Administrative and Maintenance Tools - Multiple account login detector (AE Detector)

Mod of the Month winner!
Top 10 most installed mods for vB3.6!

Same plug-in found here:

https://vborg.vbsupport.ru/showthread.php?t=125871

There are no differences as this plug-in works with the 3.5, 3.6 or 3.7 releases of vBulletin.

If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts.

Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned.

You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process.

New Installation
1. Add New Product with attached XML
2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings.

Time to install: Easy - 2 minutes.

Upgrade
If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly.

I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page.

To upgrade you will want to reimport this XML file and edit your options accordingly.

1.0.3
-----
. Added a check to ensure that users weren't deleted when reporting violations
. added htmlspecialchars_uni call to username

Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears.

1.0.2
-----
. Updated to include exclusion groups, users
. Changed so PM is sent by ae sender id

1.0.1
-----
. Released as a Product (thank you PHPGeek2k3 for your help)
. Added option to post to a forum versus send a PM (or both)
. All settings moved into Admin Option

1.0.0
-----
Initial release.

[blackberry]

thanks for sharing

[Jah-Hools]

Quote:

Originally Posted by kpierce

My two cents:
Works perfectly on my forum 3.7.4.

Mine too

[Kiros72]

It looks as if this modification is slightly incompatible with a modification to disallow posting links if the user has less than 15 posts (here). The incompatibility is when the multiple login detector is set to make a thread in a forum.

When a user logins to a multiple account and this is tripped, they are confronted with a message that tells them that they must have 15 posts before posting links. Once the user refreshes the login page, they are logged in and the new thread is never made.

I tried modifying the code in the other modification's plugins to only work if the user's ID was not equal to 1, but that didn't work. I even tried switching the alerter to a user account with more than 5000 real posts and it is still not working.

Can anyone think of a fix for this? =/

[raviteja542]

good one man

[barcena]

Quote:

Originally Posted by Videx

I didn't say it "wasn't right". I said most of the trips are not miscreants and shouldn't be banned. The few rare ones should be dealt with on an individual basis.

I mean, if a husband and wife trip, why the heck would you want to ban both of them???

You must of have a pretty quiet forum, in my case is never a husband and wife case or sisters playing around with the same computer issue but people who wants to have three, four and houndreds of nicks if allowed to, and believe me, usually the multiple registration comes from pain in the ass members who does that to, for instance, send bad messages about your site or the administration to members by PM, lies, to poison your members, to sell stuffs, envy people, shits happens, oh well, i'll rather have some sort of protection, even when people who knows forums and computer can relatively easy avoid been caught.

I dont want to have five memberships from the same person, I do allow guest to post so a nick per person is good enough; if they want to "talk" anonymously they better log out and post as a guest, the system won't trigger anything b/c I don't have it set to tell me about the guests (usergroup) but members.

I guess it is a matter of what kind of forum we do have and how strict or not we wanted to be, how manageable, I do appreciated this mod a lot, it has worked for me 99% of the time, some people have even dared as to ask me why XXX nick is not working, when I ask them (sometimes not 100% sure myself and waiting for an angry reaction) to pick one of their multiple nicks XXX, YYY or ZZZ they always reply with an "oh sorry, didn't know, yeah, i want YYY, thanks". Meaning the mod was right, they could of registered multiple nicks on the first place, yes, who knows they did it probably while on vacation, from their cousin's, or they are flight attendants every day a different city you know, but at the end of the day they will comeback to the same old computer and the system will trigger their accounts. If all of their accounts were allow to "talk" bc they weren't shared the same computer at the time, a nice solution will be merge those accounts if the owner agrees to (they ussualy don't) A great solution to me is to send those who triggers the mod to a Waiting for Moderation mod; the second, third, whatever number nick cannot post, if they are ligitimate (or stupid enough) they will contact you, the forum allows them to send PM's even though they can't post or they can always send the webmaster or the admin an email.

