Signup abuse detection and blocking

Signup abuse detection and blocking [Paid] 1.20.3

No permission to buy ($45.00)
Overview FAQ Updates (127) Reviews (24) History Discussion
@Xon

it is really helpful to have this

  • Add Apple Relay detection for registration spam detection (default enable, with a score of 3)
since 1.19.0 since most of my "false positives" on signup are related to that. However, I am not sure if it works in a helpful manner:

Users that come over Apple private relay on my forums typically come either via the Cloudflare ASN or via the Akamai ASN. Akamai does have a way higher scoring (4) than Cloudflare (1) - i think both are defaults. Now, instead of overruling the scoring of the ASN in question the value for Apple private relay is added on top of that, making it a especially bad offender and sending users with Apple private relay safely into moderation.

Is this the intention? Wouldn't it be a better solution to override the score for the underlying ASN and to replace it with whatever one sets as score for Apple private relay?
 
Xon updated Signup abuse detection and blocking with a new update entry:

1.20.0 - Feature & bugfix update

  • Fix XF2.3.9+ & XF2.2.18 compatibility
  • Update geoip2/geoip2 to v2.13, improve extendibility of who & which MaxMind database files are fetched.
  • Add additional information about a login when the 2fa email is sent to the user
    • Best effort to extract the browser/operating system from the user agent
    • Add the country the login was seen from (May report "Tor" if CloudFlare is used to indicate access via Tor)
  • Add Mute any ASN score if apple icloud relay is...
Click to expand...

Read the rest of this update entry...
 
When a valid user signs up with disposable email a catch-22 occurs: We cannot approve the user, because the email is not valid. We cannot reject the user, because the user is valid. New registrations are stuck in the approval queue.
Please fix this by adding a feature to ban email domain, without rejecting the user. Force the user to enter a valid email address.
 
  • Like
Reactions: Xon
This honestly is something I'ld probably put into my multiple account emails add-on as it supports having an email state decoupled from the account state. Including having an email address explicitly marked as "invalid"

It is sadly a bit tricky on getting the relationship between account status and email status right which is why I haven't implemented this sort of thing yet over the initial hurdles of bolting on multiple email support
 
I see your point, but it seems allowing members to have multiple email accounts will make it overly complex. We dont want members to have multiple email addresses. We still need the new member to confirm their email address.
 
@Xon The new iCloud-setting has already proven tobe very useful, so thanks for that!

One thing that I am wondering about: There seems to ba scoring when someone takes too long to fill out the registration for and this reults in high scorin most of the time. However: I could not find a setting for this - only one for the case that someone is too fast:

Bildschirm­foto 2026-02-10 um 09.19.00.webp

But do get these in the logs, even with decently fast registrations sometimes and strangely enough not consistent regarding the scoring and actions:

Registration form completed: 144 sec, 4
Registration form completed: 128 sec, 4.
Registration form completed: 31 sec, 4.
Registration form completed: 61 sec, accept.
Registration form completed: 54 sec, 6.
Registration form completed: 42 sec, 4.
Registration form completed: 108 sec, moderate.


So possibly there is a setting that influences it - but which setting is it?
 
Xon said:
There is a score if the application is completed too fast, but there isn't scoring for slow completion.
Click to expand...
My bad - seems to have been a misunderstanding on my side due to the "," ":" and "." in the log entries plus the occasional line break. When looking at the entry in the modqueue this seems indeed to be the Get IP Intel score that you fixed for iCloud Relay with the lastest 1.20.1 update. This is from yesterday, so 1.20.0, before the the latest version. I did falsely relate the +4 to the registration time, due to the 1 for IP thread score - misunderstanding of the entries on my side.

Bildschirm­foto 2026-02-10 um 12.26.13.webp

The log entry is a bit misleading:

Action: Moderated
Checking: xxx, xxx@xxx.net, 2a09:bxxxxxxxxxxxxxxxxx, accept. ASN matched: ASN 13335, CLOUDFLARENET - Cloudflare, Inc., US, Country detected: DE, Hostname detected: 2a09:bxxxxxxxxxxxxxxxxx, Registration form completed: 128 sec, 4. IP threat score: 1, accept. Unknown email domain: <a href="{search}" target="_blank">xxx.net</a>, Browser language: de, Browser timezone: Europe/Amsterdam, 1: Apple iCloud Relay VPN detected, Total score: 6, Moderated. Score exceeded (6 >= 6)

Possibly you could replace the "." with ":", this would make the relations somewhat clearer for the innocent. As I know the relations now no more issue for me. ;-)
 
smallwheels said:
@Xon: There seems to be a bug in 1.20.1: When iCloud relay is used, the IP Score is now set to 0 in the view but still counted towards the total:
Click to expand...
Thanks, I'm looking into fixing it. I also noticed it isn't overriding moderate/reject rules either.

I've got a bunch of add-ons I need to update to fix some php 8.4 compatibility issues for which has taken up the rest of my bandwidth for today/tomorrow, so I should have a fix for your issue out tomorrow or the day after.
 
You must log in or register to reply here.
Back
Top Bottom