Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.16.11

No permission to buy ($45.00)
Overview FAQ Updates (116) Reviews (23) History Discussion
I installed the update and I'm getting a lot of these in the approval queue now, where I never saw them before:

Code: 
Content country XX does not match registration country US

Edit: Oops, I see an update that fixes this.
 
@Xon Does this Server error log from this addon?

Code: 
InvalidArgumentException: Cannot convert IP 'bb??' to binary src/XF/Repository/IpRepository.php:245

Generated by: Unknown account Jul 18, 2024 at 9:51 PM

Stack trace

#0 src/addons/Siropu/ReferralContests/XF/Entity/User.php(108): XF\Repository\IpRepository->getUsersByIp('bb??')
#1 src/addons/NF/Discord/XF/Entity/User.php(140): Siropu\ReferralContests\XF\Entity\User->_postSave()
#2 src/XF/Mvc/Entity/Entity.php(1324): NF\Discord\XF\Entity\User->_postSave()
#3 src/XF/Service/User/RegistrationService.php(320): XF\Mvc\Entity\Entity->save()
#4 src/XF/Service/ValidateAndSavableTrait.php(42): XF\Service\User\RegistrationService->_save()
#5 src/XF/Pub/Controller/RegisterController.php(334): XF\Service\User\RegistrationService->save()
#6 src/addons/SV/SignupAbuseBlocking/XF/Pub/Controller/Register.php(110): XF\Pub\Controller\RegisterController->actionConnectedAccountRegister(Object(XF\Mvc\ParameterBag))
#7 src/XF/Mvc/Dispatcher.php(362): SV\SignupAbuseBlocking\XF\Pub\Controller\Register->actionConnectedAccountRegister(Object(XF\Mvc\ParameterBag))
#8 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Register', 'ConnectedAccoun...', Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Register), Object(XF\Mvc\Reply\Reroute))
#9 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Register), Object(XF\Mvc\Reply\Reroute))
#10 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#11 src/XF/App.php(2777): XF\Mvc\Dispatcher->run()
#12 src/XF.php(798): XF\App->run()
#13 index.php(23): XF::runApp('XF\\Pub\\App')
#14 {main}

Request state

array(4) {
  ["url"] => string(50) "/login/register/connected-accounts/google/register"
  ["referrer"] => string(64) "/register/connected-accounts/google/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(15) {
    ["_xfToken"] => string(8) "********"
    ["username"] => string(7) "rasel34"
    ["dob_month"] => string(1) "1"
    ["dob_day"] => string(2) "22"
    ["dob_year"] => string(4) "1997"
    ["location"] => string(10) "Bangladesh"
    ["custom_fields"] => array(2) {
      ["gender"] => string(4) "male"
      ["siropu_referrer"] => string(9) "raselkupa"
    }
    ["email_choice"] => string(1) "1"
    ["accept"] => string(1) "1"
    ["_xfRedirect"] => string(98) "/smeye.88835/page-10"
    ["timezone"] => string(13) "Europe/Moscow"
    ["timetaken"] => string(7) "110.372"
    ["_xfRequestUri"] => string(42) "/login/register/connected-accounts/google/"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}
 
@Xon Hate to pile on, I know you're crazy busy. I've been testing this latest version before updating our production sites (XF 2.2), and I can't seem figure how why VPN registrations are being rejected.

Here's the entry from the Spam trigger log, where it appears the rejection is due to Registration form completed.

Action: Rejected Checking: SVAbuseTest, test9@testdomain.com, 84.17.45.159, Moderating, Multiple account - Cookie - Username: Member 582, UserId: 582, +3. ASN matched: ASN 60068, CDN77 _, GB, Country detected: US, Hostname detected: unn-84-17-45-159.cdn77.com, Registration form completed: 52 sec, reject. IP threat score: 1, accept. Unknown email domain: <a href="{search}" target="_blank">testdomain.com</a>, Browser language: en, Browser language: en-US, Browser timezone: America/Los_Angeles, Total score: 3, Rejected. Direct rule selection
Generated by: Unknown account 2 minutes ago Content: user_rejected

Both Registration timer and Reject registration score threshold options are (temporarily) set to 0. I've tried this at least 10 times and can't seem to get a registration to go through. I am able to successfully register if I disable the VPN.
 
Joe Link said:
IP threat score: 1
Click to expand...
I think this is your culprit. CDN77/ASN60068 has a notoriously bad reputation for trash.

Go take a look at your settings under "Get IP Intel DBL" -- it's probably enabled and then adjust the confidence settings below that.
You'd need to adjust this criteria to accept more networks with low reputation/higher risks.

1721351080554.webp
 
Nirjonadda said:
@Xon Does this Server error log from this addon?

Code: 
InvalidArgumentException: Cannot convert IP 'bb??' to binary src/XF/Repository/IpRepository.php:245

Generated by: Unknown account Jul 18, 2024 at 9:51 PM

Stack trace

#0 src/addons/Siropu/ReferralContests/XF/Entity/User.php(108): XF\Repository\IpRepository->getUsersByIp('bb??')
#1 src/addons/NF/Discord/XF/Entity/User.php(140): Siropu\ReferralContests\XF\Entity\User->_postSave()
#2 src/XF/Mvc/Entity/Entity.php(1324): NF\Discord\XF\Entity\User->_postSave()
#3 src/XF/Service/User/RegistrationService.php(320): XF\Mvc\Entity\Entity->save()
#4 src/XF/Service/ValidateAndSavableTrait.php(42): XF\Service\User\RegistrationService->_save()
#5 src/XF/Pub/Controller/RegisterController.php(334): XF\Service\User\RegistrationService->save()
#6 src/addons/SV/SignupAbuseBlocking/XF/Pub/Controller/Register.php(110): XF\Pub\Controller\RegisterController->actionConnectedAccountRegister(Object(XF\Mvc\ParameterBag))
#7 src/XF/Mvc/Dispatcher.php(362): SV\SignupAbuseBlocking\XF\Pub\Controller\Register->actionConnectedAccountRegister(Object(XF\Mvc\ParameterBag))
#8 src/XF/Mvc/Dispatcher.php(264): XF\Mvc\Dispatcher->dispatchClass('XF:Register', 'ConnectedAccoun...', Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Register), Object(XF\Mvc\Reply\Reroute))
#9 src/XF/Mvc/Dispatcher.php(121): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\SignupAbuseBlocking\XF\Pub\Controller\Register), Object(XF\Mvc\Reply\Reroute))
#10 src/XF/Mvc/Dispatcher.php(63): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#11 src/XF/App.php(2777): XF\Mvc\Dispatcher->run()
#12 src/XF.php(798): XF\App->run()
#13 index.php(23): XF::runApp('XF\\Pub\\App')
#14 {main}

Request state

array(4) {
  ["url"] => string(50) "/login/register/connected-accounts/google/register"
  ["referrer"] => string(64) "/register/connected-accounts/google/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(15) {
    ["_xfToken"] => string(8) "********"
    ["username"] => string(7) "rasel34"
    ["dob_month"] => string(1) "1"
    ["dob_day"] => string(2) "22"
    ["dob_year"] => string(4) "1997"
    ["location"] => string(10) "Bangladesh"
    ["custom_fields"] => array(2) {
      ["gender"] => string(4) "male"
      ["siropu_referrer"] => string(9) "raselkupa"
    }
    ["email_choice"] => string(1) "1"
    ["accept"] => string(1) "1"
    ["_xfRedirect"] => string(98) "/smeye.88835/page-10"
    ["timezone"] => string(13) "Europe/Moscow"
    ["timetaken"] => string(7) "110.372"
    ["_xfRequestUri"] => string(42) "/login/register/connected-accounts/google/"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}
Click to expand...
It is the Siropu/ReferralContests add-on.

