Signup abuse detection and blocking [Paid] 1.16.11

[Moshe1010]

Not sure if a bug, when I disable all lisenenrs via config.php, it breaks my forum with the following error:

Error: Call to undefined method XF\Entity\User::canViewMultiAccountReport() src/addons/SV/SignupAbuseBlocking/Report/MultipleAccount.php:23
Generated by: User 12/8/24 at 11:47

Stack trace
#0 src/XF/Report/AbstractHandler.php(19): SV\SignupAbuseBlocking\Report\MultipleAccount->canViewContent(Object(XF\Entity\Report))
#1 src/XF/Entity/Report.php(51): XF\Report\AbstractHandler->canView(Object(XF\Entity\Report))
#2 src/XF/Mvc/Entity/AbstractCollection.php(407): XF\Entity\Report->canView()
#3 [internal function]: XF\Mvc\Entity\AbstractCollection->XF\Mvc\Entity\{closure}(Object(XF\Entity\Report))
#4 src/XF/Mvc/Entity/AbstractCollection.php(248): array_filter(Array, Object(Closure))
#5 src/XF/Mvc/Entity/AbstractCollection.php(404): XF\Mvc\Entity\AbstractCollection->filter(Object(Closure))
#6 src/XF/Pub/App.php(350): XF\Mvc\Entity\AbstractCollection->filterViewable()
#7 src/XF/Pub/App.php(243): XF\Pub\App->updateModeratorCaches()
#8 src/XF/App.php(2809): XF\Pub\App->start(true)
#9 src/XF.php(802): XF\App->run()
#10 index.php(23): XF::runApp('XF\\Pub\\App')
#11 {main}

Request state
array(4) {
  ["url"] => string(23) "/logs/3768/visual-stats"
  ["referrer"] => bool(false)
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(0) {
  }
}

 

[Xon]

Yeah that is expected. Disabling listeners doesn't disable template modifications, so template code tends to explode.

I've been largely migrating to adding guard statements to ensure the method I expect exists for the object it is being called from but these don't happen everywhere and there are various gaps where XenForo can still trigger add-on code when you'ld expect it to be disabled when listeners are disabled.

 

[Enes3078]

@Xon can you check this please:

ErrorException: [E_WARNING] Undefined array key 6082 in src/XF/Mvc/Entity/AbstractCollection.php at line 69
XF::handlePhpError() in src/XF/Mvc/Entity/AbstractCollection.php at line 69
XF\Mvc\Entity\AbstractCollection->offsetGet() in src/XF/Repository/Ip.php at line 182
XF\Repository\Ip->getSharedIpUsers() in src/XF/Entity/User.php at line 283
XF\Entity\User->getSharedIpUsers() in src/XF/Pub/Controller/Member.php at line 877
XF\Pub\Controller\Member->actionSharedIps() in src/XF/Mvc/Dispatcher.php at line 352
XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 258
XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 115
XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 57
XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2485
XF\App->run() in src/XF.php at line 524
XF::runApp() in index.php at line 20

#0 src/XF/Mvc/Entity/AbstractCollection.php(69): XF::handlePhpError(2, '[E_WARNING] Und...', '/xxx/xxxx/...', 69)
#1 src/XF/Repository/Ip.php(182): XF\Mvc\Entity\AbstractCollection->offsetGet(6082)
#2 src/XF/Entity/User.php(283): XF\Repository\Ip->getSharedIpUsers(4284, '90')
#3 src/XF/Pub/Controller/Member.php(877): XF\Entity\User->getSharedIpUsers('90')
#4 src/XF/Mvc/Dispatcher.php(352): XF\Pub\Controller\Member->actionSharedIps(Object(XF\Mvc\ParameterBag))
#5 src/XF/Mvc/Dispatcher.php(258): XF\Mvc\Dispatcher->dispatchClass('XF:Member', 'SharedIps', Object(XF\Mvc\RouteMatch), Object(SV\ReportImprovements\XF\Pub\Controller\Member), NULL)
#6 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(SV\ReportImprovements\XF\Pub\Controller\Member), NULL)
#7 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2485): XF\Mvc\Dispatcher->run()
#9 src/XF.php(524): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}

 

[Xon]

That error is unrelated to my add-ons.

There was an XF bug. I know it is fixed in XF2.3.2, but I'm not sure if it is fixed in the latest XF2.2.x.. Are you using XF2.2?

 

[Enes3078]

That error is unrelated to my add-ons.

There was an XF bug. I know it is fixed in XF2.3.2, but I'm not sure if it is fixed in the latest XF2.2.x.. Are you using XF2.2?

Yes, I'm using 2.2 right now. I'm waiting for your report add-ons. Is there any ETA?

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.16.7 - Bugfix update

• Fix typo in template modification title
• Fix options "Country timezone rules" and "Country language rules" would get reset if the add-on rebuild was triggered

Read the rest of this update entry...

 

[Robert9]

Could you please, please, please add something like:

Hello user, it seems that you have registered here before. Your old account name starts with 'ab...' and your old email starts with 'ab...'. If you're having any trouble accessing your old account, please let us know. There's no need to register a new account when you already have one. We will not accept a new registration. If you have a valid reason for needing a second account, please write to us at...

As an option, of course.

 

[Robert9]

I fully understand that an add-on can't take care of every little detail, but I want to share my daily experiences here:

Not least because the host didn't forward emails properly, there were many, many duplicate registrations. But even now, with a new email sender that, according to the log, is doing everything correctly, there are daily registrations from people who already have an account. They don't remember it, have forgotten their login details, or want to avoid a promotion for passive users. For all these people, I would really like to have a function that displays a message on the screen:

"Hello, you already have an account! The name is "ab*", the email address is "ab"; we don't want duplicate accounts here. If you need help or have good reasons for a second account, please get in touch!"

