Duplicate IP Report by BOP5 (Checks for users sharing the same IP Addresses) VB3/VB4
 

Brought to you by BirdOPrey5
www.Qapla.com

Version 2.1.2 - Fixed MySQLi bug - Introduced GOLD/Premium Version
Version 2.1 - Added BBCode to Banned Users and Post Count Options, better debug info
Version 2.0 - Added report for Registration (User) IP Address Checking

Check out the GOLD Version for these additional features:

• Run reports directly from the Admin CP anytime you want
• Post daily report as a "New Post" into an existing thread rather than a "New Thread" each night
• Access to another Gold Mod- Recent Registration Check- will block spammers and scammers trying to register multiple accounts from the same IP address

This mod will run a nightly scan of your "post" and/or "user" table. It will report if it finds any users sharing the same IP address. You choose in the options how many days back you want to look. (Max of 5000 days, but please use more reasonable limits.)

If any "duplicate use" is found the IP addresses, usernames and optionally the posts themselves will be reported.

See a real report: Report Demo at Qapla.com

The report takes the form of a new thread posted to the forum of the Admin's choosing (A private forum for mods or admins is strongly recommended.)

There are options for whitelisting (ignoring) specific IP Addresses and/or userids so if you or your mods post as other users you can prevent that from being reported. If you use the Zoints Anonymous Posting mod you will want to put that userid on the whitelist else the report will out whoever posted "Anonymously."

NOTE: There are PERFECTLY valid reasons 2 or more users may share the same IP address. This report in and of itself is not proof of malicious activity. Users that connect by mobile devices, work in same offices, or go to the same schools for example would likely share the same IP address on some posts. So would too any users connecting from the same home or public Wi-Fi network.

As of version 2.0 there is a report for both the "post" and "user" table. The "user" table will find when 2 or more users register with the same IP address.

Tested and working on VB 3.8.7 and VB 4.1.12/4.2.0 and should work on all 3.7 / 3.8 / 4.x versions.

------------------------------------------------------

Please "Mark as Installed" if you use this. :)
Donations always appreciated. :up:
Nominate MOTM if you LOVE it! ;)

Reserved.

nice installed

Excellent ... Installed !

Very nice Mod. Installed on 4.1.11 patch 2 and works perfectly.

Thanks BOP you are the best!

Very nice, been waiting for something like this, any chance of making it check the user table too for the registration IPs?

Thanks :)

I suppose checking the user table would be possible where it could report duplicates but it's not dynamic like the posts table. Once two users register with the same IP they would always show up in the report. I suppose I could limit the report to maybe the last x number days of registrations but it should be longer than the post check.

I will think this through a little better and figure out if it is practical to include a registration ip check based on feedback I get from the current version. :up:

Version 2.0 Released- Now will check the User table too (For Registration IP Check.)

The first time I ran this report I saw one IP being used by 18 people I hadn't noticed. They had never made a post but when I checked their profile they had all spammed their own visitor messages with links.

Without this mod no telling how long they may have lasted.

You will need to do a full install - that is upload the new php file AND import the product xml file, overwriting each, if upgrading.

Excellent addition. V2.0 found a spammer with 4 user id's on my forum that the first version didn't detect. Thanks BOP. If they spam via PM and never post this will find 'em.

Excellent..Installed..

Nominated, fantastic stuff. Thank you BOP!

What this Mod different from Mod Multiple account login detector (AE Detector)?
Thanks,

That one is for vB Version: 3.7.1
Some say it works on vB 4 some say it doesn't.
That one isn't supported, this one is, by a Moderator of vB org as well.

I actually use another old version for such as this, and it works fine, but in the future I will start to use this one

That working fine for me on VB 4.12. However, I will try BOP5 Mod.

Isn't that one Cookie based, and this one IP based?

Also, installed!

Really apples and oranges- I use both. That mod doesn't look at IP addresses at all, it looks for a cookie that can be easily cleared by a user who knows what they are dong.

It doesn't create reports, it PMs or posts on a single detection.

One isn't better than the other- just different mods.

This looks yummy.

Tagged for later!

What does this mean?

How many "Days back" did you set for the report to run for both posts and users?

It should be a value between 0 and 5000 for both of those or else you get that error.

Press this button to manually run the report not working:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

I left them at the defaults:

How Many Days Back To Check? (Posts) = 7
Enter the number of days of previous posts to search for this report. Set to 0 to disable this report.

How Many Days Back To Check? (Users) = 30
Enter the number of days of previous registrations to search for this report. Set to 0 to disable this report.

Records Limit = 500
This is the absolute max number of IP Addresses that will be returned in any report. Even on large forums this usually would not be a very large number, this limit is like a safety check- if your reports return anywhere near this limit there are probably bigger issues.

