Hiyas,

When a new user registers your board, this hack analyzes his email, password, ip address and isp (ranged ip) against existing board members and produces a sorted list with probabilities about who this new user might be. (See screenshot below). This list will be emailed to you with new user notification mail. (The probabilities can be modified by you so it's you who decide how matched results are sorted and ranked, dont blame me!) ;)

Tested and will work better in relatively smaller boards (less than 3000 members). If you have a small board, this hack may help you a bit to track and pinpoint existing users if they re-register with different usernames. For large boards, IMO it's pointless to track new users anyway..

As far as I know it will work with ANY vbulletin version so feel free to try. Installation is very easy, actually 2 simple steps and will take you 2 minutes to apply..

If they change their both ip, isp, password and email, the hack cant get them, yeah I know! This is the best we can do with computer technologies. If you have higher expectations and demands, you may regard consulting a "Seer".. :p

If you liked this hack, I suggest checking Jawelin's nice Paranoid dupe user buster when moderating Hack (https://vborg.vbsupport.ru/showthread.php?s=&threadid=36310) too. They make a good couple and I use them both.

Click Install button (https://vborg.vbsupport.ru/misc.php?s=&action=install&threadid=38909), if you installed the hack, thank you!

Enjoy! \=^))

Logician

Screenshot:
(This is the part of email you receive when a new user registers)

Great hack, i will install this one later. Thanks.

Very nice idea and implementation.

Many thanks even for such undue greets.... :p
I'll use ASAP.

Just a question: I have enabled moderation, but not email notification to the admin. I would, if some percentage value is overcome, receive that email.
Which variable should I check ? Do you think it should possible ?

I mean, if my $newuseremail is usually empty, i could put at the end of your hack something like:

if ($i>1)
$newuseremail=$webmasteremail;

By now I use the counter of matches, but actually don't like it...
:)

Thanks again.
Bye

installed!!

awsome stuff! :)

note about installing on 2.0.3: i put the code on register.php just before this
$DB_site->query("INSERT INTO user (userid,username,password,email,".$newstylefield......

Originally posted by Jawelin
I have enabled moderation, but not email notification to the admin. I would, if some percentage value is overcome, receive that email.
Which variable should I check ? Do you think it should possible ?

@Jawelin: To add such a feature, first find the part in the hack code:

$sorted_matches_pro[$i]=${$result}[probability].".".${$result}[userid];


After that add:


if (${$result}[probability]>X) {$alert_tick=1;}

Replace X with your probability you want to check.

Now if a user's possibility of being another user is more than X%, then hack will flag the variable $alert_tick and by checking it in register.php, you can make the script send you email notification.
Like in your code:


if ($alert_tick==1) {$newuseremail='youremail@domain.com';}


Hope that helps.. :)

@All: You may ignore this message if you dont want to have a feature like Jawelin asked.

Looks good, I just got what it does :D

This is fun idea!
Good for my paranoid lessons 12step program :D

I will try to install it in the upcomming weekend.

Excellent. Works perfectly on 2.2.5. :)

Good hack!
I will install later!

Originally posted by Logician

@Jawelin: To add such a feature, add:

if (${$result}[probability]>X) {$alert_tick=1;}

Replace X with your probability you want to check.

Now if a user's possibility of being another user is more than X%, then hack will flag the variable $alert_tick and by checking it in register.php, you can make the script send you email notification.
[...]
Hope that helps.. :)


Thank you very much for this extension.
Till now, I never found users matching more than 50%, and think - for test purposes - i'll try to lower that value.
Thanks again.

Bye

Will this work on existing members who have registered or just new members?

Originally posted by mark@sb.ws
Will this work on existing members who have registered or just new members?
checks just new members against existing members' data..

Originally posted by Logician

checks just new members against existing members' data.. Yes, but it is a very effective troll detector. I have a couple who can't figure out how I get them banned or on moderation before they can even post. :)

I installed this, and it seems to have worked fine. My first new member to sign up after this is installed, emailed me their information, but for the probability part, all I got was:
WHO MIGHT THIS NEW USER BE?
----------------------------
# | PROBABILITY | USER..| ID.|....EMAIL........|.MATCHES..................
-------------------------------------------------------------------------------------

----------------------------
[email] => indicates user has the same email with this new user
[password] => indicates user has the same password with this new user
[IP] => indicates user has the same IP address with this new user
[ISP] => indicates user is from the same ISP with this new user. That is, their IP range is same. Eg. 195.100.200.XXX etc..

