Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.19.0

No permission to buy ($45.00)
Overview FAQ Updates (123) Reviews (24) History Discussion
BobbyUgh said:
Any recommendations on what I should change/adjust?
Click to expand...
How about "change the default settings"? As the add on description states in red:

This is not a turn-key solution, and each site may require customization!
Click to expand...
Useful settings have to evolve over time and they are individual per forum, highly dependent from in which countries your audience lives, what providers they user and which e-mail domains they use. So what you have to change is individual and can be learned from the status messages of the add on. This add on clearly requires a small amount of basic knowledge about networks to be usefull and a period of learning.
 
BobbyUgh said:
I have default settings and I'm getting a lot of false positeves on users not being able to register, I have default settings. Any recommendations on what I should change/adjust?
Click to expand...
You need to check the signup logs and see if there are 'reject' rules which are unexpectedly triggering and then soften those to 'moderate' or to disable them.

But without examples it is very hard to recommend changes
 
I'm regularly seeing rejects from Apple users are using iCloud Private Relay. ASN 13335, CLOUDFLARENET (iCloud+ subscription, that encrypts Safari browsing)
As IPs from this block are blacklisted by SFS, such registrations are automatically rejected. Normally SFS IP hits are a good reason to reject registration. But this is the exception.

Is there a way to whitelist this so these get moderated instead of rejected?
Many of these valid users get rejected, then try to register a new account which is then also rejected because of multiple accounts.
 
Last edited:
Alpha1 said:
(iCloud+ subscription, that encrypts Safari browsing)
Click to expand...
That's not really encrypted browsing other than HTTPS. It just relays traffic through one of their exit nodes based on geographic location.

I don't know why you are having issues with SFS, we don't see this at all. It's possible that it doesn't flag high enough (for us) but we also have those ASN's set to moderate since we still have a manual validation procedure.
 
I prefer to immediately ban or reject accounts with SFS IP hit. No moderation, because you will end up with an approval queue filled with spammers.
But this is one of the few exceptions.
To avoid valid users getting rejected, I did lower the weight from 9 to 5 for now.
5 is the moderation threshold, while 10 is rejection threshold for my site.

This is a good example why the CleanTalk database is so much better. Instead of hit or no hit, it measures the spam rate for IP and ASN.
 
Xon updated Signup abuse detection and blocking with a new update entry:

1.19.0 - Feature & Bugfix update

  • Fix link for toggling multi-account logging on/off would generate a bad link if the user had been deleted in a report
  • Fix "Users => Anti-spam" admincp group didn't show for non-superadmins
  • Fix case where anti-spam admin permission was assigned but not working for non-superadmins
  • Add Apple Relay detection for registration spam detection (default enable, with a score of 3)
Click to expand...

Read the rest of this update entry...
 
Its getting quite common that spam bots post only a quote, only to later edit in spam. It would be good if such posts cannot be submitted.

rickhz

Thread 'New "bot" to deal with?'

I have had a couple members join up and begin to answer threads using the exact text from earlier posts in the same thread. The answers are correct, but they are pointless in that it is just a copy and paste of existing solutions.

Has anyone else seen this? What could be their motivation? A couple moderators think it's AI training. (n)
  • Wow
 
If they don't have enough posts then edits pick the post/thread to the approval queue, but this is currently a limitation for how XF does spam checks.

I'ld need to think about how to address this sort of thing
 
I'm seeing the following situation multiple times a day:
  1. A member signs up using a VPN. The IP is clean and ASN has low spam rate according to Cleantalk.
  2. The registration is rejected because of VPN use. it would be useful if this can be avoided when there is low spam rate.
  3. The user registers a second account and a multiple account report is opened.
  4. Staff reviews the report, but the report is lacking useful information like: Rejection reason, Spam rates for ASN/IP, Date of birth.
    Upon inspection of the accounts, its found this is a valid user.
  5. Users need to be merged, but there is no Merge accounts functionality on the report. So the users are merged from the account.
  6. Rejected state is set to awaiting email confirmation.
  7. Go back to account page to Resend Account Confirmation Email.
  8. We hope the user understands what has happened and actually returns to the website and logs in to the correct account.
  9. Resolve report.
It would be nice if the above situation can be prevented or handled in a more gracious way. The process is too complex for some staff to follow.

To illustrate, here is an example of an ASN used for VPN that has low spam rate:

Members using such ASN should not be rejected or moderated. While users with ASN with high spam rate should be rejected or moderated.
 
Last edited:
Alpha1 said:
I'm seeing the following situation multiple times a day:
  1. A member signs up using a VPN. The IP is clean and ASN has low spam rate according to Cleantalk.
  2. The registration is rejected because of VPN use. it would be useful if this can be avoided when there is low spam rate
Click to expand...
getipintel enabled
service flag "m"
low confidence: .96, score +2
high confidence: 998, moderated

I average 30 registrations daily, and this catches 1-2/day for moderation.
 
The ASN ban feature really should be used for ISPs/networks you don't want signing up at all (ie spam providers)

woody said:
getipintel enabled
service flag "m"
low confidence: .96, score +2
high confidence: 998, moderated
Click to expand...
I think I'll adjust the defaults to have this, as this is probably what most people are after
 
You must log in or register to reply here.
Back
Top Bottom