duplicate ip/password list!
 

and here it is, finally.. perhaps one of the sweetest hacks i've ever installed.. unfortunately i didn't write it, but wired from http://www.xirgo.com (an awesome host, btw) did, and he gave me permission to release it on here.

this is the duplicate ip/password list hack. this basically shows all duplicate accounts on your vb forum sorted by their ip and/or password. this easily allows you to detect who's really who on your forum, and delete/ban accounts that you think are duplicates.

basically it works like this. there are two parts to this list, one part sorted by duplicate ip, the other part sorted by duplicate password. you can definitely tell users have multiple accounts on your forum if you see two (or more) users both with duplicate ip's AND passwords. this list also lists their post counts and their last visit date, so, if you want to just delete one of someone's duplicate accounts, you can choose to do so by either their last visit date (delete/ban the account that hasn't been on the forum longer), or by their number of posts (delete/ban the account that has the less posts).

please note that NOT ALL duplicate pw's are duplicate accounts, obviously. any user can happen to have the same pw as someone else. i wouldn't recommend deleting people with JUST duplicate pw's, nor with JUST duplicate ip's, because of shared accounts on the same connection, etc., but they can definitely be fishy.

to install this hack, simply put the dupeip.php file into your /admin directory of your vb forum. then to access it, go to yoursite.com/forum/admin/dupeip.php, of course.. that's it! no templates to install, no files to modify!

NOTE: the passwords on the list are in their VB encrypted form, but to be safe, only show this list to the other admins of your forum, although by putting it in your /admin folder it will ask for an admin login anyway.

Funny I have made a hack to stop this from happening all together. What it does it stop people with a Ip that is already registered from registering again... while this hack you have is very nice... this would prove to be more carefree and protective..

https://vborg.vbsupport.ru/showthrea...threadid=36049

Got to give this a try. Use to have several users who used to have register multipule times to raise their original post count. :D

But what about dynamic IPs? Cause in my area, someone else can get the IP I was using a few months ago.. :confused:

that's a good idea for a hack, but i wouldn't install it myself, neo. some people on my forum, although listed on the duplicate ip list, ARE different people, i know for a fact. so installing that hack would only tick them off, although there are ways of getting around it, of course.

well I just guess those people would have to live with it... But in my opinion this hack has the same usfulness as mine, but with a few added features... but anyways..nice of you to post it for the rest of us

I had edited a script that was made here about a week ago to do the same thing this hack did, almost, mine did not show duplicate passwords, but it also was not as organized. Instead of showing them grouped together, I had to go down a list of 200+ members to find the duplicate ones to investigate.

Thanks for this hack, another backup should someone be able to get around the hack neo mad :).

SaintDog

I became rather board and the white and all was hurting my eyes so I made a few changes to make it look like the control panel (default style), it makes thing a little neater in my opinion.

I am not taking credit for anything other than changing some colors :) - I am hoping this is not a problem? The file is the same, just made to look a little better.

Download Below:

Problem with that though is that a lot of (for example) Australian's have the same ISP, with dynamic IP's so you could be banning/stopping lots of innocent users with that...

saintdog, thanks for taking the time to do that, although i get a header info error with that file for some reason.. not sure why, but it works like a charm.. i do admit the interface for mine is rather ugly, but it provides more function rather than beauty, and plus i had no intentions of linking the file from admin cp either.

Seems to be working fine for me, at least since I have been using it. I will see if I left out or deleted anything from the script that may be causing the header error. If I can find the reason I will re-upload it.

SaintDog

Hi, hack sounds great. I downloaded the file and installe dit, but when I run it I get a blank white screen. Was I suppose to modify the file in anyway to get it to work on my server?

Nope, just upload to your /admin folder and open your browser and goto the location of the file :)

SaintDog

ok I did that and it did not work, so here is a question.

I have the php3 version, so all of my php files end in php3

So what is the difference between the two versions VB offers and which one are the hacks written for

The hack was written for the PHP versions I am pretty sure, although there should not be too much of a difference I would not think, but I do not know everything about php so I could be wrong.

SaintDog

Saintdog/supreemball: In addition to your pretty color change, I added an admin nav option to the admin's index.php page, and that is when I notice the "not outputing header" error. Here is what I put for the nav link:

I added the slash at the end of dupeip.php because vbulletin was adding things to the url that your script didn't like, so I was getting "page not found" errors. What can I do to add a link on the admin page and get it to integrate as normal? Any ideas?

Great hack btw, :D

Saintdog: your version produces a warning if you call the script directly, but if you integrate it in the CP it works fine. :)

Nafae: you can do it this way (this is an extract of my index.php, the Hacks sections) look at the dupeip line.

Supreemball: thanks a lot for this one. I'll integrate it with the extended version of the loginlog hack (originally by PPN) that I made to look at dupes also for login IPs...:D

Nice restyle... Just, shouldn't have been a little cleaner to use
cpheader() and cpfooter() functions as in each AdminCP page, instead of replicating such a html code inside the php script ?

:laugh: Thanks

Awesome hack. Love it :).

i integrated it in the CP but it still shows the errors:
how can i fix it?


LaNder

Great hack!

One question - it seems like it only checks for duplicate IPs that are in the profile (the one you see in the admin cp when you search for a user). It doesn't look through all the IPs (like if you choose view IPs for this user and then find other users for this IP). Is there any way to make it look through every IP for the user?

Thanks! :)

Im getting the same error:(

I don't get any errors, I have clicked, clicked, and clicked again :) - yet nothing comes up for me, it works perfectly fine. All I have done is link to it via the admin cp and it works fine.

SaintDog

ok i found the problem and made a little change to your code:

your code:

i replaced it with:

now it works fine for me :)

LaNder

great just installed this but i get 3 users all having the same password, i know one of them is a totally different person. The other two i had suspected were the same person. My question is out of 103 members what are the chances that 3 memebers all have the same. As it seems pretty strange to me

Great hack and great idea.
I tried to extend it with the same idea, but didn't manage: infact I would search similar usernames and similar emailnames using for instance the SOUNDEX() MySQL function.
But realized I can't group by or order by rows upon string functions fields... only on primitive ones.

Somebody does have any idea ?
Thanks

great hack, am putting it in now, but how exactly do i put a link to it in the Admin CP? anyone, anyone :D (could not see how above)

[duplicate ip addresses] | [duplicate passwords] | [hide zero posters] | [show zero posters]

This hack is really good! Dead simple, but will be very usefull in my superlsueth opperations in busting the doubles.

I added a little extra feature in this attached version - an option to show or hide accounts that have a zero post count.

Aha, I've just noticed a slight bug/feature in my version. You get single rows in the hide zero-posters option! Obviously this isn't that usefull, but I suppose it lets you know that there are other users with a dupe IP/pw for that user, except you've just chosen to hide them.

Going back to what someone else mentioned earlier - this only searches through the last recorded IP for each user.

Another really fine way of busting people with many psuodonyms is to check back through their posts and see which IPs were used by different users at the same time, or within 15 mins of each other. I get this with people coming on as themselves, making a few posts then switching to their alter ego and causing some [better wash my mouth][better wash my mouth][better wash my mouth][better wash my mouth].

Who's up for helping writing a bit of SQL to do that!?

Hi,

very nice hack! :)

Is there a way to resolve the IPs?

Would be great, having the hostname too would make it easier to say if a duplicate IP happened because of a proxy or a static host...

Thanks anyway,
-Tom

I'm looking a way to search for similar usernames and similar email names (first part, till '@')...
SOUNDEX() MySQL function would be nice this matter, but can't manage to GROUP BY a function instead a true table field, as this hack does.

Anyone could help ?
Thanks a lot.
Bye

Do you have a problem with members registering several names that sound simillar?

In my experience when somebody registers and alternate alias they use a dodgy Hotmail account and a completely different name in order to not be traced.

As for grouping by function, dunno, is there a quick and dirty way of making a temporary table with these results in then doing a standard SELECT with a GROUP on that temp table?

I don't think so, as hostname=IP and IP=hostname. You won't reveal any extra information by resolving the IPs, appart from which ISP someone is using.
Unless you mean the opposite, where by resolving IPs will let you see people on dynamic IPs that use the same provider.

You will find out the hostname, which maybe something like proxy.isp.com which is usefull and what Thomas P wanted, so he can see if the multiple IP's are from proxy server and therefore more likly to be legitimate signups.

Sorry, I thought some more and I understand what you mean now. You mean to prevent accidentally banning someone who ended up having a matching IP due to it being behind a proxy?

Sorry I was on a bit of a "bust their ass" crusade. I suppose there are some legitimate members out there. I bet my membership would halve if I got rid of all the false names! :D

Yep, thats exactly what I mean, I have users who are know are all individuals but have a duplicate IP due to the proxy server they use.

lol, no probs, we all get like that at times :D

FoA, thanks for such a fast answer.

Yes, I'm trying to findout possible dupe users (along with ip & pw) by an approximative check of username & email name...
I know well it'd be an 'empiric' way, but not too more than looking for dupe identical password, don't you agree ?

Hwr, a temp table seemed a good solution me too...
But, first I could do a little bit more precise job at php level with lot of memory used to sort the fetch_array; second I wouldn't mess up the db too much creating and destroying temp tables at runtime... Third, I have no idea of the performance and fragmentation impacts such a table could give.
:p

Thank you again.
Bye

Lol, never trust that email-reply feature that this board has. I just replied by email and my topic appeared in two other threads! (but never showed up here). Lol, then I get my head bitten off.