Any idea what I may have forgotten?

nice hack

Originally posted by NSeXcellent
I installed this, and it seems to have worked fine. My first new member to sign up after this is installed, emailed me their information, but for the probability part, all I got was:
WHO MIGHT THIS NEW USER BE?
----------------------------
# | PROBABILITY | USER..| ID.|....EMAIL........|.MATCHES..................
-------------------------------------------------------------------------------------

Any idea what I may have forgotten?
Good news: this means the new user might be nobody! :D

If his ip, email, password, isp does not match that of any existing user, this list will be blank. So everything is ok, this is no bug..

But if you want to second my word, go register yourself as a new user and use your admin password and check what hack will return to you.. ;)

Logician

Installed, works perfectly, very useful to me.

Good stuff. :bunny: :bunny: :bunny: :bunny: :banana:

hahaha... thanks... nice hack!

Originally posted by Logician

checks just new members against existing members' data..


Is it possible to even have the ability to check existing members? I realize it would probably have to be a whole seperate hack, but would it be something that would be fairly easy for you guys to do?

By the way, I love this hack, I think it's one of the best on vb.org.

Originally posted by marc49
Is it possible to even have the ability to check existing members? I realize it would probably have to be a whole seperate hack, but would it be something that would be fairly easy for you guys to do?

Mark they look same, their algorithm is similiar either but if you want to do a good job, you have to restructure the hack to code your request. Here is a technical info:

In "who might this user be" hack, the hack retrieves the IP address (email and password too) of the new user and searches BOTH the message database and userdatabase to match the IPs (and ISPs). You have only one IP to check against other users IPs, so handling it is easier.

However if you want to check an existing member's IP inside the database, things changes because he might be a dynamic IP owner and an active poster which means he may have tens of different IPs recorded in your database. If you want to do a good analyze as this hack does, you have to take all these IPs one by one and search them inside your database. This can be time consuming if he has too many IPs or if your database is big or your MYSQL server is slow. Moreover this means you have to code this hack quite differently than this hack. So it's not really possible to make a quick adoptation, in the coder view, you have to handle things differently by coding it from the scratch.

I may try working on it sometimes but sorry not soon..

Logician please contact me via private message.....

I am sending you a big big bar of swiss chocolate...

Originally posted by Learner29
Logician please contact me via private message.....

I am sending you a big big bar of swiss chocolate...
Hey I love Swiss chocolate (and Switzerland too)!.. Too bad I'm on a diet :glasses: You'd better eat it for me.. ;)

Glad you liked the hack..

great hack, thank you

*install*

Is there any way to include the referring site in the email?

Originally posted by Night Owl
Is there any way to include the referring site in the email?
if you use $referrername variable in the mail template you get, it should give you the refering username if any..

I like the idea of this and downloaded it to take a look at the files. It says in your README that it does fine with smallish communities.

What could I do for my large one?

Could I have new registrations check with the banned (or other user group I specify?.... I have an "almost banned" usergroup that has no privileges other than posting...)

Could this hack work if instead of it comparing to all the members (over 21,000 now) could it compare to the few in the banned group and in this special group I created and maybe the option to add additional names we are suspicous of and keeping an eye on?

thanks for your help on if this is tweakable. :-)

Kathy by default the hack is not suggested for large communities for 2 reasons:
1- In large communities with a lot of members hack will match many users with same IP or ISP or password so wouldnt give you a good idea as to whom the new user might be.
2- Hack does not only compare IPs in the user database but also in the post database to give more accurate results and if you have a large database (user or posts or both) it would take a very long time to match new registerar's IP in the database which will result in a slowdown in register process.

So it's not good for you as it is.

