Thread: Limit Account Sharing
View Single Post
  #29  
Old 12-19-2005, 06:55 PM
Zxin Zxin is offline
 
Join Date: Apr 2002
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Over a 10 minute period of time you get http requests from 3 or 4 different IP addresses, I think that most people would say that is worth looking in to, so then FLAG the account.

Let me be specific that the requests contiune over the time period,
not IP1 for 10 munites then IP2 then IP3 then IP4, but a mix of requests.

A simple whois to check if the IP block belongs to the same ISP and then you KNOW its being shared (especially if you are talking saw east coast and westcoast IPs). (This can be done with a nightly cron job, or even on the fly depending on severity thesholds)

Quite possible to detect, since you are using authenticated access.
Remember its not that an account "changes" IPs its simultaneous requests.
A user with 10 requests per minute over 2 IP addresses for 10 minutes sure the heck IS sharing accounts (unless the ISP has some real elaborate load sharing proxy, but in this case you can rely on whois lookups)

1. VBB detects more than X IP addresses per username in an X seconds, and flags the account.
2. Log parcer kicks in for flagged accounts and strips out username/IP data and does a whois and checks for IP ownership, and outputs an email address to the forums staff (keeps false positives down)
3. Automated step via theshold that says if X IPs in X hours (and whois data not matching) and starts actions placed in the plugin (admin can set anywhere from flag and email to shutdown the account (heck lauch a nuke if you have that kind of access :P)

-Zxin

Quote:
Originally Posted by Andreas
That's what I always tried to point out: You cannot detect if an account is being shared, you can only assume it, and this assumption might be good or bad, depending on your algortihms.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01027 seconds
  • Memory Usage 1,767KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete