Multiple account login detector (AE Detector)

If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts.

Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned.

You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process.

New Installation
1. Add New Product with attached XML
2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings.

Time to install: Easy - 2 minutes.

Upgrade
If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly.

I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page.

To upgrade you will want to reimport this XML file and edit your options accordingly.

1.0.3
-----
. Added a check to ensure that users weren't deleted when reporting violations
. added htmlspecialchars_uni call to username

Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears.

1.0.2
-----
. Updated to include exclusion groups, users
. Changed so PM is sent by ae sender id

1.0.1
-----
. Released as a Product (thank you PHPGeek2k3 for your help)
. Added option to post to a forum versus send a PM (or both)
. All settings moved into Admin Option

1.0.0
-----
Initial release.

[MPDev]

Yep, the IP is a known issue but not something easily remedied.

[NeitherSparky]

Quote:

Originally Posted by bryanb

There is one thing I've noticed - I don't know if it's a bug or not. When the AE detector detects a member with another account, I have a moderator account PM the mods and post in a private thread. This mod account assumes the perpetrators IP address.

For instance, joeblow logs in from janeblows computer - the AE announcement is sent via PM to the mods and posted in a private thread by moderator1. Moderator1 now has joeblow's IP address. Please check. Thanks!

Yeah the first time I saw that my admin account had acquired all these weird IPs addys I thought the account had been hacked. It took me a little while to figure out what had actually happened.

[Chipper]

Great tool!! Busted a few people already. Using 3.68 and seems to work fine.

Congrats on a great tool!!

[six58]

hi have read through thread but a couple of things i'm still not clear on.

a) is it possible for two users (not using same pc) but under a proxy that gives them both the same IP address on the internet, to trip this detector? in other words tripping it through the IP - yes i know its cookie based and not IP based but i'm wondering if a proxy can be misread and trip.

b) i see that the reporter of the trip gets lumbered with the IP address of who is being reported. does the program also then share all the other IP addresses that either person uses with each other? e.g detected person1 and person2 on IP1. looking into other IP's the users may have used they suddenly also share IP2,IP3 etc.

i need to know if there is any possibility no matter how slim that these are possible before i totally ruin someone's life thanks

edit: was meant to post this in 3.6.x thread oops

[NeitherSparky]

(The answer ought to be the same regardless of the version so I'm just answering here...)

Quote:

Originally Posted by six58

a) is it possible for two users (not using same pc) but under a proxy that gives them both the same IP address on the internet, to trip this detector? in other words tripping it through the IP - yes i know its cookie based and not IP based but i'm wondering if a proxy can be misread and trip.

Nah. My brother and I share an apartment and have our own computers and we've never tripped this.

Quote:

Originally Posted by six58

b) i see that the reporter of the trip gets lumbered with the IP address of who is being reported. does the program also then share all the other IP addresses that either person uses with each other? e.g detected person1 and person2 on IP1. looking into other IP's the users may have used they suddenly also share IP2,IP3 etc.

I'm not quite sure I understand the question...Like if I have my admin account be the one that reports the trip, that account gets the IP of the person tripping the detector added to the "IPs posted from." Um, that's all that happens as far as I know. And you probably shouldn't have anything set so that non-staff can view IPs, either on a post, on the Who's Online, or in a member's history anyways.

[MrNase]

How can I verify that it is working?


We have two admins, #2 logged in as #324 (fake user) and then #324 logged in as #1 and then #1 logged in as #2 again and nothing happened.

[coffee_bean]

Have you checked in the AdminCP that the user groups in question are not ignored by the detector?

[frozen187]

I've seem to run into a issue and this only happens with this users account.

deepsilence seems to have multiple personalities using deepsilence and deepsilence sharing the same computer.

[flynnibus]

I too have seen the same user trip the detector on themselves. So far, only one account has done it.

But I'm also experiencing other wierd behavior, such as the same pair of users tripping it multiple times in sequence. Can someone elaborate on the method use? Is this normal?

For instance, userA and userB are a couple, so they share a computer and both have separate accounts on the forum.

I get a userA tripped AE detector PM - ok, expected.

But I then get the same UserA tripped... multiple times afterwards (and not UserB inbetween).

I would expect possibly A, then B, then A, etc... Not A, A, A

[frozen187]

I think I have it cleared now I sent the user a message asking them to clear all their cookies. And then I installed a newer version