But I guess it can be tweaked so that it will only compare IPs of banned members and warn you if a "potential" banned member re-registers or even better put him in a special usergroup (like moderated) if the hack decides new user is likely a "banned member". :glasses:

i just installed the hack but i am having a little problem on my testboard (2.2.8).

everything works fine, but when i am finished with registering i get the following error: Warning: Cannot add header information - headers already sent by (output started at /home/websites/test/htdocs/forum/register.php:587) in /home/websites/test/htdocs/forum/admin/functions.php on line 1655

Warning: Cannot add header information - headers already sent by (output started at /home/websites/test/htdocs/forum/register.php:587) in /home/websites/test/htdocs/forum/admin/functions.php on line 1655i looked up the line and there it says header($cookieheader, false); // force multiple headers of same type
} else {
setcookie($name, $value, $expire, $cookiepath, $cookiedomain, $secure);

any ideas?

Originally posted by Bitmap
i just installed the hack but i am having a little problem on my testboard (2.2.8).

What's the line (around) 587 in register.php?

if (!strstr(${$degisken}[matches],"[ISP]") AND !strstr(${$degisken}[matches],"[IP]")) {echo strpos(${$degisken}[matches],"[ISP]")."--";${$degisken}[matches].='[ISP]';${$degisken}[probability]+=$email_isp;}; that's the line in register.php

Originally posted by Bitmap
if (!strstr(${$degisken}[matches],"[ISP]") AND !strstr(${$degisken}[matches],"[IP]")) {echo strpos(${$degisken}[matches],"[ISP]")."--";${$degisken}[matches].='[ISP]';${$degisken}[probability]+=$email_isp;}; that's the line in register.php
ok please replace that line as:


if (!strstr(${$degisken}[matches],"[ISP]") AND !strstr(${$degisken}[matches],"[IP]")) {${$degisken}[matches].='[ISP]';${$degisken}[probability]+=$email_isp;};


and tell me if it fixes your problem..

thank you :) it works perfect now!

Looks a great hack, but I am getting the following message after I make the changes...

Parse error: parse error, unexpected T_ELSE in /forums/register.php on line 534

533 }
534 else
535 // this user does not matched before, so let's create a new array for him

I'd be grateful for any help! Thanks!

Forgot to say, using 2.2.7.

Thanks!

Originally posted by HLodder
Looks a great hack, but I am getting the following message after I make the changes...

Parse error: parse error, unexpected T_ELSE in /forums/register.php on line 534

A few hours ago I updated the hack code and it seems that I've missed a { char. I corrected it now.. Please redownload the hack instructions and apply again. (To not to receive the old cached instructions, please make sure you right click the txt file and choose "save")

Logician,

Many thanks, all is working perfectly now!!!

One of the top quality hacks that I have installed that is actually damn useful. Thanks.

I like the hack but my board gets lots of new members daily.

Any chance that the email is generated from a from where I put the user name and the hack will only work for that user?

Best regards

hi

Any update for lage communities?


regards

Originally posted by Logician
Kathy by default the hack is not suggested for large communities for 2 reasons:
1- In large communities with a lot of members hack will match many users with same IP or ISP or password so wouldnt give you a good idea as to whom the new user might be.
2- Hack does not only compare IPs in the user database but also in the post database to give more accurate results and if you have a large database (user or posts or both) it would take a very long time to match new registerar's IP in the database which will result in a slowdown in register process.

So it's not good for you as it is.

But I guess it can be tweaked so that it will only compare IPs of banned members and warn you if a "potential" banned member re-registers or even better put him in a special usergroup (like moderated) if the hack decides new user is likely a "banned member". :glasses:

hello.

first off. i want to say that this is one of my favorite hacks. as far as administrative hacks, this is by far my favorite.

it worked like a champ on my old host, no complaints at all. but i have moed hosts, and then upgraded my board to 2.3.0, and now I can't get this hack to work the way I want it to.

first off, the email no longer sends me the password for each user. how do i correct that error?

second, the email has a blank line between each line, as if it were separated by a <br> thing or something. I double-checked the template, and it looks fine.

help!

