Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.16.11

No permission to buy ($45.00)
Overview FAQ Updates (116) Reviews (23) History Discussion
Andy.N said:
Private.
Click to expand...

my bad

Andy.N said:
Here is my setting. I feel it's getting harder to understand the numerous options available here.
View attachment 311980
View attachment 311981
Click to expand...

Confused What Is This GIF


too smoool
 
Xon said:
Yeah :(
Click to expand...
I don’t think it’s complicated. It's extremely nice to have this granular level of control - yes, there is a learning curve, but it’s really for the better to deepen a technical understanding. I’d say at most, maybe some documentation or common issues could be documented to help educate operators on what to look for.
 
I’ve had a lot of accounts rejected under “Direct Rule Selection,” but it isn’t clear why.

Could anyone help with the below two for instance. I’ve only removed Username, IP address + emails from the logs pasted here.

  • Action: Rejected
  • Checking: USERNAME, USERNAME@hotmail.co.uk, IPADDRESS, reject. AS matched: ASN5607, BSKYB-BROADBAND-AS, GB, Country detected: GB, Hostname detected: 4e5621e5.skybroadband.com, Registration form completed: 42 sec, accept. Unknown email domain: <a href="{search}" target="_blank">hotmail.co.uk</a>, Browser language: en, Browser timezone: Europe/London, Total score: 0, Rejected. Direct rule selection
Click to expand...
  • Action: Rejected
  • Checking: USERNAME, USERNAME@gmail.com, IPADDRESS, reject. AS matched: ASN5607, BSKYB-BROADBAND-AS, GB, Country detected: GB, Hostname detected: IPADDRESS, Registration form completed: 44 sec, 0. Known email domain matched: <a href="{search}" target="_blank">gmail.com</a>, Browser language: en, Browser language: en-US, Browser timezone: Europe/London, Total score: 0, Rejected. Direct rule selection
Click to expand...
 
051119 said:
I’ve had a lot of accounts rejected under “Direct Rule Selection,” but it isn’t clear why.

Could anyone help with the below two for instance. I’ve only removed Username, IP address + emails from the logs pasted here.
Click to expand...
Go check your blocked network list to see if ASN 5607 in that list for rejection.
Rejected. ASN matched

../admin.php?options/groups/svSignupAbuseBlocking/

1732084527958.webp
 
Thank you, it was, I’d actually just worked that out and came back to edit my post but seems as if you’d got there first :-)

It was at the bottom, so I’m guessing someone added it manually, rather than it being blocked as part of the default settings.

I’m wondering if there’s a way to find out who did it…
 
051119 said:
Thank you, it was, I’d actually just worked that out and came back to edit my post but seems as if you’d got there first :-)

It was at the bottom, so I’m guessing someone added it manually, rather than it being blocked as part of the default settings.

I’m wondering if there’s a way to find out who did it…
Click to expand...

Admin Logs, but it's not clear. I just tested it, it's just logged as: options/update
If you click on that, it will tell you what options was adjusted. So I see all the Signup Abuse detection settings in there, and the ASN I've added at the bottom of the list. So you can go through your logs and try to narrow down when it was added. It's just not the cleanest or easiest logs to go through.
 
051119 said:
It was at the bottom, so I’m guessing someone added it manually, rather than it being blocked as part of the default settings.
Click to expand...
We have accidents happen from time to time where someone checks the box (Ban ASN) in this screen (but didn't mean to):
We don't allow anyone to access to the ACP area for this, so it has to come from this box when handling content/users.

1732086413363.webp
 
051119 said:
Seems that if someone clicks the Ban ASN option then it appears only in the Mod logs not the Admin logs.
Click to expand...
Yes, because that's from the Moderator POV and not the ACP. It just requires attention to detail when handing this part of the work.
We've also had cases of people accidentally wiping out email domains, so we added a lot of common domains to the 'known' domains so that the email domain ban box doesn't appear most of the time. :ROFLMAO:
 
  • Like
Reactions: Xon
Does anyone know why I don't get a notification in my messages when multiple accounts are detected? I have the latest version.
 
Xon said:
I'm not actually 100% sure, I'll need to check!
Click to expand...
Sorry to be a pain, but is it possible to find out which way round it is? I'm dealing with someone with 'Shared Email link' issue.

In AdminCP for both accounts, and in the report it says
"On Login, UsernameA has the following potential multiple account(s):
  • UsernameB
    • Triggered detection methods:
    • Shared email link"
Would be good to find out if a link for UsernameA was clicked on on a computer logged in as UsernameB, or the other way round.

Thanks
 
You must log in or register to reply here.
Back
Top Bottom