and here it is, finally.. perhaps one of the sweetest hacks i've ever installed.. unfortunately i didn't write it, but wired from http://www.xirgo.com (an awesome host, btw) did, and he gave me permission to release it on here.

this is the duplicate ip/password list hack. this basically shows all duplicate accounts on your vb forum sorted by their ip and/or password. this easily allows you to detect who's really who on your forum, and delete/ban accounts that you think are duplicates.

basically it works like this. there are two parts to this list, one part sorted by duplicate ip, the other part sorted by duplicate password. you can definitely tell users have multiple accounts on your forum if you see two (or more) users both with duplicate ip's AND passwords. this list also lists their post counts and their last visit date, so, if you want to just delete one of someone's duplicate accounts, you can choose to do so by either their last visit date (delete/ban the account that hasn't been on the forum longer), or by their number of posts (delete/ban the account that has the less posts).

please note that NOT ALL duplicate pw's are duplicate accounts, obviously. any user can happen to have the same pw as someone else. i wouldn't recommend deleting people with JUST duplicate pw's, nor with JUST duplicate ip's, because of shared accounts on the same connection, etc., but they can definitely be fishy.

to install this hack, simply put the dupeip.php file into your /admin directory of your vb forum. then to access it, go to yoursite.com/forum/admin/dupeip.php, of course.. that's it! no templates to install, no files to modify!

NOTE: the passwords on the list are in their VB encrypted form, but to be safe, only show this list to the other admins of your forum, although by putting it in your /admin folder it will ask for an admin login anyway.

Funny I have made a hack to stop this from happening all together. What it does it stop people with a Ip that is already registered from registering again... while this hack you have is very nice... this would prove to be more carefree and protective..

https://vborg.vbsupport.ru/showthread.php?s=&threadid=36049

Got to give this a try. Use to have several users who used to have register multipule times to raise their original post count. :D

Originally posted by neo
Funny I have made a hack to stop this from happening all together. What it does it stop people with a Ip that is already registered from registering again... while this hack you have is very nice... this would prove to be more carefree and protective..

https://vborg.vbsupport.ru/showthread.php?s=&threadid=36049

But what about dynamic IPs? Cause in my area, someone else can get the IP I was using a few months ago.. :confused:

that's a good idea for a hack, but i wouldn't install it myself, neo. some people on my forum, although listed on the duplicate ip list, ARE different people, i know for a fact. so installing that hack would only tick them off, although there are ways of getting around it, of course.

well I just guess those people would have to live with it... But in my opinion this hack has the same usfulness as mine, but with a few added features... but anyways..nice of you to post it for the rest of us

I had edited a script that was made here about a week ago to do the same thing this hack did, almost, mine did not show duplicate passwords, but it also was not as organized. Instead of showing them grouped together, I had to go down a list of 200+ members to find the duplicate ones to investigate.

Thanks for this hack, another backup should someone be able to get around the hack neo mad :).

SaintDog

I became rather board and the white and all was hurting my eyes so I made a few changes to make it look like the control panel (default style), it makes thing a little neater in my opinion.

I am not taking credit for anything other than changing some colors :) - I am hoping this is not a problem? The file is the same, just made to look a little better.

Download Below:

Originally posted by neo
Funny I have made a hack to stop this from happening all together. What it does it stop people with a Ip that is already registered from registering again... while this hack you have is very nice... this would prove to be more carefree and protective..

https://vborg.vbsupport.ru/showthread.php?s=&threadid=36049 Problem with that though is that a lot of (for example) Australian's have the same ISP, with dynamic IP's so you could be banning/stopping lots of innocent users with that...

saintdog, thanks for taking the time to do that, although i get a header info error with that file for some reason.. not sure why, but it works like a charm.. i do admit the interface for mine is rather ugly, but it provides more function rather than beauty, and plus i had no intentions of linking the file from admin cp either.

Seems to be working fine for me, at least since I have been using it. I will see if I left out or deleted anything from the script that may be causing the header error. If I can find the reason I will re-upload it.

SaintDog

Hi, hack sounds great. I downloaded the file and installe dit, but when I run it I get a blank white screen. Was I suppose to modify the file in anyway to get it to work on my server?

Nope, just upload to your /admin folder and open your browser and goto the location of the file :)

SaintDog

ok I did that and it did not work, so here is a question.

I have the php3 version, so all of my php files end in php3

So what is the difference between the two versions VB offers and which one are the hacks written for

The hack was written for the PHP versions I am pretty sure, although there should not be too much of a difference I would not think, but I do not know everything about php so I could be wrong.

SaintDog

Saintdog/supreemball: In addition to your pretty color change, I added an admin nav option to the admin's index.php page, and that is when I notice the "not outputing header" error. Here is what I put for the nav link:


//the normal part of the navigation
makenavoption("Build Mailing List","email.php?action=genlist","<br>");
//this is the part I added:
makenavoption("View Duplicate IP Addresses","dupeip.php/");

I added the slash at the end of dupeip.php because vbulletin was adding things to the url that your script didn't like, so I was getting "page not found" errors. What can I do to add a link on the admin page and get it to integrate as normal? Any ideas?

Great hack btw, :D

Saintdog: your version produces a warning if you call the script directly, but if you integrate it in the CP it works fine. :)

Nafae: you can do it this way (this is an extract of my index.php, the Hacks sections) look at the dupeip line.

// *************************************************
makenavoption("Login Information","loginlog.php?action=modify","<br>");
makenavoption("PM Stats","pmstats.php?action=","<br>");
makenavoption("Moderator Logs","modlog.php?showLimit=25","<br>");
makenavoption("Mass PM","masspm.php?action=","<br>");
makenavoption("Duplicate IPs&PW","dupeip.php?action=","<br>");
makenavoption("Template Backup System","tbs.php?action=modify");
makenavselect("Hacks","<hr>");
makenavoption("Browse Attach.","browseatt.php?action=intro","<br>");
makenavoption("Delete Attach.","rematt.php?action=intro","<br>");
makenavoption("Convert Date/Time","convert.php?action=intro","<br>");
makenavoption("Encrypt String","convert.php?action=intro","<br>");
makenavselect("Hack Admin Func.","<hr>");
// *************************************************


Supreemball: thanks a lot for this one. I'll integrate it with the extended version of the loginlog hack (originally by PPN) that I made to look at dupes also for login IPs...:D

Originally posted by SaintDog
I became rather board and the white and all was hurting my eyes so I made a few changes to make it look like the control panel (default style), it makes thing a little neater in my opinion.
[...]


Nice restyle... Just, shouldn't have been a little cleaner to use
cpheader() and cpfooter() functions as in each AdminCP page, instead of replicating such a html code inside the php script ?

:laugh: Thanks

Awesome hack. Love it :).

i integrated it in the CP but it still shows the errors:

Warning: Cannot add header information - headers already sent by (output started at /.../admin/dupeip.php:5) in /.../admin/global.php on line 118

... line 119
... line 120
... line 121


how can i fix it?


LaNder

Great hack!

One question - it seems like it only checks for duplicate IPs that are in the profile (the one you see in the admin cp when you search for a user). It doesn't look through all the IPs (like if you choose view IPs for this user and then find other users for this IP). Is there any way to make it look through every IP for the user?

Thanks! :)

Originally posted by LaNder
i integrated it in the CP but it still shows the errors:


how can i fix it?


LaNder


Im getting the same error:(

I don't get any errors, I have clicked, clicked, and clicked again :) - yet nothing comes up for me, it works perfectly fine. All I have done is link to it via the admin cp and it works fine.

SaintDog

ok i found the problem and made a little change to your code:

your code:


<html>
<head>
<title></title>
</head>
<style type="text/css">
a:link{
background-color: transparent;
color: #3F3849;
text-decoration: none;
}

a:active{
background-color: transparent;
color: #3F3849;
text-decoration: none;
}

a:visited{
background-color: transparent;
color: #3F3849;
text-decoration: none;
}

a:hover{
background-color: transparent;
color: #3F3849;
font-weight: normal;
text-decoration: underline;
}
</style>

<body bgcolor="#BBBBBB">
<?php
error_reporting(7);

require("./global.php");

echo "<center><font size=\"1\" face=\"verdana\">[<a href='#'>duplicate ip addresses</a>] | [<a href='#pass'>duplicate passwords</a>]</font></center>";

i replaced it with:


<?php
error_reporting(7);

require("./global.php");

cpheader();

echo "<center><font size=\"1\" face=\"verdana\">[<a href='#'>duplicate ip addresses</a>] | [<a href='#pass'>duplicate passwords</a>]</font></center>";

now it works fine for me :)

LaNder

great just installed this but i get 3 users all having the same password, i know one of them is a totally different person. The other two i had suspected were the same person. My question is out of 103 members what are the chances that 3 memebers all have the same. As it seems pretty strange to me

Great hack and great idea.
I tried to extend it with the same idea, but didn't manage: infact I would search similar usernames and similar emailnames using for instance the SOUNDEX() MySQL function.
But realized I can't group by or order by rows upon string functions fields... only on primitive ones.