Yesterday at 01:59 AM XFLBret said this in Post #40 (https://vborg.vbsupport.ru/showthread.php?postid=391474#post391474)
hello.

first off. i want to say that this is one of my favorite hacks. as far as administrative hacks, this is by far my favorite.

it worked like a champ on my old host, no complaints at all. but i have moed hosts, and then upgraded my board to 2.3.0, and now I can't get this hack to work the way I want it to.

first off, the email no longer sends me the password for each user. how do i correct that error?

second, the email has a blank line between each line, as if it were separated by a <br> thing or something. I double-checked the template, and it looks fine.

help!
I don't have access to 2.3.0 code as I didn't renew my expired membership so hard to debug for me blindly. But I know that 2.3.0 put all mailing actions into a function and PHP functions does not access to global variables. So you have to find the mailing function and globalize password variable to get it by mail via this line:

global $password;
As I don't have the code, I can not help you with its location, sorry..

As for extra line, again hard to debug as I don't use that version, but you can try to remove \n at the end of


$match_user_final.=(string)($i+1)."- ".${$result}[probability]."% => ".${$result}[username]." (id:".${$result}[userid].") ".${$result}[email]." ".${$result}[matches]."\n";
and see if it helps.

I'm using this on a really large community, but I am pretty aware of the people that I am looking for.

I would like to be able to extend the search time for the script as I get this error

Fatal error: Maximum execution time of 30 seconds exceeded in /usr/home/diabloworld/forums/admin/user.php on line 1341

How can I do this?

GREAT hack btw, you just need to have more patience and awareness with a large forum I think.

Today at 02:38 PM Morgalis said this in Post #42 (https://vborg.vbsupport.ru/showthread.php?postid=394512#post394512)
I'm using this on a really large community, but I am pretty aware of the people that I am looking for.

I would like to be able to extend the search time for the script as I get this error

Fatal error: Maximum execution time of 30 seconds exceeded in /usr/home/diabloworld/forums/admin/user.php on line 1341

You can insert

set_time_limit(600);

right before hack code to avoid this error.


GREAT hack btw, you just need to have more patience and awareness with a large forum I think.

You are missing the fact that technological structure of the hack does not let it be used in large forum, it is not related to my awareness.

This is because:
The hack checks all IPs in the post database and user database to make an extensive and successful matching and to complete this search quickly and without making your server busy, your database size must be small (ie your board must be a small board). If you use the hack in a large board like yours, it is inevitable that you'll run into problems just like the error you have in your hands now. It shows that the hack can not finish matching the users in 30 seconds everytime it runs so its putting a burden to your server to compare a huge list. My solution can avoid this error but it does not show that it is ok to use the hack with your board. Because my solution above just makes sure you don't get the error but the burden in your server will there everytime someone registers and more imporatly he will have a looong waiting time when he clicks "register" button even if you don't have an error message.

This is inevitable.

The only chance is to avoid it is to recode the hack so that it will not make comparisons in the entire database (this means it will produce less successful results at the end).

So as you can see we have a technical restriction here, regarding large boards..

Is this working on 2.3 as well?

Is it possible to track back old users?

thanks

Today at 09:28 PM Matthew Lam said this in Post #45 (https://vborg.vbsupport.ru/showthread.php?postid=413437#post413437)
Is it possible to track back old users?

question is not clear to me but the hack will check the entire database so you old user is still a user (ie not deleted from DB), he will be matched..

05-24-03 at 10:58 AM gmarik said this in Post #44 (https://vborg.vbsupport.ru/showthread.php?postid=399271#post399271)
Is this working on 2.3 as well?



Any news?

It Sure is ...

I was finding this hack very helpful, but after integrating Hivemail with vBulletin I had to remove the code from "register.php". Can you please tell med how to change the "Who might this New User be?" code bit in "register.php" to make it work again?

I have included the code from Hivemail that I have added:

// @@@@@@@@@@
// <hivemail>
$hivemail_filepath = '/home/yoursite/public_html/hivemail';

if ($action == 'mailsignup') {
if ($bbuserinfo['userid'] != 0) {
$action = 'register';
define('VB_PLUGIN', true);
require($hivemail_filepath.'/includes/vbulletin_plugin.php');
if ($bbuserinfo['hiveuserid'] != 0 and
$hiveuser = $DB_Hive->query_first("
SELECT userid FROM hive_user
WHERE userid = $bbuserinfo[hiveuserid]
")) {
header('Location: usercp.php');
}
eval('dooutput("'.gettemplate('hivemail_signup').'");');
exit;
} else {
$action = 'signup';
}
}

