Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.20.0

No permission to buy ($45.00)
Overview FAQ Updates (124) Reviews (24) History Discussion
@Xon

it is really helpful to have this

  • Add Apple Relay detection for registration spam detection (default enable, with a score of 3)
since 1.19.0 since most of my "false positives" on signup are related to that. However, I am not sure if it works in a helpful manner:

Users that come over Apple private relay on my forums typically come either via the Cloudflare ASN or via the Akamai ASN. Akamai does have a way higher scoring (4) than Cloudflare (1) - i think both are defaults. Now, instead of overruling the scoring of the ASN in question the value for Apple private relay is added on top of that, making it a especially bad offender and sending users with Apple private relay safely into moderation.

Is this the intention? Wouldn't it be a better solution to override the score for the underlying ASN and to replace it with whatever one sets as score for Apple private relay?
 
Xon updated Signup abuse detection and blocking with a new update entry:

1.20.0 - Feature & bugfix update

  • Fix XF2.3.9+ & XF2.2.18 compatibility
  • Update geoip2/geoip2 to v2.13, improve extendibility of who & which MaxMind database files are fetched.
  • Add additional information about a login when the 2fa email is sent to the user
    • Best effort to extract the browser/operating system from the user agent
    • Add the country the login was seen from (May report "Tor" if CloudFlare is used to indicate access via Tor)
  • Add Mute any ASN score if apple icloud relay is...
Click to expand...

Read the rest of this update entry...
 
When a valid user signs up with disposable email a catch-22 occurs: We cannot approve the user, because the email is not valid. We cannot reject the user, because the user is valid. New registrations are stuck in the approval queue.
Please fix this by adding a feature to ban email domain, without rejecting the user. Force the user to enter a valid email address.
 
  • Like
Reactions: Xon
This honestly is something I'ld probably put into my multiple account emails add-on as it supports having an email state decoupled from the account state. Including having an email address explicitly marked as "invalid"

It is sadly a bit tricky on getting the relationship between account status and email status right which is why I haven't implemented this sort of thing yet over the initial hurdles of bolting on multiple email support
 
I see your point, but it seems allowing members to have multiple email accounts will make it overly complex. We dont want members to have multiple email addresses. We still need the new member to confirm their email address.
 
You must log in or register to reply here.
Back
Top Bottom