Somebody does have any idea ?
Thanks

great hack, am putting it in now, but how exactly do i put a link to it in the Admin CP? anyone, anyone :D (could not see how above)

[duplicate ip addresses] | [duplicate passwords] | [hide zero posters] | [show zero posters]

This hack is really good! Dead simple, but will be very usefull in my superlsueth opperations in busting the doubles.

I added a little extra feature in this attached version - an option to show or hide accounts that have a zero post count.

Aha, I've just noticed a slight bug/feature in my version. You get single rows in the hide zero-posters option! Obviously this isn't that usefull, but I suppose it lets you know that there are other users with a dupe IP/pw for that user, except you've just chosen to hide them.

Going back to what someone else mentioned earlier - this only searches through the last recorded IP for each user.

Another really fine way of busting people with many psuodonyms is to check back through their posts and see which IPs were used by different users at the same time, or within 15 mins of each other. I get this with people coming on as themselves, making a few posts then switching to their alter ego and causing some [better wash my mouth][better wash my mouth][better wash my mouth][better wash my mouth].

Who's up for helping writing a bit of SQL to do that!?

Hi,

very nice hack! :)

Is there a way to resolve the IPs?

Would be great, having the hostname too would make it easier to say if a duplicate IP happened because of a proxy or a static host...

Thanks anyway,
-Tom

I'm looking a way to search for similar usernames and similar email names (first part, till '@')...
SOUNDEX() MySQL function would be nice this matter, but can't manage to GROUP BY a function instead a true table field, as this hack does.

Anyone could help ?
Thanks a lot.
Bye

Do you have a problem with members registering several names that sound simillar?

In my experience when somebody registers and alternate alias they use a dodgy Hotmail account and a completely different name in order to not be traced.

As for grouping by function, dunno, is there a quick and dirty way of making a temporary table with these results in then doing a standard SELECT with a GROUP on that temp table?

Originally posted by Thomas P
Is there a way to resolve the IPs?

Would be great, having the hostname too would make it easier to say if a duplicate IP happened because of a proxy or a static host...


I don't think so, as hostname=IP and IP=hostname. You won't reveal any extra information by resolving the IPs, appart from which ISP someone is using.
Unless you mean the opposite, where by resolving IPs will let you see people on dynamic IPs that use the same provider.

Originally posted by Meirion
You won't reveal any extra information by resolving the IPs, appart from which ISP someone is using.

You will find out the hostname, which maybe something like proxy.isp.com which is usefull and what Thomas P wanted, so he can see if the multiple IP's are from proxy server and therefore more likly to be legitimate signups.

Sorry, I thought some more and I understand what you mean now. You mean to prevent accidentally banning someone who ended up having a matching IP due to it being behind a proxy?

Sorry I was on a bit of a "bust their ass" crusade. I suppose there are some legitimate members out there. I bet my membership would halve if I got rid of all the false names! :D

Originally posted by Meirion
Sorry, I thought some more and I understand what you mean now. You mean to prevent accidentally banning someone who ended up having a matching IP due to it being behind a proxy?

Yep, thats exactly what I mean, I have users who are know are all individuals but have a duplicate IP due to the proxy server they use.

Sorry I was on a bit of a "bust their ass" crusade

lol, no probs, we all get like that at times :D

Originally posted by Meirion
Do you have a problem with members registering several names that sound simillar?

In my experience when somebody registers and alternate alias they use a dodgy Hotmail account and a completely different name in order to not be traced.

As for grouping by function, dunno, is there a quick and dirty way of making a temporary table with these results in then doing a standard SELECT with a GROUP on that temp table?

FoA, thanks for such a fast answer.

Yes, I'm trying to findout possible dupe users (along with ip & pw) by an approximative check of username & email name...
I know well it'd be an 'empiric' way, but not too more than looking for dupe identical password, don't you agree ?

Hwr, a temp table seemed a good solution me too...
But, first I could do a little bit more precise job at php level with lot of memory used to sort the fetch_array; second I wouldn't mess up the db too much creating and destroying temp tables at runtime... Third, I have no idea of the performance and fragmentation impacts such a table could give.
:p

Thank you again.
Bye

Lol, never trust that email-reply feature that this board has. I just replied by email and my topic appeared in two other threads! (but never showed up here). Lol, then I get my head bitten off.

this is what I posted:

I think on my board that hunting for similar sounding names would not prove
fruitful at all.
I suppose it all greatly depends on how many users you have as to the
intensity of an opperation like this. My php & SQL knowledge ends at this
level!

