PDA

View Full Version : Prevent Multiple Registrations From Same IP Address


Krofh
04-04-2006, 10:00 PM
Prevent Registrations From Same IP Address

Description: Limits the number of users registering from the same IP address

Installation and Usage:

Import product-noregsameip.xml
Go to the ACP > vBulletin Options > User Registration Options
Towards the bottom of the page are your options for limiting user registrations with identical IP addresses


ACP Options:

Enable/disable registration or post IP limits
Set the number of allowed users per IP address used for registering
Set the number of allowed users per IP address used for posting
Set the error message displayed when the user limit is reached
Set "Allowed IP Addresses" box that is not limited by this hack, including wildcards (i.e. 192.168.0.* to allow anyone's IP starting with 192.168.0)
Set "Allowed Host Addresses" that is not limited by this hack, including wildcards (i.e. *.aol.com to allow anyone coming from a host ending in .aol.com)


Please click install!

maharajah
04-04-2006, 10:30 PM
Brilliant !

Before i install, is it possible to add a list which we can edit that will be Allowed to have multiple IP registrations ?

Like AOL or Many ISPs from the Middle eastern countries.

.

maharajah
04-04-2006, 10:36 PM
I installed it anyway :)

Please see if the above can be implemented.

.

KidneyBoy
04-04-2006, 10:39 PM
Yes I would like to see an "exceptions" list, or maybe an "exceptions" usergroup if possible.

THANK YOU for coming up with this, however *CHEERS*

*INSTALL*

Connector
04-04-2006, 10:52 PM
seem like the same one in this link ?
https://vborg.vbsupport.ru/showthread.php?t=103988

maharajah
04-04-2006, 10:53 PM
Just tested it and it doesnt work.

Heres what i did.

Installed using products.
Set Force Unique IP to Yes
Set Number of Same IP Addresses to 1
Cleared Cookies and Reregistered... and it allowed me.

Are you checking the Registration IP or Post IP as well ?
Seems like u are only checking Registration IP.

.

Krofh
04-04-2006, 11:07 PM
Only checking Registration IP, otherwise you'd have insane problems with public computers. Then, no two people could both post from a public computer. This hack is to be used mostly for, say, stopping one person from creating 15 accounts from their home computer.

Connector: gosh-dangit, I searched for a bit and didn't find anything that did this already, or I wouldn't have programmed it >.< though, looking at its code, it looks like that hack blocks posting IPs, whereas mine only blocks registration IPs... still though, mostly the same.

Also, Marajah: the "allowed IPs" is a good idea, I'll look into adding that.

maharajah
04-04-2006, 11:10 PM
Most people IP change within a Few days, I have 3 accounts on my Board and this didint stop me from registering a new one.

U chould create an Add-on that will check Post Ips as well.

That ability, along with the existing Ability to change the error message will make this the best "prevent Multiple regitrations from same IP" hack out there at the moment.

.

maharajah
04-04-2006, 11:11 PM
seem like the same one in this link ?
https://vborg.vbsupport.ru/showthread.php?t=103988

Yes, but that one doesnt allow a Unique message like this one.

.

The Chief
04-04-2006, 11:28 PM
ABOUT TIME SOMEBODY THINKS OF THIS. Sorry I am just too happy, will install later when it is more stable :)

Krofh
04-05-2006, 12:26 AM
Before i install, is it possible to add a list which we can edit that will be Allowed to have multiple IP registrations ?
Updated to v1.0.1 with this capability. One IP address per line, and it worked when I tested it... thanks for the suggestions everyone, let me know if anything doesn't work or if you have more suggestions.

U chould create an Add-on that will check Post Ips as well.
I'm going to try and get to this next, so you can set if you want Registration IP checks, Post IP checks, or neither or both.

The Chief
04-05-2006, 12:28 AM
I will click install but need people to confirm it works on 3.5.2 :)

maharajah
04-05-2006, 05:31 AM
Will install when new version is up :)

.

Krofh
04-05-2006, 05:50 AM
U chould create an Add-on that will check Post Ips as well.
Now updated to v1.0.2 with this capability. Please let me know if anything doesn't work, or if you have any suggestions.

maharajah
04-05-2006, 07:27 AM
Installed without a hitch !
Tested all aspects and its working beautifully !!

Brilliant hack Krofh, this is definately the best "prevent Multiple IP" hack exising.

.

007
04-05-2006, 10:23 AM
Setting post IP's to maximumum of 1 could be a very bad thing... members move, and many members access forums from work. They would get really annoyed to not be locked out of their accounts..

Other than that the registration part of this hack could by very helpful. :)

maharajah
04-05-2006, 10:29 AM
Setting post IP's to maximumum of 1 could be a very bad thing... members move, and many members access forums from work. They would get really annoyed to not be locked out of their accounts..

