• A valid XenForo Licence validation token will be required to complete signup and purchasing.
    This may retrieve this from the XenForo Customer Area.
  • All XenForo 2.3+ add-ons require at least php 8.0, recommend php 8.2+
    All XenForo 2.2+ add-ons require at least php 7.2, recommend php 8.x
    All XenForo 2.0-2.1 add-ons require at least php 5.6, recommend php 7.x.
    The Standard Library add-on is also required.
    Older php versions are not supported, and add-ons will either refuse to install or fail to function.
  • Automatic discounts are applied for orders above $100 USD (10%) or for early renewals (5%)

Signup abuse detection and blocking 1.16.1

Change log

  • php 8.4+ compatibility
  • XF2.3 compatibility
  • Rename permission "View reportings" to "View multiple account reports"
  • Fix csv import/export of allowed email domains didn't work
  • Fix viewing anti-spam options page did not highlight the anti-spam options sidebar as active
  • Fix shared email link detection did not also check for shared IP usage between the affected users
  • Fix multi-account detection would fail to log events if "Multi-account report user" was invalid
  • Fix missing return value for XF\Spam\ContentChecker::logSpamTrigger
  • Fix error when viewing multi-accounts referencing deleted users
  • Fix url canonization for connected account registration would result in broken redirect
  • Ensure "Multi-account report user" has a valid user set if non is set by selecting the 1st valid user on the forum on install/upgrade/rebuild
  • Remove "accept & report" feature as it is completely broken
  • Remove "Notify front-end on multiple account registration" option
  • Remove The "Detection method matching mode" option (ip/ip&cookie/cookie) as it was a foot-gun
    • IP matches are a low quality signal that needs a strong signal before multi-account detection triggers
    • IP only multi-account matches which can be removed with the CLI command xf-rebuild:sv-prune-ip-only-multi-account-matches
  • On login, the ASN (aka ISP) and country are captured and preserved into a more durable log than XF's IP table
  • Reduce number of queries hitting the ASN/Country geolocation providers by querying the local login/registration records with the minimum viable IP routing subnet
    • This is effectively a /24 for IPv4 and /48 for IPv6.
  • Add CLI xf-rebuild:sv-enrich-login-records command to trigger binding ASN/Country to login records.
    Strongly recommend setting up MaxMind over using paid API calls as this will generate a significant number of queries for ASN/Country values
  • Add MaxMind integration for geoip and asn resolving. This requires an API key.
  • MaxMind auto-update can be opt'ed out via disabling the "Update MaxMind databases" option, which describes which MaxMind databases are used
  • Add signup throttling - rate limit signups
    • Configurable window to apply throttling limits (ie X seconds/minutes/hours/etc)
    • Throttle by IP/ASN/Country, and if XenCentral/MultiSite is installed by site
    • Signup limits automatically based on daily registrations with min/max values, or a fixed value
  • New multiple account display page, under Users => Multiple accounts
    • Paginated list of recent users which have triggered multiple accounts
    • Displays users which have been linked together, and first/last time these have been detected
Back
Top