Administrative and Maintenance Tools - Multiple account login detector (AE Detector)

Mod of the Month winner!
Top 10 most installed mods for vB3.6!

Same plug-in found here:

https://vborg.vbsupport.ru/showthread.php?t=125871

There are no differences as this plug-in works with the 3.5, 3.6 or 3.7 releases of vBulletin.

If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts.

Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned.

You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process.

New Installation
1. Add New Product with attached XML
2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings.

Time to install: Easy - 2 minutes.

Upgrade
If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly.

I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page.

To upgrade you will want to reimport this XML file and edit your options accordingly.

1.0.3
-----
. Added a check to ensure that users weren't deleted when reporting violations
. added htmlspecialchars_uni call to username

Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears.

1.0.2
-----
. Updated to include exclusion groups, users
. Changed so PM is sent by ae sender id

1.0.1
-----
. Released as a Product (thank you PHPGeek2k3 for your help)
. Added option to post to a forum versus send a PM (or both)
. All settings moved into Admin Option

1.0.0
-----
Initial release.

[exportforce]

Quote:

Originally Posted by Videx

If you want all that much work, just enable moderation for all new accounts.

Remember, this mod doesn't even try to tell you when the same person registers with a new account - it only tells you when someone logs in from the same browser on the same computer with a different username. It would be absurd to ban both people automatically for doing that. And if you did happen to catch a miscreant via this method, they would learn quickly and next time it wouldn't be so easy to spot them.

I already HAVE moderated registration.
But still, users create up to 10 Accounts on 10 locations and then login form home with all 10. All I get is a friggn "multiple login" and I have to ban.
I do have that problem for years and it's already a shame that VBulletin itself doesn't manage a real protection. The Mod already DOES recognize everyone, so all that would need to be done is letting me ban those too.

I have daily about 5 - 20 Multiple Accounts/Registrations/Logins.
Believe me, I am more then sick about manually banning them.

[Videx]

So why are these members creating 10 accounts on your forum? Are you giving away prizes or something?

I mean, in the 2-3 years we've had this mod installed we don't really suspect a single person of using more than one login. We get a hit maybe once a month, but it's just spouses/family/visitors.

I admit though when the local firehouse got a computer it had us going for a while!

[exportforce]

Why? Cause they're stupid.
I'd be happy to have at least one day without such guys.
But this doesn't really fix my problem =/

So, if you know a way, please do it for me

[Videx]

I think you're just being paranoid and/or exaggerating. There's no reason a member should go to the trouble of logging out and back in 10 times a day from the same computer. Most of them have trouble remembering a single user/pass.

Don't spread the problem by implementing any kind of auto banning.

It's also possible there's some other problem entirely, but you're so convinced that so many members are doing this to you that whatever it is becomes impossible to diagnose.

[exportforce]

Why do you insist in something you can't know ?
I DO have this problem for years and no one is able to resolve it in form of a mod.
I am still trying to get one.

If you do not have the problems, be happy.
I wanna see you having such massive problems.

Also I don't wanna fight about something like that, I want a problem solved for me and nothing more.

[Alfa1]

It would be awesome to see Evercookie implemented for banned members:
http://samy.pl/evercookie/
Evercookie is much harder to remove than normal cookies.

[Alfa1]

Quote:

Originally Posted by Videx

So why are these members creating 10 accounts on your forum? Are you giving away prizes or something?

I mean, in the 2-3 years we've had this mod installed we don't really suspect a single person of using more than one login. We get a hit maybe once a month, but it's just spouses/family/visitors.

We do get users that register a mass of accounts. These are either:
- trolls planning in advance
- spammers building up enough accounts to start a spam frenzy.

Legitimate reasons for so many registrations from the the same computer are:
- College or university computer.

[Videx]

Quote:

if evercookie has found the
user has removed any of the types of cookies in question, it
recreates them using each mechanism available.

Sounds like malware to me. Just because you intend to use it for 'good' doesn't change that.

If you're seeing a lot of spammers register, then you're not doing enough to stop them up front. Don't use captcha, and change your q&a if they've figured it out.

[Alfa1]

Its only spam bots that can be stopped with Q&A. But spam bots are generally not discovered by cookie. Cookies only work for humans.

Evercookie for banned members would be a life saver for high traffic boards that have to counter thousands of banned members.

[meeja]

This has been an amazing modification that's been of huge benefit to ensuring quality in my community.

I wonder if I could suggest a tiny modification/addition - that perhaps a means of recording the useragent for each login by a user, that way you could also have a means of detecting multiple logins by users who clear their cookies but still use the same browser.

It might be a tall order, but if you yourself (or someone else) thought of doing this for vb4, I for one would be more than happy to throw some dollars into the pot.