I would much rather concentrate on a script that would use the IPs in the
posts table and look for users using the same IP within a certain time
frame, eg 15 mins. This should catch people out when they change login from
their real name to the false name in order to flame someone.
Obviously doing a search like that on the post table would be a
server-destroying style query, so my plan would be to feed it a user name
that was suspicious. It would then crank back through the last 20 posts of
that user, grab the IPs, then see if anyone had used that IP within 15 mins
of that post time.

Does that make sense? Do you think it would work?

for some reason i cant open the attachment.. can someone make sure it is working?

I just wanted to say this is a LIFESAVER for the board I run. Great, great add-on. This should be in vB3.

Hey, would anyone be able to modify this hack so the passwords aren't encrypted? It would be a lot of help!

Thanks :)

Originally posted by Max M
Hey, would anyone be able to modify this hack so the passwords aren't encrypted? It would be a lot of help!

This is imposible. You cannot de-crypt the MD5 hash.

You can add more features to this by adding the user's usercp options. Like sigs off, or how many posts per page they are viewing.

Anyone know how to combine the two and view by BOTH duplicate IP's and passwords? Yes, I am this lazy, and I have a lot of duplicate IPs and duplicate passwords on my forum, and finding the ones that have both in common is becoming tedious. Any help?

fricken awesome hack!!!!! Been looking for something like this... ;)

fricken awesome hack!!!!! Been looking for something like this... ;)

The requested URL /forum/admin/moderator.php was not found on this server.

I have not file moderator.php or I find him(it) thank you

is it just me or has anyone else noticed that if you click the duplicate passwords link it brings up the list of doupe IP's and then the doupe passwords as well instead of just the doupe passords list alone?

Added if a user can post to the outpout, a remove link, an admin header footer, and a reverse lookup of the ip addresses. if you are interested feel free to download it. It did not take much time but might help some of those of you who don't have time to add these things.

~ clicks install..... I like this thanks.

Clicks install....great hack

Flawless via 2.3.0

/me clicks install

I would search similar usernames and similar emailnames using

Did anyone manage to that working with similiar emailnames particularly, i'd be very intereste din this ???

Such a very useful hack for my boards to be launched. Great work guys. there seems to be more than 4 versions in this thread by now, let me try them out.

Flawless via 2.3.0

Good, as i am also using 2.3.0

Thanks for the hack and the support.

Cheers

To integrate this into the control panel, I did the following:

Open admin/index.php
Find: makenavoption("IP Addresses","user.php?action=doips","<br>");Add AFTER it: makenavoption("Duplicate IPs & PWs","dupeip.php?action=","<br>");


Open admin/dupeip.php
Find: require("./global.php");Add AFTER it: if (isset($action)==0) {
$action="modify";
}

Awesome hack. Love it!!!!

I got this error in control panel...

Warning: Address is not a valid IPv4 or IPv6 address in /home/virtual/site17/fst/var/www/html/admin/dupeip.php on line 74

Yes, I have IP loggin enabled.

Any help would be appreciated.

Thanks!

This only checks the IPs used to register? That is not nearly as helpful as checking it against ALL the IPs a user uses. Many people get on the internet at work and have atleast 2 IPs. Heck I just did a search on the IPs I've used and I've used 24. So basically this hack has a 1 in 24 chance in stopping me. Good hack however I think it can be improved.

:) Good hack!

*Installs*

Can anyone modify this hack so it will also check against the IP the users post with instead of just the IP used to register alone? TIA

Works well.. Thanks mate !

bump for getting this hack to check all the ips used. and for making it just check the passwords alone as well.

This is a brilliant hack! :bow:

How about getting this up for VB3

How about getting this up for VB3
It works fine with vB3, as is :)

tenbucks, you are correct. I didn't pay attention to the bottom of the list.

UPdate :p
Got the same problem + theres a problem with the IPs as some of the dupicates are people i personaly know and its saying they are sharing an IP

Did anyone ever modify this hack to check against all the post IP's instead of just the registration IP? That makes a huge difference in the effectiveness of this hack.

An old hack, indeed.
Anyone have this for 3.6?

anyone have this for 3.6.1 ?? Pls..

<a href="https://vborg.vbsupport.ru/showthread.php?t=107566" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=107566</a>