[Xon] Signup abuse detection and blocking 1.19.0

From (simple) multiple accounts detection to isp/connection fingerprinting with score-based moderating/rejecting logic. These are very effective low-hanging fruit at reducing spam.

Supports migration configuration from the following XF1 add-ons;

• TPU Spam Detect
• Alter ego Detector

See the FAQ Known Issues (in next post) for known limitations. This is not a turn-key solution, and each site may require customization!

For multiple account detection, supports reporting to reports/threads. And will send reports to the same report/thread. To send to thread you must select the "Multi-account to thread" extra.

For connection fingerprinting more additional information is collected and recorded on the account.

Note; Configuration defaults are conservative, aimed at blocking VPNs and proxies. There are a large number of configuration options for this add-on!

Link content spam checking

Instead of adding the spam phrases http:///https:// which generate lots of false positives; this allows controlling how links are treated by the content spam checker;

• Explicitly allow URLs with a given domain
• Explicitly moderate URLs with a given domain
• Explicitly reject URLs with a given domain
• Default allow/moderate/reject for unclassified URLs

Multiple account handling permissions

• Bypass multiple account checking
• Can enable / disable alerting for user
• Can enable / disable alerting for log
• View reportings.

Use Multiple account to thread add-on to send multiple account reports to threads.

Per-user whitelist:


Multiple account logs per-user:

Q. After installing the addon or enabling getipintel an error is reported and the getipintel integration is disable
A. [COLOR=hsl(var(--xf-editorFocusColor))]The getipintel[COLOR=hsl(var(--xf-editorFocusColor))].com/][/COLOR]getipintel[COLOR=hsl(var(--xf-editorFocusColor))] feature has a 500 queries per day limit on the free plan.[/COLOR]

When using shared hosting, this include XenForo Cloud, you may receive the following error:

[SignupAbuseBlocking] Server appears banned from getipintel.net, disabling getipintel option

Click to expand...

If this happens, you can contact getipintel for information about a paid plan. Re-enabling the integration using the free plan may result in further (and longer lasting) IP bans from this service.

Known issues

• This is not a turn-key solution for blocking spam, but rather a toolkit.
  • On banning a spammer, it is recommended to check the "User Registration Record" for that user and check the signup IP to see if it is associated with an ISP which provides VPN, hosting, or proxy services but not residential services
    If so, you may wish to consider adding that ISP to be grey listed (ie auto-moderate) or blacklisted (auto-reject).
• "Multi-account to thread" does not support merging threads, it will generate a new report thread if it's target is merged or hard deleted.
• There may be GDPR considerations due to the additional information collected and exposed to staff. This information is currently not purged when the account is deleted.
• Geo location information is not an exact science, and VPN providers are adversarial at ensuring ip-geo location may not be accurate

Port scanning proxy

Bundled with this add-on is a simple php script to run the port-scanner service remotely (port_scanner.php). Host port_scanner.php on a webserver somewhere, allowing only your webserver to access it! and then enter the URL into the relevant add-on option.