Unlike these people, who usually just want to register another account, there are bots or idiots who keep coming back, especially if you reject them instead of deleting them. The add-on then shows:

"New Lala17, same idiot as Lala12, Lala7, Lala3, Lalalu, Lalalaleone."

If there were a limit of maybe three, you could say that on the fourth attempt at registration, a message would appear like:

"Currently, registrations are only possible with an invitation. To receive such an invitation, please use the contact form."

This way, new registrations would no longer be possible, and if someone is wrongly affected, they can get in touch to clarify the situation.

 

[051119]

“Content country XX does not match registration country XX.”

l see there was a bugfix above that sorted this issue out, but unfortunately I currently don’t have the wherewithal to install this right now. Can anyone please advise what setting l need to switch to disable this feature on a temporary basis? Thanks.

 

[ENF]

“Content country XX does not match registration country XX.”

l see there was a bugfix above that sorted this issue out, but unfortunately I currently don’t have the wherewithal to install this right now. Can anyone please advise what setting l need to switch to disable this feature on a temporary basis? Thanks.

This is for new posts getting moderated because of the mismatch?

If so, you'll probably want to try this option:

Change it to either Allowed or Allowed & Report.
Highly recommend just updating the addon, you'll have to remember you made these changes later on.

 

[051119]

Thanks so much for the prompt reply

 

[Robert9]

I've seen many spam addons, and one of them was able to detect registrations coming from the Tor network. Is this the one you're referring to? It's possible that this feature has stopped working due to Cloudflare. What can I do to monitor these registrations and set them to be moderated?

 

[Robert9]

Port scanning proxy

Bundled with this add-on is a simple php script to run the port-scanner service remotely (port_scanner.php). Host port_scanner.php on a webserver somewhere, allowing only your webserver to access it! and then enter the URL into the relevant add-on option.

What can I do with this?

 

[Xon]

I've seen many spam addons, and one of them was able to detect registrations coming from the Tor network. Is this the one you're referring to? It's possible that this feature has stopped working due to Cloudflare. What can I do to monitor these registrations and set them to be moderated?

This add-on does flag TOR connections, it uses CloudFlare or the TOR end-point API to detect if the connection is from a registered TOR node.

What can I do with this?

You can host port_scanner.php on another machine (ie a disposable VM), and paste the URL to access it and it will query that URL instead of trying a local lookup. I'ld recommend making the webserver only accessible via a VPN or something, and this script should not be publicly accessible.

This allows using the port scan feature without possible revealing the webhost.

 

[Robert9]

This add-on does flag TOR connections, it uses CloudFlare or the TOR end-point API to detect if the connection is from a registered TOR node.

Either I changed something in the options, or something is misconfigured in Cloudflare, or the use of Cloudflare has caused a change. In any case, I haven't seen any alerts for a while now when someone registers through a Tor exit node.

What should I check in the add-on and/or Cloudflare, please?

 

[Robert9]

Peter registers on the forum and posts some nonsense.
I ban the idiot.
Now he comes back every day. And every day I have to deal with him again.
Why, really?

There should be an option that says: If a new registration = banned user, delete, ban, or do something else with the registration!

And optionally: Send an email to this address with the content: Hello, you super guy, we don’t want you. Go away!

 

[lazy llama]

I think that fits with this option (see the text in grey)


Set the option to "Rejected" and any multi-account registrations by banned users will be rejected (as long as the system can tell they're multi-account users - usually by cookie.

 

[Xon]

Either I changed something in the options, or something is misconfigured in Cloudflare, or the use of Cloudflare has caused a change. In any case, I haven't seen any alerts for a while now when someone registers through a Tor exit node.

Check the options for the TOR config that you haven't changed it to accept or moderate and it is set to auto-reject

 

[MentaL]

typos

Maximum number of queries to fetch all multi-account of multi-accounts

The multiple account data is stored in a graph, but when displaying a list it is projected into a linear list.
Due to not requiring MySQL 8+ or Mariadb 10.2.1+, this requires multiple queries
0 to disbale.

Disbale!!

 

[Andy.N]

Anyone can help with the following. It seems like every new registration is put in the moderation queue even if the score is 1. I remember in the past, it has to reach a certain score for it to go to moderation.
Here are the few recent sign ups that in moderation queue.

[*]Action: Moderated
[*]Checking: d-txxxx, xxx@duck.com, 128.135.204.204, ASN 160, U-CHICAGO-AS, US, Country detected: US, Hostname detected: 128.135.204.204, Registration form completed: 51 sec, accept. IP threat score: 0, moderate. Unknown email domain failed: <a href="{search}" target="_blank">duck.com</a>, Browser language: en, Browser language: en-US, 0. Unknown browser language: en-CA in US, Browser timezone: America/Chicago, Total score: 0, Moderated. Direct rule selection

[*]Action: Moderated
[*]Checking: Nixxx, nixxxx@gmail.com, 204.8.158.107, ASN 10961, BGP-AS, US, Country detected: US, Hostname detected: 204.8.158.107, Registration form completed: 37 sec, accept. IP threat score: 0, Spam phrase matched (http*), Spam phrase matched (url), 0. Known email domain matched: <a href="{search}" target="_blank">gmail.com</a>, Browser language: en, Browser language: en-US, 0. Unknown browser language: en-GB in US, Browser timezone: America/New_York, Total score: 0