Note that this was a manual run. The full output says this:

Thank you very much, works great with vBulletin 4.1.12 Patch Level 1 :)

What values are you setting for days back? Try setting them low- really low, like 1 and 1, and see if it works. It will give me an idea of the issue.

Are you familiar with running manual SQL queries if I gave you a couple to run?

Please "Mark It as Installed" :up:

Yes. Fire away.

#1)

That is the code for the 7 day look back of the posts table. You will have to put a table prefix in front of "post" if you use them.

#2)

That's the 30 day look back of the User table.

I'm curious if either of these produce any results (return any rows.)?

If they don't, let me know. if they do maybe you can PM me what it returns, you can edit/mess up the IP addresses for privacy if need be.

SELECT ipaddress, GROUP_CONCAT(DISTINCT userid) AS userid, GROUP_CONCAT(DISTINCT postid) AS postid
FROM post
WHERE dateline > 1335925435 AND userid > 0 AND ipaddress != ''
GROUP BY ipaddress
HAVING COUNT(DISTINCT userid) > 1
ORDER BY COUNT(DISTINCT userid) DESC
LIMIT 500;

Result: MySQL returned an empty result set (i.e. zero rows). ( Query took 0.0026 sec )

SELECT ipaddress, GROUP_CONCAT(DISTINCT userid) AS userid
FROM user
WHERE joindate > 1333938235 AND userid > 0 AND ipaddress != ''
GROUP BY ipaddress
HAVING COUNT(DISTINCT userid) > 1
ORDER BY COUNT(DISTINCT userid) DESC
LIMIT 500;

Result: MySQL returned an empty result set (i.e. zero rows). ( Query took 0.0030 sec )

OK. Well the good news is you don't have any duplicates in your forum.

The bad news is... I have to fix my code to deal with that situation- it was the one situation I couldn't test because I was always seeing duplicates in one or the other.

I'll probably release a fix later today. I'm confident that if you did have a duplicate the report would run as expected.

Thanks BOP5.

Awesome mod! Something that I've been looking for. Many IP/multiple accounts reporting mods really only check on registering, and not posts, which is just as vital.

I see the only problem is that it says that "Invalid days" line, everything actually runs as expected. You're not getting a report because you have "Post empty reports" set to "No." If you set it to yes the report would run (but be empty.)

I have made the fix in my working copy but since it doesn't effect performance I'm not going to update the mod just for this minor change- it will be part of the next release. :up:

Is there anyway that people who have been banned can be mentioned? This way, I can easily check if someone has been banned already and a duplicate user by-passed the ban (not yet banned) with another account.

And or an option that banned people can be excluded of being posted on the duplicate IP list?

And perhaps an option to show how many posts each account has within the reported thread.

As of now banned users should be showing up on the list.

Adding an option to exclude banned users sounds like a good idea, as do post counts- both should be fairly easy and I will try to get it into the next version.

Indeed it does :), but it also shows up non-banned users. So I have to manually see which one has been banned and which one hasn't been banned. Maybe defined by a color (green = non-banned, red = banned) to easily see the difference.

Thanks :), appreciate it.

Thanks. Installed

Typo in bop5_dupeip.php:

Line 229:

Change:

To:

thanx. :)

Intalled for testing with thanks ... :)

Is there a reason that moderators show up with duplicate IP's as some standard registered users?

Perhaps has something to do with them moderating (editing or deleting) the registered user's post, causing the moderator's IP to be added?

Regards,
Doug

Follow up ... :)

A great idea for a mod and in my opinion, badly needed, however, it has one caveat that everyone should be aware of, already pointed out by bop5 ... ;)

According to the output from this mod, I have a single IP address 132.3.33.68 being shared as a registration IP by 7 different users. It's absolutely correct, except the IP address is from a military base where IP addresses are rotated and assigned randomly (and re-used). All 7 members are legitimate and not spammers etc,. so one has to be careful as to how to use the information provided. ;)

It's very common for dial-up and internal networks to re-use and re-assign outbound IP addresses, so unless there's a way of ensuring that the multiple registrations (or posts) come from a specific machine, it's a bit of leap to assume too much. I also use the "cookie" based program which does run for me under 4.1.3pl5 and yes, cookies can be deleted, but I find it's been 90% plus in nailing spammers and other dysfunctional folks who have tried to register 0r re-register under different names.

I don't know if this mod could be enhanced to add "cookies" or some other method to furthe narrow the data, so good guys aren't inadvertently nailed along with bad guys .... :D

Nice work BOP5 .. appreciate your efforts ... :)

Regards,
Doug

Doug,

In my test a moderator editing a post did not change the original IP Address assigned to the post. I checked on VB 4.1.12.