Signup abuse detection and blocking [Paid] 1.16.11

[Ozzy47]

I'll need to add support for disabling the multi-account detection for the login code-path to support that add-on. I haven't looked into what would be required to support that add-on but I don't think it would be too much effort

I’d appreciate it when you have time.

 

[Xon]

Xon updated Signup abuse detection and blocking with a new update entry:

1.16.10 - Bugfix update

• Fix "manage anti-spam" admincp option didn't allow saving options when the user didn't have the "manage options" admin permission

Read the rest of this update entry...

 

[SoeHoe]

I got this err when trying to upgrade the threadmarks

XF\Db\DuplicateKeyException: xf_sv_threadmark: MySQL query error [1062]: Duplicate entry '1466' for key 'xf_sv_threadmark.content_type_id' in src/XF/Db/AbstractStatement.php at line 230

 

[Xon]

Please only single post in the Threadmarks thread or create a (single) ticket on my site.

 

[dunowat]

I'll need to add support for disabling the multi-account detection for the login code-path to support that add-on. I haven't looked into what would be required to support that add-on but I don't think it would be too much effort

Coincidentally, I'm running into this very issue. Is there a way to reset the cookie for Anti-Spam? After I login, it notes the user starts getting reported for all the other people I've logged in as. It would be great if I could reset their cookie and give them another chance so to speak. I reset their cookie between A and B user after I've logged in as C. So if they log in again its a new violation. Currently it seems if I've logged in as C. A gets reported when B signs in, if I've signed into that user.

 

[naia]

For how long is post checking active? Does it respect the spam management setting of how many posts to check? @Xon

 

[USY]

Some question regarding the Addon:

1. Why I get two "Email matched" entiresi one with +1 and the other with +0 although it is the same Email

• +1. Email matched: xxxxxxxx1124@gmail.com
• +0. Email matched: xxxxxxxx1124@gmail.com

And why get the entry:
+0. Unknown email domain: gmail.com

although in the addon setting, under Email rules I got the Rule:
+0|*@gmail.com

2. What security disadvantage does it have for me if someone says "Javascript disabled":
+2. Javascript disabled

I don't quite understand this part either:

Approve
Require email confirmation (always notifies)
User email is not confirmed

Will be sent another email to the user to confirm his email and only if he confirms his email, the account will get autmatically approved ?
Could you please explain this area in more detail how the process works here?



Is there technical documentation for the add-on?

 

[ENF]

And why get the entry:
+0. Unknown email domain: gmail.com

although in the addon setting, under Email rules I got the Rule:
+0|*@gmail.com

You have to add the domain to this section ..admin.php?banning/allowed-email-domains
That section you are referring to is just for scoring email domains, that doesn't put them on the 'allowed/known' list.

2. What security disadvantage does it have for me if someone says "Javascript disabled":
+2. Javascript disabled

This is used to identify potential bots and other malicious tools. It's a part of the scoring process, so you can configure it how you see fit.

Will be sent another email to the user to confirm his email and only if he confirms his email, the account will get autmatically approved ?
Could you please explain this area in more detail how the process works here?

Do you have Google auth integration turned on? If you click "Approve" with the "Require email confirmation (always notifies)" box checked, it will send a email confirmation message. If they came through the Google authentication, they won't get a email confirmation message the first time.

1. Why I get two "Email matched" entiresi one with +1 and the other with +0 although it is the same Email

I don't know how you're getting 2 emails in that checking process, I've never seen that happen. So, @Xon would have to answer that one.

 

[Xon]

Some question regarding the Addon:

1. Why I get two "Email matched" entiresi one with +1 and the other with +0 although it is the same Email

• +1. Email matched: xxxxxxxx1124@gmail.com
• +0. Email matched: xxxxxxxx1124@gmail.com

You've got an email rule matching the email address, sadly doesn't really report wildcard matches well.