Other than that the registration part of this hack could by very helpful. :)

This hack does not stop users from logging into their account from multiple locations (ie multiple IPs).

It stops users from registering 2 accounts from the 1 computer (or network).

There should be no reason why 1 user needs to have 2 accounts.

.

The Chief
04-05-2006, 01:38 PM
This hack does not stop users from logging into their account from multiple locations (ie multiple IPs).

It stops users from registering 2 accounts from the 1 computer (or network).

There should be no reason why 1 user needs to have 2 accounts.

.
cool, did anybody try it on 3.5.2?

MissKalunji
04-05-2006, 02:13 PM
exacly what i needed thanks!
ill install :)

* MissKalunji clicks install

Krofh
04-05-2006, 02:47 PM
Setting post IP's to maximumum of 1 could be a very bad thing... members move, and many members access forums from work. They would get really annoyed to not be locked out of their accounts..

Other than that the registration part of this hack could by very helpful. :)

I agreed, but I decided to just be more thorough and add all the features... you can always turn the post IP check off if you want.

Boofo
04-05-2006, 02:58 PM
Is this still in beta stage then?

Krofh
04-05-2006, 03:11 PM
Well, I haven't heard any problems reported, nor have I had any problems myself... so I suppose not.

Pcparts
04-05-2006, 03:59 PM
What if someone lives in Qatar?
where they only have 1 ISP, which uses a proxy, and as a result everyone in the whole state shows to have the same IP.

Krofh
04-05-2006, 05:09 PM
What if someone lives in Qatar?
where they only have 1 ISP, which uses a proxy, and as a result everyone in the whole state shows to have the same IP.
If you expect to have lots of visitors from Qatar, then I don't recommend you using this hack :p
There is an "allowed" list though, so you could always put that one IP address in that list... this hack will then ignore that IP address.

maharajah
04-06-2006, 05:25 AM
Ok, there is an issue.

When a user registers and tries to activate... he gets this message:

Our system shows that you have already registered under a different username. Would you like to try logging in?

.

Krofh
04-06-2006, 05:38 AM
Ahhhh, I could see that being a problem. Silly me didn't think of that, seeing how I don't use activation >.< I'll take a look at it.

Krofh
04-06-2006, 05:49 AM
Problem fixed... sorry about that.

If you have this hack already and don't want to reinstall this, you can just modify the plugin code. Go to your Plugin Manager, and find the plugin in register_start called "Ban Registrations From Same IP Address". Replace the entire plugin code with:
if ($_REQUEST['do'] == 'register' || $_POST['do'] == 'addmember' || $_REQUEST['do'] == 'signup') {
// Get remote addr
$vbulletin->input->clean_gpc('s','REMOTE_ADDR',TYPE_STR);

// Check if user is in allowed list
$allowed = explode("\r\n",$vbulletin->options['allowed_unique_ip']);
if (!in_array($vbulletin->GPC['REMOTE_ADDR'], $allowed)) {
// are we checking for unique registration IP?
if ($vbulletin->options['force_unique_ip']) {
// Check for existing users who registered with the same IP address
$k_getsame = $db->query_first("SELECT COUNT(*) AS total FROM " . TABLE_PREFIX . "user WHERE ipaddress='" . $vbulletin->GPC['REMOTE_ADDR'] . "'");
// do we have more users than we should
if ($k_getsame[total] >= ($vbulletin->options['number_unique_ip'])) {
// error message now
standard_error($vbulletin->options['unique_ip_req_message'],'',true,'STANDARD_ERROR_LOGIN');
}
}
if ($vbulletin->options['force_unique_post_ip']) {
// Check for existing users who posted with the same IP address
$k_getsame = $db->query_read("SELECT COUNT(*) as total, userid AS userid FROM " . TABLE_PREFIX . "post WHERE ipaddress='" . $vbulletin->GPC['REMOTE_ADDR'] . "' GROUP BY userid");
$k_temp = 0;
while (list($k_total, $k_userid) = $db->fetch_row($k_getsame)) { $k_temp++; }
// how many are there, is it too many?
if ($k_temp >= $vbulletin->options['number_unique_post_ip']) {
standard_error($vbulletin->options['unique_ip_req_message'],'',true,'STANDARD_ERROR_LOGIN');
}
}
}
}

Or of course you can just install the new product xml.

maharajah
04-06-2006, 11:13 PM
Made the changes and all seems fine now :)

Thank you for that.

.

Kihon Kata
04-17-2006, 10:52 PM
I am getting a ton users messaging us saying that they have signed up already, or at least the message says they are. Is this due to AOL? Also, if I use the include list with an entry like 207.1 will that work?

