Well can you just have it check for duplicate ips?

I'm actually looking for the same thing, based on:

IP checking (Exact and ISP (guess) matching).
E-mail duplication.
IM info duplication.

I would also have liked similar passwords... it was the most successful method for spotting returning trolls in the past. I concede I don't care about salted passwords... Never had a problem here... but trolls are a concern, and any tool that can assist me in spotting returning trolls has a higher value to me than salted passwords.

Finally... I would like this as an additional function. Such that it can be used to populate the "new user registered at your forum" e-mail that admins receive, and can also be available via the admin control panel for retrospective searching (in case the data changes through new registrations ;)).

i think in vB3 by default you can be emailed everytime theres a new user

Yes, we understand that.

What we are looking for is an improvement to that e-mail.

In VB2 I was running a hack that made those e-mails like this:

Where:

XXXXXX = username
NNNN = userId
PPPP = password - Yes this is passed plain text... if you have matched on someones password you need to determine whether that password is unique or common... if the password was "password" then you'd know to ignore this test.
IP = user IP address
EEEEE = user email address

Thus, the admin (myself, and myself alone) was empowered to ban or watch a user based on their probability of being someone else... prior to their posting and sometimes even prior to their completing registration.

Maybe you should make a new thread, might get more help, since there seems not to be any help here ;)

I might just have to modify the hack myself, i'm sure a few table changes would fix it ;)

No need ;) Fewer threads is a nice goal.

Anyway... so I've done some searching and found the VB2 hack:

https://vborg.vbsupport.ru/showthread.php?t=38909

Which was by Logician.

I've PM'd him to ask him if he is either going to port his hack or permit his code to be tweaked slightly so that it is suitable for VB3.

I'm now awaiting a response on that :) He's cool though... and VB.org mod! Not sure when he got promoted... but very cool... he deserves it as his were some of the hacks I always looked out for.

I think I'm going to hack mine anyway... It looks likely that for me to use the vBulletin user tables as a source of single-sign-on across other applications (a wiki at the least) that I'll need at the least an unsalted md5 hash of a user password... and somewhat likely (due to the primitiveness) of things like Php-Wiki and mod_auth_mysql ( http://httpd.apache.org/docs/mod/mod_auth.html ) that I may personally take a step towards having plain text passwords in the database. So there's little to stop me implementing the hack above in either scenario since I already know I need less security in the DB stored details for me to offer single sign-on and integrated login over other apps.

OK, Logician has responded.

He is going to convert all of his VB2 hacks to VB3. So I shall not be releasing anything I put in place on my boards that is similar.

He is also aware of the password problem... and that some of us feel that it was the crucial part of the hack... but he will address those things when he starts the conversion.

So there we are... if we can just be patient it will come along... which is probably for the best as anything I would've undertaken would've been a bit messy ;)

Cheers

David K

Was this duplicate user passwd recognition system ever developed for vB3? I agree that many would give up the security of encryption salting in order to keep trolls out. This was very powerful in vB2.

It's not going to happen since you'd have to forcibly rip out the salting system and then hose all the current passwords.

I haven't looked at the code, but you're saying that the code changes would be substantial to remove salting?

As far as hosing the passwords, I envisioned a script to convert all passwords to de-salted versions.