And why get the entry:
+0. Unknown email domain: gmail.com

Because the add-on doesn't ship with a list of "known" or "approved" email domains. This functionality is designed for sites which have a list of email domains which are known allowed/good. That is it supports grey-listing unknown email addresses.

although in the addon setting, under Email rules I got the Rule:
+0|*@gmail.com

This is where the +0. Email matched: xxxxxxxx1124@gmail.com is coming from.

2. What security disadvantage does it have for me if someone says "Javascript disabled":
+2. Javascript disabled

Having javascript disabled during signup is fairly unusual these days. It used to suggest bot-like behavior.

I don't quite understand this part either:

Will be sent another email to the user to confirm his email and only if he confirms his email, the account will get autmatically approved ?
Could you please explain this area in more detail how the process works here?

M

Thread 'Moderated users bypass email confirmation'

Aug 25, 2024

This isn't a bug in terms of malfunctioning code as it's been specifically programmed to do this, but I'm not sure I agree with the behaviour.

Had a client ask about requiring email confirmation before being added to the approval queue. I tested and found that for most registrations, this happens already.

If a user gets queued for approval for spam though, they bypass this step completely. I'm not sure this is necessarily how people will actually realise this works.

The "Enable email confirmation" option says "If selected, users will need to click on a link in an email before their...

• mattrogowski
• Replies: 2
• Forum: Bug reports

• 

If a user appears in the approval queue, they have not been sent a confirmation email. Setting them to approved bypassed email confirmation, this is a poorly documented design flaw. There is a reason it adds the "user email is not confirmed" sub-text.

 

[MentaL]

Should the reject logs be a working hyperlink?

 

[Xon]

Spam trigger logs don't get enriched like the user registration logs for various reasons (it can't actually be a clickable link since nested <a> tags don't work)

 

[USY]

How to avoid multiple account detection based on IP?.
Since most users are connected via VPN, proxies, or CGNAT, they often have identical IP addresses.

Therefore, I want to avoid these being recognized as multiple accounts based JUST on the IP adresses.

I would like the recognition by combining IP + Cookie + and if possibly by a third additional feature

Is this possible, and if yes, how ?

 

[MentaL]

How to avoid multiple account detection based on IP?.
Since most users are connected via VPN, proxies, or CGNAT, they often have identical IP addresses.

Therefore, I want to avoid these being recognized as multiple accounts based JUST on the IP adresses.

I would like the recognition by combining IP + Cookie + and if possibly by a third additional feature

Is this possible, and if yes, how ?

 

[Xon]

The current version doesn't trigger multiple account detection purely of shared IP usage, it requires the cookie hit (or email link usage hit) and then logs if a shared IP was also detected

 

[USY]

I don't understand the difference between:
Multi-account registration mode - general
and
Multi-account registration mode - specific

Can someone explain this ?

 

[Xon]

If a multi-account is detected, and it is banned or a member of a specific set of groups or has a specific permission then do one action (probably this one should be reject). Otherwise do the other action (probably should be moderate)

 

[USY]

If a multi-account is detected, and it is banned or a member of a specific set of groups or has a speisifc permission then do one action (probably this one should be reject). Otherwise do the other action (probably should be moderate)

How can I prevent new registrations if a user already has an account?
Would my settings in the screenshot good?

 

[Alan_SP]

Yes, your settings would prevent not banned users to create secondary accounts.

 

[findozor]

I'll need to add support for disabling the multi-account detection for the login code-path to support that add-on. I haven't looked into what would be required to support that add-on but I don't think it would be too much effort

i ve also got a lot of these confusing false positive multiaccount detections with all accounts ive ever logged in by lau addon
it would be great to clean up this mess and ignore new detections related to this action

 

[dunowat]

i ve also got a lot of these confusing false positive multiaccount detections with all accounts ive ever logged in by lau addon
it would be great to clean up this mess and ignore new detections related to this action

One more vote for this. The two addons are so helpful but have a lot of false positives I can’t correct.