Thanks to this mod I don't have 4348948549583 inactive members, you know, those who register a nick, post an embarrassing sexual question and go back to the usual "i'm so nice" nick and forget for all eternity the new one but people that rather actually comes to the site to participate and I'm not expert, I don't know if the member's table will be affected by how many members a site have or not. Allowing guests to participate in my site has been a blessing, they are manageable (you have them at one click away) and people can "hide" their identities if an embarrasing situation arises but most people use their account since it has so many perks that guest don't have. To me is a great mod, of course, nothing is perfect and 3.7 to me is not as stable as 3.6, Iv seen vbulletin is on version 3.8 already w/o some 3.7 stuffs been addressed, kind of a rush if you ask me but for the most part 3.7 and this mod worked fine. I have to say, however that I don't ban those who triggers the multiple registration, they can still post with their original nicks but their "multiples" well, I place them in quarantine and after a while I clean the Waiting for moderation list, which I only use for that, people in my site can registered and begin to participate; so the people on the Waiting list is people who, in fact, triggered the multiple registration mod, lol.

BTW. Yeah I guess it has nothing to do w/ IP's since my Secret Agent (LOL) "shared" the same IP with half of my forum (the people that report a post) and with all the people who has registered multiple nicks, go figure. You can see that under Members and Find IP's or some like that, you enter an IP ramdomly taked and you will see sometimes is shared with your spy nick, the one you use to report to your "secret admin only forum" At least I do have one, I can't stand to have a PM everytime somebody says a bad word and it is reported or everytime a moron registered his fifth nick of the month.

[srkrocks]

Thanks a lot, was looking for something like this

[Kiros72]

My users are getting errors during registration, except it doesn't happen in all browsers... It only happens in Internet Explorer or other browsers that extend it.

First, this appears at the very top:

Quote:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in [path]/register.php(385) : eval()'d code on line 44

Then (probably because of the first error), this appears in the vBulletin Message box:

Quote:

Unable to add cookies, header already sent.
File: /home/domain/public_html/forums/includes/class_core.php
Line: 3242

Can anyone think of a solution? I've really got no idea =[

Wait... This may be because of the addon modification to prevent multiple registrations... Hmm...

[adnoid]

I now know to read through 100% of the comments before installing. I, too, used the admin account and one of the other admins sent me an IP match with the admin account and a troll. I don't need coffee for a week now.

Quote:

Originally Posted by MrEyes

Well it works for me (3.7.2pl1), just installed as normal and job done...

Anyway I didn't post this to gloat at the people who can't get it working, I posted this for the following important word of warning

if you configure the mod to create a thread when the detector triggers you have to specify a username to make this thread as. When I set things up I decided to use the admin account for this. After running the mod for a few months this decision had a very interesting side effect.

Recently we had a extremely disruptive troll register various accounts, all the mods were on his/her case and chasing down new registrations. Then one of them decided to do an IP search, guess what the Administrator account came up in the IP search as having shared an IP on numerous occasions with the troll!!!!

At this point the mod team started to look at me and question what was going on...

What happened here is that when the troll was logging in multiple accounts the mod was detecting these and creating a thread under the Admin account, however as the troll triggered this the IP of the post was the same as the trolls, so now the Admin account is associated with the troll.

Make sense?

Anyway, the solution - I have created a dedicated AccountBot account which post theses threads and all mods have been made aware that this bot may share IP addresses with any account and should be ignored if it comes up on an ip search.

[Nadavy]

This mod hasn't been working well at all for me lately
It is upsetting because in the past it has worked so well.
It even started reporting random users that don't know each other to have been from the same location.

[Jah-Hools]

What I really need is a further refinement to help me shortlist the AE Detector results.

To pinpoint bogus activity, I would like to filter the ones where the multiple ID's are posting in the SAME threads and post links to those threads.

This would help find fraudulent activity in my forums classifieds section and it would also help me detect people arguing or agreeing with THEMSELVES in threads.

---------

So that's what I would like - I might have my web guy customize it for me..

Any thoughts on this?

I have already caught several people behaving badly - but the things I suggest above would really speed the process up and my time is short as it it managing a big forum and trying to catch the 'bad guys' and make sure they don't spoil it for the 'good guys"

Many thanks,