my public add-ons.

 

[ActorMike]

Just a heads up to everyone and @Xon. Facebook recently was sending me messages telling me they needed the login for my Forums. They were very vauge. Finally the clown tells me that he's trying to test the facebook login and it's telling him
"We have received your email and we apologize for any inconvenience caused to you, while reviewing we were not able to login into the website using FB as it is leading error (Your account has been rejected for the following reason: VPN or IP Anonymizer such as Windscripe/Apple iCloud private relay are not permitted during registration. Log out of your account and then log back in. )we just need to test credentials to login We don't need any admin access or we just need to check the fb sign up functionality from our end. So request you to send fb credentials and let us know so that we will review the app accordingly."

and sent this screenshot below. Obviously, they got blocked because they are in Singapore, and are using an IP address that a typical user would not be using https://whatismyipaddress.com/ip/165.225.113.43

Anyway, I approved the account so they can test the facebook login.

 

[JasonBrody]

Hey guys,
on my forum we only allows Gmail registration, but these days many registrations coming from https://www.emailnator.com/ which uses extension of xx.xx.55.xx@gmail.com kind of spam emails.

How can I stop/disallow registrations using such email ?

@Xon , any idea ?

Thank you.

 

[Xon]

You can ban emails based on pattern which may help (ie *.*.55.*@gmail.com)

 

[ActorMike]

@Xon is there a way to whitelist an IP address? Facebook support is getting flagged by https://getipintel.net/ even on the lowest setting, and cannot test our application as a result.

 

[Xon]

The getipintel feature doesn't have a white list. Instead of rejecting to can set to moderated, then approve the account once they signup then tell them to continue the signup workflow.

 

[dethfire]

At some point it might be good to have a GPT detector when there is an API available.

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.13.4 - Feature update

• Require php 7.2+
• Fix score-based option did not correctly show the hint/explain text in admincp
• Move "Non-allowed email action" option into "Connection Profiling - Passive" group
• Extend "Writing before registering" spam-checks to use add-on's scoring system, with defaults to moderate if the linked content is moderated or rejected (XF default)
• Add "[SignupAbuse] Limit user to replies per day" per-forum user-froup permission
  • Limit a member (not guest!) to X...

Read the rest of this update entry...

 

[RyanC]

Question, is there anyway to reject/ban a user if they use Chinese characters in their first post? We are getting hammered.

 

[Xon]

Question, is there anyway to reject/ban a user if they use Chinese characters in their first post? We are getting hammered.

Have you seen this thread?

Unsophisticated but surprisingly effective new spam attack

Ugh. Thought I had this Chinese university degree spam problem sorted but it's returned and I'm struggling to fight it. The pattern is: New user registers Posts a bunch of posts that have a two character title and a two character body Edits those posts to into the usual sea of kanji...

xenforo.com

You can add some spam-phrases and also use the add-on @benFF recently released which makes the spam-checker apply based on number of days since registered;

[FF] Spam Check by Registration Date

Adds a new option to the Spam management section, allowing you to set an amount of days that a user must be registered for until spam checks are stopped (assuming they don't have a bypass set). Works alongside the "Maximum messages to check for...

xenforo.com

 

[ivp]

It would be nice to detect disposable & temporary emails.

Found free API: https://www.mailcheck.ai