Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.16.11

No permission to buy ($45.00)
Overview FAQ Updates (116) Reviews (23) History Discussion
Andy.N said:
This latest update 1.16.2 has this option selected by default, causing errors in ACP for people without a license
Use MaxMind GeoLite2 - ASN
Requires a license key to be added to the "MaxMind GeoIP License Key" option
Click to expand...
Yeah, I also saw it. Maybe disabling it by default.

I also received this after an upgrade with XF 2.3:


Code: 
ErrorException: [SignupAbuseBlocking] 'Multi-account report user' has an invalid userId 0 src/XF/Error.php:82
Generated by: Admin 12/7/24 at 12:40

Stack trace
#0 src/XF.php(257): XF\Error->logError('[SignupAbuseBlo...', true)
#1 src/addons/SV/SignupAbuseBlocking/Setup.php(867): XF::logError('[SignupAbuseBlo...', true)
#2 src/addons/SV/SignupAbuseBlocking/Setup.php(787): SV\SignupAbuseBlocking\Setup->setupSockCheckReportingUser()
#3 src/XF/AddOn/AddOn.php(626): SV\SignupAbuseBlocking\Setup->postUpgrade(1709607575, Array)
#4 src/XF/Job/AddOnInstallBatch.php(385): XF\AddOn\AddOn->postUpgrade(Array)
#5 src/XF/Job/AddOnInstallBatch.php(103): XF\Job\AddOnInstallBatch->stepFinalize(Object(XF\Timer))
#6 src/XF/Job/Manager.php(275): XF\Job\AddOnInstallBatch->run(8)
#7 src/XF/Job/Manager.php(205): XF\Job\Manager->runJobInternal(Array, 8)
#8 src/XF/Job/Manager.php(121): XF\Job\Manager->runJobEntry(Array, 8)
#9 src/XF/Admin/Controller/ToolsController.php(146): XF\Job\Manager->runByIds(Array, 8)
#10 src/XF/Mvc/Dispatcher.php(362): XF\Admin\Controller\ToolsController->actionRunJob(Object(XF\Mvc\ParameterBag))
#11 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Tools', 'RunJob', Object(XF\Mvc\RouteMatch), Object(Truonglv\ImageOptimizer\XF\Admin\Controller\Tools), NULL)
#12 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(Truonglv\ImageOptimizer\XF\Admin\Controller\Tools), NULL)
#13 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#14 src/XF/App.php(2777): XF\Mvc\Dispatcher->run()
#15 src/XF.php(798): XF\App->run()
#16 admin.php(15): XF::runApp('XF\\Admin\\App')
#17 {main}

Request state
array(4) {
  ["url"] => string(24) "/admin.php?tools/run-job"
  ["referrer"] => string(46) "https://domain.com/admin.php?tools/run-job"
  ["_GET"] => array(1) {
    ["tools/run-job"] => string(0) ""
  }
  ["_POST"] => array(3) {
    ["_xfRedirect"] => string(83) "https://domain.com/admin.php?add-ons/install-from-archive-complete&batch_id=258"
    ["_xfToken"] => string(8) "********"
    ["only_ids"] => string(7) "1380763"
  }
}
Delete
The reporter userid is me with userid=1. ACP has the username and it hasn't been changed for years....
 
Moshe1010 said:
Yeah, I also saw it. Maybe disabling it by default.
Click to expand...
I thought it was disabled by default, I'll check that.

Moshe1010 said:
The reporter userid is me with userid=1. ACP has the username and it hasn't been changed for years....
Click to expand...
Please check the option svSockSignupCheckReportingUser. The setup code fetches this value and looks up the xf_user by user_id, and reports if loading the user record fails.

It looks like the actual user core falls back to userId = 1 even if the value for svSockSignupCheckReportingUser is invalid while the setup code logs an error.

Andy.N said:
I had multiple errors like this in the log after last update.
I have to disable it for now.
Click to expand...
z3r010 said:
I've been getting that all day today after updating to the latest release.
Click to expand...
This can happen if the geolocation service isn't working as expected. If you are using cloudflare, I'ld recommend turning on the geolocation header. This is the most reliable, and free service.

You can also disable the check ("GeoIp content spam check action") which checks for content's geoip matches the registration geoip.
 
Xon said:
This can happen if the geolocation service isn't working as expected. If you are using cloudflare, I'ld recommend turning on the geolocation header. This is the most reliable, and free service.
Click to expand...
Cloudflare geolocation is on; that is what I've always used.
 
z3r010 said:
Cloudflare geolocation is on; that is what I've always used.
Click to expand...
Do you prevent non-cloudflare access to your site?

It is also possible clouldflare isn't able to give correct geoip information for the connection. Such as when they are using cloudflare's own VPN service or other known VPN endpoints.
 
Xon said:
Do you prevent non-cloudflare access to your site?

It is also possible clouldflare isn't able to give correct geoip information for the connection. Such as when they are using cloudflare's own VPN service or other known VPN endpoints.
Click to expand...
No, and I checked the IPs of the content that was moderated as an XX country, and they were from regular random ISPs.
 
The cloudflare geoip code hasn't meaningfully changed for years.

What might have changed is the cloudflare IP ranges that XenForo has embedded are out of date, so the add-on isn't trusting cloudflare connections.

What version of XenForo are you using?
 
I'm using 2.2.16 P2, I've checked that I'm getting the Cloudflare geo headers fine, I use them in a condition on my registration page to turn it off for certain countries and that is working as expected.

It was all working fine until I updated to the latest version yesterday morning, I couldn't say what the previous version I was using was, but it was a few versions back.
 
I went through them last night, the maxmind stuff that was new to this version for me was now checked along with Cloudflare, I unchecked it and posts still got moderated with Content country XX does not match registration country.

I've just switched my GeoIP provider from Cloudflare to IP-API (which I have a key for) and I'll see if that makes any difference when the next post is made that meets the checking criteria.
 
051119 said:
Thank you, that makes perfect sense. ls there a way to find out which way round it was? For example if it says "UserA has 1 multiple accounts" would this mean that UserA clicked whilst logged in to an account called UserB, or is it the other way round?
Click to expand...
I've confirmed it is the logged in UserA clicking on UserB's private email link.

Andy.N said:
This latest update 1.16.2 has this option selected by default, causing errors in ACP for people without a license
Use MaxMind GeoLite2 - ASN
Requires a license key to be added to the "MaxMind GeoIP License Key" option
Click to expand...
Fixed for the next version, should be released today/tomorrow.

Moshe1010 said:
The reporter userid is me with userid=1. ACP has the username and it hasn't been changed for years....
Click to expand...
Next version will improve the error reporting to be clear about that is wrong with this option.
 
z3r010 said:
I went through them last night, the maxmind stuff that was new to this version for me was now checked along with Cloudflare, I unchecked it and posts still got moderated with Content country XX does not match registration country.
Click to expand...

dethfire said:
I'm getting "Content country XX does not match registration country US" for every new post
Click to expand...
Can you open a ticket on my site?

I'll need the content IP and registration IP at a minimum, to investigate this.

Additionally I'm going to need some database records dumped and SQL queries exported so I can debug this further.
 
ErrorException: [SignupAbuseBlocking] 'Multi-account report user' userId:0 does not exist src/XF/Error.php:77

Code: 
Stack trace
#0 src/XF.php(219): XF\Error->logError('[SignupAbuseBlo...', true)
#1 src/addons/SV/SignupAbuseBlocking/Setup.php(872): XF::logError('[SignupAbuseBlo...', true)
#2 src/addons/SV/SignupAbuseBlocking/Setup.php(787): SV\SignupAbuseBlocking\Setup->setupSockCheckReportingUser()
#3 src/XF/AddOn/AddOn.php(595): SV\SignupAbuseBlocking\Setup->postUpgrade(1709607575, Array)
#4 src/XF/Job/AddOnInstallBatch.php(380): XF\AddOn\AddOn->postUpgrade(Array)
#5 src/XF/Job/AddOnInstallBatch.php(99): XF\Job\AddOnInstallBatch->stepFinalize(Object(XF\Timer))
#6 src/XF/Job/Manager.php(260): XF\Job\AddOnInstallBatch->run(8)
#7 src/XF/Job/Manager.php(202): XF\Job\Manager->runJobInternal(Array, 8)
#8 src/XF/Job/Manager.php(118): XF\Job\Manager->runJobEntry(Array, 8)
#9 src/XF/Admin/Controller/Tools.php(122): XF\Job\Manager->runByIds(Array, 8)
#10 src/XF/Mvc/Dispatcher.php(352): XF\Admin\Controller\Tools->actionRunJob(Object(XF\Mvc\ParameterBag))
#11 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XF:Tools', 'RunJob', Object(XF\Mvc\RouteMatch), Object(Truonglv\ImageOptimizer\XF\Admin\Controller\Tools), NULL)
#12 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(Truonglv\ImageOptimizer\XF\Admin\Controller\Tools), NULL)
#13 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#14 src/XF/App.php(2485): XF\Mvc\Dispatcher->run()
#15 src/XF.php(524): XF\App->run()
#16 admin.php(13): XF::runApp('XF\\Admin\\App')
#17 {main}

Code: 
array(4) {
  ["url"] => string(30) "/mopar/admin.php?tools/run-job"
  ["referrer"] => string(60) "https://www.forabodiesonly.com/mopar/admin.php?tools/run-job"
  ["_GET"] => array(1) {
    ["tools/run-job"] => string(0) ""
  }
  ["_POST"] => array(3) {
    ["_xfRedirect"] => string(97) "https://www.forabodiesonly.com/mopar/admin.php?add-ons/install-from-archive-complete&batch_id=237"
    ["_xfToken"] => string(8) "********"
    ["only_ids"] => string(7) "1249057"
  }
}
 
You must log in or register to reply here.
Back
Top Bottom