Troll/ip-tracker, detect multiple accounts/trolls [3.6 compatible]
 

Continuosly information about updates can also be found here.

Edit 2007-08-07

Since the script needs to be rebuilt from scratch due to some problems with it, I've decided to temporarily stop the distribution. On larger sites, this script may cause heavy lagging when active. There has also been reports on "duplicate keys", that should be fixed. To prevent more problems cause by this hack, it's removed and cannot be downloaded.


History

In 2005 a forum was founded, for a short period of time that was intended to work as a service for people with a common interest - a reality show. The forum grew big and the traffic was very intensive. Moderators worked day and night to assist the forum. Traffic and events in the show made people show different kind of feelings and some of them showed this in strange ways. They said "I'd better register 10 nicknames, just to secure that noone can ban me". Sometimes, when they got banned, they registered new nicks and sometimes they switched ips but they didn't post anything the same day. Next day, they switched ip again and it suddenly got much harder to trace their nicks back to the start.

In 2006, the forum opened again (new season) and we was prepared for this. A script, specialized to trace trolls, was written and the main purpose was to trace things that vBulletin missed. This plugin was requested at the vBulletin forums.


Now, it's here, as a beta production - a trolltracker that stamps all visitors even if they don't post anything. It also, partially, checks if an ip-address can be traced from anonymous proxies by reading headers that proxies are sending to he server (HTTP_VIA and HTTP_X_FORWARDED_FOR).


Templates to change (Optional): 3


Attached

trolltracker-2.0.3beta.zip - the main archive with the tracker and extras
iptracker.php - A quickfix for the coming version 2.0.4 that changes the SHOW COLUMNS-behaviour-bug in the tracker


The archive

The zip should contain the following files

• The product, currently named product-trolltracker_beta.xml because of it's beta status
• iptracker.php, the tool that makes it easier to trace nicknames and ip's
• iptracker_search.php, htmlcode - the searchform that iptracker.php is using (old code that never used templates)
• trollpost.php, a quite slow script that imports ip's and usernames from the post-table to make it possible to trace older data. (If you run this over a web-interface, it might not work, because of timeouts --screendump--)

How to install

1. Copy *.php to your forumroot
2. Install the product code (choose overwrite if you're upgrading)
3. Check the configuration from your admincp (settings for usergroups that can run the iptracker.php is made from there)

Additional information


Track older ips (2.0.x)

If you want to import older posts, you can do that, but because of timeouts (and bad scripting) trollpost.php may timeout if you run the script from a web-browser. This part is, currently, unsupported, but if someone has any ideas here, feel free to notify me.

OPM Support

The ip-tracker supports RBL Monitor.


How to use it

Use the tracker by calling http://your-forum.com/iptracker.php


Database

The installation creates a table named user_troll for your forum.
The FQDN-support also adds a table called user_trollresolver for the resolver cache (like the one used in the OPM monitor)

Information and issues

• There is no version 1.x - that version was private (this is not an issue)
  
• It's still a beta, so bugs may still annoy us
  
• Testing on vBulletin 3.6.0 rc1: Works fine
• Importing posts with trollpost.php might give strange results if you are using the multiple account detector (AE): reports in forum that are posted with a specific userid makes it look like a troll is using other usernames too

To do

See CHANGELOG for full details


Show the tracker in navbar (v2.0.1+)

To show the tracker in the navbar (only for the admingroups that can be found in the options), edit your template 'navbar' and add this code where you want it to be shown:

I chose to put it in the end of navbar, right after this code:

How to show trolls in the onlinelist

Edit template:
whosonlinebit

Find:
</tr>

Add above:
Edit template:
WHOSONLINE

Find:
Add above:

Support, help, contact

Any questions, requests and bugreports can be sent to me by PM, mail or via threads at http://vbulletin.tornevall.net/


Don't forget to install this plugin

Fixes and something to wait for...