Joe Link said:
@Xon Hate to pile on, I know you're crazy busy. I've been testing this latest version before updating our production sites (XF 2.2), and I can't seem figure how why VPN registrations are being rejected.

Here's the entry from the Spam trigger log, where it appears the rejection is due to Registration form completed.

Action: Rejected Checking: SVAbuseTest, test9@testdomain.com, 84.17.45.159, Moderating, Multiple account - Cookie - Username: Member 582, UserId: 582, +3. ASN matched: ASN 60068, CDN77 _, GB, Country detected: US, Hostname detected: unn-84-17-45-159.cdn77.com, Registration form completed: 52 sec, reject. IP threat score: 1, accept. Unknown email domain: <a href="{search}" target="_blank">testdomain.com</a>, Browser language: en, Browser language: en-US, Browser timezone: America/Los_Angeles, Total score: 3, Rejected. Direct rule selection
Generated by: Unknown account 2 minutes ago Content: user_rejected

Both Registration timer and Reject registration score threshold options are (temporarily) set to 0. I've tried this at least 10 times and can't seem to get a registration to go through. I am able to successfully register if I disable the VPN.
Click to expand...
@ENF's statement about the "Get IP Intel DBL" option.
 
ENF said:
I think this is your culprit. CDN77/ASN60068 has a notoriously bad reputation for trash.

Go take a look at your settings under "Get IP Intel DBL" -- it's probably enabled and then adjust the confidence settings below that.
You'd need to adjust this criteria to accept more networks with low reputation/higher risks.

View attachment 306484
Click to expand...

Xon said:
@ENF's statement about the "Get IP Intel DBL" option.
Click to expand...

Awesome, thanks!

Is there a reason this says IP threat score: 1, accept when it was the reason for rejection?
 
The accept is for the next item. not the IP threat score bit. When viewing from the approval queue and the the "new registration log" is actually formats this properly
 
I really need to add a test section to test resolving the ASN or GeoIP for an IP.

Even with v1.16.4, some users may be seeing posts sent to the approval queue with Content country XX does not match registration country <COUNTRY>.

The option GeoIp content spam check action defaulted to moderate, and without geoip this is causing unexpected moderation issue.

This is because there isn't a geoip provider isn't setup at content submission time, and thus the add-on option GeoIp content spam check action defaulted to moderate is bad config.

Registration doesn't have this issue as when it resolves the ASN it also gets the geoip.

There are two quick fixes if this is happening:
  1. Set the GeoIp content spam check action option to allowed.
  2. Signup for a free maxmind geoip account, and fill in the MaxMind GeoIP License Key option.
 
Xon updated Signup abuse detection and blocking with a new update entry:

1.16.5 - Bugfix & Maintenance update

  • Fix "GeoIp content spam check action" option would throw all posts into the approval queue if resolving the geoip failed
  • Fix "GeoIp content spam check action" unexpectedly send posts to the approval queue if no geoip providers had been configured but Team Cymru's API for ASN lookups which gets an approximate country lookup
  • Add "test resolving geoip" and "test resolving asn" pages for troubleshooting IP lookup issues
Click to expand...

Read the rest of this update entry...
 
Xon said:
It only does anything if you've got the maxmind database files or license key set
Click to expand...
the Maxmind key was not set tho. Easy fix, but one to check. Had a couple registrations with unresolved country data.
  • Moderated. Country matched: XX
  • Registration form completed: 101 sec
  • Moderated. IP threat score: 1
  • 0. Unknown browser language: en-GB,en;q=0.9,en-US;q=0.8 in {country}
  • 0. Unknown browser timezone: Africa/Johannesburg in {country}
  • Total score: 0
 
Use the new GeoIP testing from to determine if GeoIP resolving is setup properly. This well tell you if there is any configuration issues which may be at fault.
 
You must log in or register to reply here.
Back
Top Bottom