if ($HTTP_POST_VARS['action'] == 'addmail') {
if ($bbuserinfo['userid'] != 0) {
$action = 'register';
define('VB_PLUGIN', true);
require($hivemail_filepath.'/includes/vbulletin_plugin.php');
if ($bbuserinfo['hiveuserid'] != 0 and
$hiveuser = $DB_Hive->query_first("
SELECT userid FROM hive_user
WHERE userid = $bbuserinfo[hiveuserid]
")) {
header('Location: usercp.php');
}
$email = $bbuserinfo['email'];
hivemail_register_user($bbuserinfo['userid'], false);
hivemail_update_password($bbuserinfo['password'], $bbuserinfo['userid']);
eval('standardredirect("'.gettemplate('hivemail_thankyou').'", "usercp.php");');
exit;
} else {
$action = 'signup';
}
}

define('VB_PLUGIN', true);
require($hivemail_filepath.'/includes/vbulletin_plugin.php');
if (($action == 'signup' or $action == 'register') and
$bbuserinfo['userid'] != 0 and
!$allowmultiregs and
($bbuserinfo['hiveuserid'] == 0 or
!$hiveuser = $DB_Hive->query_first("
SELECT userid FROM hive_user
WHERE userid = $bbuserinfo[hiveuserid]
"))) {
header('Location: register.php?action=mailsignup');
exit;
}
// </hivemail>
// @@@@@@@@@@@

// @@@@@@@@@@
// <hivemail>
if ($hive_signup == 'yes') {
hivemail_register_user($userid);
}
// </hivemail>
// @@@@@@@@@@@

I don't know why you had to remove my code while installing hivemail code? You didn't mention where you inserted it, nor I'm familiar with hivemail but I believe my code should not clash with hivemail's code unless it bypasses vb's default registration project to register the user to vb itself. This would be unlikely so my hack should still work. But if this is the case, then my hack will never work because if hivemail is overtaking the registration process, then it means that hivemail should be hacked to achieve what this hack is doing.

Ok, well it did clash and the mySQL error stopped when I removed your code. It's a shame, I was really finding your hack very usefull because "my kids" think it's easy to change username just by setting up another profile :(
I'll let you know if I find a way around it :)

Read your signature Logician, and I'm giving a bump to this thread to let you know that we are eager for the return of this admin tool.. thought it was better than one of a sea of pm's asking you to port your hacks

Yes, I REALLY miss this hack. I've caught so many banned members trying to sneak back in under a different name, don't know why this wasn't included in VB3. We all need this Logician! :)

The problem with that hack's porting is that VB3 password system has been completely changed and it is very hard to match passwords of existing users at the moment. And IMO password match was the most important feature of this hack. So I need to figure out a solution before working on porting which causes me to give this hack a low priority in my to-port list. I don't say I won't but I can not say it will be soon, sorry.

Hi logician,

I read from your passwort algorithm prob to port this hack to vb3. Have you been a step further? I found this a really really useful and important hack for vb2. I would like to see it in my vb3 as well! ;)

Thanks so much!

joergh

Logician this waas an extremely important hack for popular boards.

Please keep us in mind if you still plan on working on a 3.0.3 solution.

Logician

How can you config this program for vBulletin 3.0.3 without the hack figuring out the passwode code. Meaning make the whole program work without having to worry about matching passwords????

I liked to due to the IP & ISP's percentage

As much as I loved this hack in vB2, ill have to subscribe to this thread and hope that he gets it to work for 3 :/

This hack is much needed in vB3. Please??

Hack works fine for me in 2.3.0 however when I have "Verify Email address in registration" enabled I get a DB error. Any idea why?

This hack is much needed in vB3. Please??

yes would be very usefull ..please :)

yes would be very usefull ..please :)
bump for this, i'd install on v3

Yes please for VB3 :)

Status on the vB 3 version?

please a 3.5 version !! :-)
We need it.

Bump for a VB3.5 version...

Any other hacks like this for vb3?

I agree! Any chance someone could port this??

This hack was very useful when i was using vb 2.0 . A agree that a new version for vb 3.6.0 would be really great!

Thats what I really need now, sad :(