CHANGELOG

2.0.4 [beta]

• Using short-time cache to look for duplicates instead of scanning the whole database (based on cookietimeout)
  
• The above cache is used with the whos online-list too
  
• Added cache for alerts so reports only will be sent on changes in the usernames
  
• 2 phrases fixed
  
• Added username exclusions (usernames/userids that won't be blocked)
  
• Fixed the SHOW COLUMNS-problem in iptracker.php
  
• Fixed a serious injection problem

2.0.3 [beta] (bonus release)

• Autoblacklist banned users

2.0.2 [beta]

• Alerter caused blank page when PM-reporting disabled
  
• Trolltracker now blocks other usernames too if there's a match with the list in options
  
• Trolltracker now blocks linked IP-addresses listed in options

2.0.1 [beta]

• Added class="alt1" into tables in iptracker*.php
  
• Added "exclude guests from result" in the iptracker (option that won't count users with id 0 - guests, etc)
  
• Added report/alerter by PM/forum
  
• Added field alert into database
  
• Added autodetection on search (if a searchstring contains XX.XX.XX.XX it will be treated as an ip)
  
• Done some minor changes to the userlink-function (the one that can bind new usernames to their old ones faster)
  
• Fixed the userlink-lookup in iptracker.php (made details)
  
• Added function to block specific nicknames when reaching the trigger limit
  
• Using strftime for date/time-fields (Tested with vB 3.6)
  
• Added search-depth in iptracker.php
  
• Added "exclude rbl-results" in iptracker.php (Won't show proxies if any)
  
• Added $show[trolltracker]-condition so the tracker can be shown for admingroups in templates
  
• Added trolldata to who's online
  
• Added highlighted searchresults for iptracker.php
  
• Admins will now be excluded from the dupe-checker
  
• Blocked users are now shown as blocked in "Who's Online"
  
• Scanner using vbphrases instead
  
• Queries to database rewritten (JOIN)
  
• Added group for administration of the trackerdb (removal of entries)
  
• FQDN Compares on undetected users
  
  

To do

• Add trolldupes.php - quickscan the database for duplicated nicknames and list them
  
• iptables support (?)
  
• Add exclude userids from scanner (mainly for fixing the AE-Tripper issue)
  
• IRC/Eggdrop support for online-tracing and support
  
• Autoblacklist banned users
  

thanks so much for this....i happen to have one single member who this will be useful on....not that he hides himself lol but at least i will be able to track him better i hope.

It will be easier in 2.0.1, with the Who's online part. :)

I like this!! Question, will this cause my database to grow to a HUGE size, since it tracks every IP to hit my forums?

No, if there's an old matching ip (together with userid/username), the plugin will do an UPDATE instead of INSERT to that entry. :)

ah, ok...

That's great, I was kind of worried. :D

Consider this installed. :D

Nice! As fast as I'm done with the report-via-PM/forum-function, I'll try to release v2.0.1 - check the 2nd post in this thread for news :)

Great!

I had to edit the font colors in the search.php file, but no biggie. Every site will differ..

Thanks!! Great hack!

In next release, I'll remove all those fonts and sizes, so it follows the CSS classes instead. :)

Just a suggestion/request

how would adding the ability to filter out posts from a certain forum and filter out specified users setup in vbulletin options.

Thanks
- James

Do you mean the product that filters out posts, now? :)

Will there be a function in this hack, that allows us to do a query for double accounts in general? i.e. where one just scans for any IP which has multiple accounts attached to it? That would be the ultimate IMO.

I am receiving hundreds of error messages after installing the troll tracker. All are relating to error number 1053

And there are many more, but I do not want to hijack the thread. What is the problem?

You mean something like the example shown in the attachment? Yes, there is a single deep-check now. :)




I found a thread here, about this errormessage but that was with vB3.0 and a dedicated server (and this is the first time I see that error-message). Is that happening, only when using this product? The last message you pasted can't be found in the tracker:

Can it be something else, that happens? :surprised:

Thank you very much!

ummmm i need some help....i logged out of my vbulletin and now it won't let me back in lmfao.....how the heck do i get this removed so i can get back in and then set it up again?

okay now its not letting anyone in....and btw these members only have 1 account from one ip....

It sounds like something happened, that shouldn't happen and something that must be fixed soon. Was the option for blocking trolls active?

Can you edit your config.php, try add a line temporarily:

define('DISABLE_HOOKS', 1);

After that, you should be able to login, disable the product and get in again (just don't forget to remove the above line later ;)).

I'll attach a modified xml that disables blocking of users until the next version is released, just to be sure that it won't happen again. If it was something else that happened, what messages did you see?

define('DISABLE_HOOKS', 1);

i knew that lol cuz when i upgraded i had to do that

duh lol

disabled and working again thanks for the reminder

the only message that i got and everyone else got was

too many nicknames on this forum blah blah blah

yes it was enabled

I'm not sure if that is what I mean. Hope so.

Thanks for that thread. It has started right after installing this hack. 99% of the error messages have to do with the troll tracker. So I pretty sure this hack caused it, but I have no clue why or how to fix it. Like in that thread my errors are also on fixed times. Give or take a minute: 00.00 06.00 12.00 18.00

btw i want to thank you for such a quick and helpful reply to my email. that kind of support is so hard to come by. that's just top notch work on your part. thanks again!

you are very easy to find and get in touch with. i wish more coders were that way!

I'm a very supportive person.. It's just fun to help :)

2.0.1 beta has been released. Report bugs, please :)

Due to a smaller bug that caused a blank page when disabled PM-alerting only, there's now a 2.0.2 with some other fixes too

2.0.2 [beta]

• Alerter caused blank page when PM-reporting disabled
  
• Trolltracker now blocks other usernames too if there's a match with the list in options
  
• Trolltracker now blocks linked IP-addresses listed in options

Bonus release:

2.0.3 [beta]

• Autoblacklist banned users

Meaning, if a user is banned, the user can't even touch your forum anonymously (= not logged in) if there's an ipmatch.

when i search fo ips it gves me this error


<!DOCTYPE HTML PUBLIC>
<HTML><HEAD>
<TITLE>Database Error</TITLE>
</HEAD><BODY>
<H1>Database Error</H1>
The requested URL http://www.mysite.de is not avaliable at the time please try again later.<P>
<HR>
<ADDRESS>Apache/df-exts 1.2 Server at www.mysite.de Port **</ADDRESS>
</BODY></HTML>



also this

You are trying to run this page from the outside of vBulletin. Don't do that.

why do i get this errors sorry im new at this vbulletin stuf thanx...

I'm getting this error :(

I have error number 1064 and 1062 too when a user make login in forum

cheers

The problem seem to start when this row executes from iptracker.php:

I have a strange feeling that this is a mysql-issue where SHOW-commands isn't allowed (confirmable?). I'm not so good in such errors so this is just a wild guess and I should see if I can change this in the code.


geppeto, I'll get back to you. :)
I got the same error before, but that time I fixed that part.

Release looks really promising :) hope you can get the kins worked out :)

i cant ewen search for the ip adresses when i type an user name it says 0 user name but there is a member on this name what im i doing wrong can you help me

thx tmm

If the wife and I both try and access my forum...she gets blocked out of the site cause shes not an admin...and she gets an SQL error...

A small fix for iptracker.php, in version 2.0.4

Hopefully the problem with SHOW COLUMNS is fixed here (replaced with an array instead). I've also added the file in the release at the top, if someone misses this post.

Debugging for selfchecking is added, but only for admins. Calling iptracker.php with those parameters should therefore work: ?self=1&selftest=<ip>&selfuser=<username>

Also known as "What the user see in the selfcheck"-debugging.


FQDN-checking in the selfchecker is also removed. The FQDN lookup should only be available for the tracking.


I think it's time to add that exclude-list I have planned. :)

By the way, you can turn off the function that automatically blocks all users with more than X nicknames (attached screenie).

Did I get rid of this problem after the upgrade of iptracker.php? :)

I use quick account switch and it detected me as a troll. How do I delete my entry in the log?

Do a lookup on your nickname and mark yourself in the checkbox in the list of usernames. Then choose to delete yourself. In the configuration from admincp, you can decide if the removal from the list should be hard or soft.

to be a bother but I uninstalled the hack, the reinstalled it and tried again, this time, I am not marked as a troll but I still cant seem to get the same view you have in your screenshot with the delete button. I appear to be in the right area but theres missing text next to one of the check boxes and I cant delete even if I select the names then press the button. What am I doing wrong, it almost looks like part of the old version is still left behind? Thankyou in advance