We do have many that signup everyday.

Krofh
04-18-2006, 04:25 AM
It could in fact be due to AOL, if AOL constantly is reusing IP addresses... and I'm sorry, no it doesn't currently do partial IP addresses, just full ones. How useful would having partial IP addresses be?

Kihon Kata
04-18-2006, 04:50 AM
It could in fact be due to AOL, if AOL constantly is reusing IP addresses... and I'm sorry, no it doesn't currently do partial IP addresses, just full ones. How useful would having partial IP addresses be?
So, is there a solution to this? I love this hack, but it's stopping many users everyday from registering. They keep contacting me telling me that our system keeps saying that they are already registered. Is there something you can help me regarding this?

Krofh
04-19-2006, 06:08 AM
Are they all coming from a set of IPs as you said, like 207.1.*.*? Because if that's the case, I could probably try and rewrite this to include wildcard IPs like that. Let me know if that would work, or if not... if that won't fix it, I'm not sure if there's much that I can do.

Kihon Kata
04-19-2006, 12:35 PM
Are they all coming from a set of IPs as you said, like 207.1.*.*? Because if that's the case, I could probably try and rewrite this to include wildcard IPs like that. Let me know if that would work, or if not... if that won't fix it, I'm not sure if there's much that I can do.
OH that would be cool. Well, most of them are coming from AOL, whatever AOL's set of IP are. Is there a way to find those out?

Krofh
04-20-2006, 05:26 AM
Honestly, that's what I don't know. I couldn't tell you where AOL comes from, but I'd expect they'd have quite a lot of IPs and to sort through them all isn't something I have the time for. I'll try and get to this in the next couple of days, I'm rather swamped with homework right now and going to bed as soon as I click Reply.

I'm also considering an "allowed Host" thing, so you -might- (I'll have to look into this) be able to do an allow *.aol.com, thus allowing anyone on an AOL IP. I really don't know if that would physically work or not though.

Kihon Kata
04-20-2006, 12:31 PM
Honestly, that's what I don't know. I couldn't tell you where AOL comes from, but I'd expect they'd have quite a lot of IPs and to sort through them all isn't something I have the time for. I'll try and get to this in the next couple of days, I'm rather swamped with homework right now and going to bed as soon as I click Reply.

I'm also considering an "allowed Host" thing, so you -might- (I'll have to look into this) be able to do an allow *.aol.com, thus allowing anyone on an AOL IP. I really don't know if that would physically work or not though.
That would be tight. Will wait for ya :-D

DementedMindz
04-22-2006, 02:16 PM
how does this check the ip? cause i had a member register 3 times with the same ip... does it work cookie based orhow does this work???

Krofh
04-23-2006, 04:34 AM
It's in the database, not based on cookies. First of all, is it turned on? Go to the ACP > vBulletin Options > User Registration Options and scroll to the bottom of the page; all your options are there, including how many you want to limit and whether or not it's enabled.

Kihon Kata: I finished a bunch of personal stuff that needed to be done first, so I'm hoping to be able to get those fixes made sometime tomorrow.

Kihon Kata
04-23-2006, 05:09 AM
It's in the database, not based on cookies. First of all, is it turned on? Go to the ACP > vBulletin Options > User Registration Options and scroll to the bottom of the page; all your options are there, including how many you want to limit and whether or not it's enabled.

Kihon Kata: I finished a bunch of personal stuff that needed to be done first, so I'm hoping to be able to get those fixes made sometime tomorrow.
Great! Thanks Krofh! Thanks for taking the time to update this.

DementedMindz
04-23-2006, 01:33 PM
It's in the database, not based on cookies. First of all, is it turned on? Go to the ACP > vBulletin Options > User Registration Options and scroll to the bottom of the page; all your options are there, including how many you want to limit and whether or not it's enabled.

Kihon Kata: I finished a bunch of personal stuff that needed to be done first, so I'm hoping to be able to get those fixes made sometime tomorrow.

yeah its on and i have it set to 1 per register and i have the post turned off.... but i guess there was like a 2 or 3 days time frame and the member came back and made a new name... i banned 2 names from the same ip.. then i wrote them and let them know not to make no more..

Krofh
04-23-2006, 08:28 PM
Are you sure they registered from the same IP? That's something worth checking in the user database or in their profiles.

DementedMindz
04-23-2006, 09:59 PM
Are you sure they registered from the same IP? That's something worth checking in the user database or in their profiles.

yes im sure... i checked that out, it was the first thing i did.. the only way i knew was i had the Multiple account login detector (AE Detector) (https://vborg.vbsupport.ru/showthread.php?t=107566) installed...

Krofh
04-23-2006, 10:03 PM
DementedMindz: Where is your website located at? I can try and take a look at it.

In other news, I made some modifications and this hack is now at version 1.0.4. New features include:
1) Being able to use wildcards in allowed IP addresses, i.e. 192.168.0.*
2) Being able to allow hosts from REMOTE_HOST, i.e. *.aol.com.

Keep in mind that the allowed hosts bit only works if your server does the reverse DNS lookups for REMOTE_HOST from REMOTE_ADDR. That's easily verifiable with a phpinfo script.

DementedMindz
04-23-2006, 10:05 PM
see its strange it stops me when i try but a few users who didnt come back for a few days were able to make new names... and they had same ip..

Krofh
04-23-2006, 10:21 PM
DementedMindz: Where is your website located at? I can try and take a look at it.
Really, I mean it. If you tell me where your website is, I can try for myself :p Honestly, I would guess that it's because their IP actually did change over the course of a couple days, but yet the notify plugin that you mentioned is notifying you because that checks for Post IPs also. If you would enable post IP bans with this plugin, it would prevent those from happening... though it might also prevent certain people from registering who you want to register.

DementedMindz
04-23-2006, 10:29 PM
i looked at there ip its the same ip number its a cable static ip address.... also that hack Multiple account login detector (AE Detector) dont check for there ip its cookie based...

DementedMindz
04-24-2006, 09:04 PM
is there any way you could make a feature (with on/off feature in admincp) that is cookie based also like the Multiple account login detector (AE Detector) this way it would auto ban them or stop them???

Krofh
04-25-2006, 05:08 AM
I might do that some other time, but at this point it's not something I'm especially interested in. The reason is that anyone could simply clear their cookies and reregister, and I'm not interested in making a block that's that easily bypassable.

DementedMindz
04-25-2006, 05:10 AM
it seems to work great on Multiple account login detector as it dont use the default vbulletin cookie... this way if they log out it wont clear that cookie...

Kihon Kata
04-25-2006, 05:12 AM
Did you test your newest version on the wildcards?

slowhand.chen
04-25-2006, 07:52 AM
thank ,
Installed without a hitch !

Krofh
04-26-2006, 05:55 AM
Did you test your newest version on the wildcards?
I did, as much as I was able. I was slightly limited by my server's abilities and not able to test everything 100% thoroughly, but everything that I was able to test worked correctly. Why, did you have a problem?

Kihon Kata
04-26-2006, 08:17 PM
I am using *.aol.com as a wildcard. I have tested this on an AOL dialup account, and it has given me the message of "Our system shows that you have already registered under a different name".

I am receiving many emails from users from AOL not being able to signup.

any ideas?

Krofh
04-27-2006, 04:04 AM
1) Are you sure your server resolves hostnames? I'd recommend making a phpinfo script and checking.
2) Are you sure that the hostname actually ends in .aol.com?

Kihon Kata
04-27-2006, 04:28 AM
1) Are you sure your server resolves hostnames? I'd recommend making a phpinfo script and checking.
2) Are you sure that the hostname actually ends in .aol.com?
1) I can access my phpinfo file. What am I looking for? I searched the page for "resolve" or "hostnames"...not much came up. Do you have that script or know where to get it to find out?

2) *aol.com or .aol.com? I see you put .aol.com

Krofh
04-27-2006, 05:45 AM
1) Look for a variable called "REMOTE_HOST"... it should be under the "Environment" section, probably next to "REMOTE_ADDR."
2) Either one should work, but *aol.com might allow unlimited registrations from someone coming from a host like maol.com :p

Also, could you go to this website (http://www.whatismyipaddress.com/staticpages/index.php/whatismyhostname) with the AOL connection and let me know what it says that the hostname is?

Kihon Kata
04-27-2006, 01:06 PM
Krofh, check your PMs

Krofh
04-27-2006, 04:27 PM
Updated to 1.0.5... the "Allowed Hostnames" bit only worked with hosts resolving REMOTE_HOST, and it seems that wasn't an option enabled by default in Apache. Now it resolves hostnames independently through PHP from REMOTE_ADDR.

Kihon Kata
04-27-2006, 10:54 PM
updated mine!

Krofh
04-27-2006, 11:10 PM
Is the hostname bit working for you now?

b6gm6n
05-05-2006, 04:28 PM
I had to uninstall this freak as i couldnt even register from an internet cafe....hmmmm God knows how many registration signups i've lost due to this, cheers, thanx

Krofh
05-06-2006, 09:08 AM
Ahh... Sorry about that, I spose that's just the risk with this sort of a hack.

milsirhc
03-09-2007, 01:57 AM
Does this work with 3.6.x?