Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Multiple Account Detection & Prevention Details »»
Multiple Account Detection & Prevention
Version: 1.1.3, by Kiros72 Kiros72 is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 3.7.x Rating:
Released: 12-16-2008 Last Update: 03-31-2009 Installs: 1039
Uses Plugins
Additional Files Translations  
No support by the author.

It happens all of the time. Some members will make multiple accounts to back their own opinion or get an extra vote in a poll. Here's a modification that will detect and prevent multiple accounts, as well as notify the administration about multiple accounts. Inspiration for this modification came from the work of MPDev (creator of the Multiple Account Login Detector) and randominity (creator of the Multiple Account Registration Prevention). This is basically a combination of those two modifications but with new and improved functionality.

This is not an update to the "Multiple Account Login Detector (AE Detector)" nor is it an update to the "Multiple Account Registration Prevention." If you have either one of these (or both of them) installed, you should uninstall them before installing this modification.

With the initial release of Multiple Account Detection & Prevention, I believe that I have fixed previous bugs/complications as well as improved the efficiency and logic of the code. This is my first publicly released modification. I would appreciate any comments and suggestions!

Confirmed! This works perfectly on all vBulletin 3.6, 3.7, and 3.8 versions.

Unfortunately, I cannot give support right now. I may be able to help periodically, but until my schedule yields some more free time, I won't be much support. Please check back in a week or two.

Basic Details
File Edits: None
Template Edits: None
New Files: 6
Hooks/Plugins: 3
Global Phrases: 36
Install Time: 2 Minutes or Less
Install Difficulty: None, Very Easy

Features and Settings
- Login Detection
- Registration Prevention (Multiple Methods)
- Ignore Child Accounts
- Ignored Users
- Ignored Usergroups
- Ignored ISPs
- Prevention Usergroup
- IP Address Based Prevention
- Extended IP Address Prevention
- IP Address Time Inclusion
- Banned Account Check
- Primary Banned Usergroup
- Cookie Expiration Time
- Cookie Refreshing
- Cookie Name
- Cookie Reset
- Multiple Account Reporter
- Reports via PM
- PM Report Recipients
- Reports via New Thread
- Forum for Report Threads
- Verbose Mode
- BB Codes: LIST, URL, CODE

How it Works
With every newly recognized login/registration, an account-counting cookie is set (or added onto) with the member's User ID. Depending on the settings, Multiple Account Detection & Prevention will analyze the cookie during login/registration to see if there are any multiple accounts.

Login Detection offers cookie-checking and reporting. Registration Prevention offers the same thing, plus more advanced features. First of all, when it prevents an account from registering, it actually moves the registrant to the Prevention Usergroup so that the administration can review the case. This also allows for customized privileges for recognized multiple registrants. Registration Prevention also has IP address detection which finds out just as much information about users. Depending on an administrator's preference, this modification can also reban a new registrant if one of their previous accounts has been banned. In fact, if the administration wishes, multiple registrants can simply be denied registration all together.

Whenever there is a detection/prevention, the modification will report the information to the administration through private messages, a new thread, or both (depending on settings). The Multiple Account Reporter can be any valid user.

Known Issues
- vB Optimise users: Reporting via thread seems to get messed up by vB Optimise, so try reporting via PM instead.
- PhotoPost vBGallery users: The registration handling appears to not work properly when PhotoPost vBGallery is enabled.

From what I can tell, these known clashes have been caused by the other modification's coding. The author of vB Optimise will not even work with me to fix it. Until they improve their coding, I'm not sure if I can do anything about these issues. As far as I know, administrators that do not use the above modifications will not have any problems.

Installation / Upgrade
Unzip the package (madp.zip), upload the files to your forum location, and import the product file (allow overwrite if upgrading). Please read the ReadMe.txt file that is packaged with the modification for more information.

Please remember to mark this modification as installed if you use it!
If you like it, nominate it for the Mod of the Month!

Thank you!

Download Now

File Type: zip madp.zip (22.3 KB, 4977 views)

Screenshots

File Type: png admincprep.png (62.6 KB, 0 views)
File Type: png admincpop1.png (65.8 KB, 0 views)
File Type: png admincpop2.png (50.6 KB, 0 views)
File Type: png threadregverbose.png (40.3 KB, 0 views)
File Type: png threadloginverbose.png (34.7 KB, 0 views)
File Type: png threadregip_disallow.png (83.3 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
3 благодарности(ей) от:
aeturner89, Filgga, ricardoNJ

Comments
  #272  
Old 04-13-2009, 04:21 PM
BlueNinjaGo's Avatar
BlueNinjaGo BlueNinjaGo is offline
 
Join Date: Mar 2009
Posts: 668
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You may...

also, i'd recommend setting up everything the way you want it to be (having your user ID ignored, usergroups ignored, and what not) and then having a trusted member create an alt. Don't be specific. Tell him/her to please make a new test account. Then just delete the test account later.

It helps give you a real idea...

Also, with IP address checks, you might need to extend the date it checks... i switched it from 90 to 180 to see and 2 reports popped up...
Reply With Quote
  #273  
Old 04-13-2009, 08:39 PM
Kiros72 Kiros72 is offline
 
Join Date: Apr 2006
Location: Albany, LA - USA
Posts: 215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hmm, I think I see what's going on here. And if it's what I'm thinking, then you won't need a cookie reset.

Since the IP checks only work for the registration prevention, you won't benefit from it while testing logins. But what I think happened may have been caused by the use of different browsers. Each browser has its own cookie-handling system and it's own set of cookies. Now let me explain what probably happened.

If you had your Usergroup or user account added to the ignored list, and you tried to login, then it wouldn't have caught you. It would still set the cookie and make sure that it knows what accounts you have logged into, but again, it would not have thrown a red flag. Even after removing the ignored ID numbers, it would still not have thought anything out of the ordinary because it only reports NEW detections. This is because you wouldn't want to keep on being spammed notifications if someone kept logging in and out throughout one day. So yeah, this is probably what happened. This is also why it worked after you cleared your cookies.

Understand?
Reply With Quote
  #274  
Old 04-13-2009, 09:18 PM
exportforce exportforce is offline
 
Join Date: Jun 2007
Posts: 157
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I just did a livetest with a pal.
He registered with the same IP & Browser 2 Accounts.
The 2nd was banned instantly, the first one was not touched.
Can you please make it possible that it will ban BOTH, I am really extremly in need of this.

Also please make the mod report if already banned accounts do a multilogin.
I had someone logged in with shareaccounts which are already banned but I did NOT get a notice about that like AE Detector did.
(he just killed the cookies and that do a lot of ppl do. I need the option)
Reply With Quote
  #275  
Old 04-13-2009, 11:00 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My forum has been without multiple account detection for some months and i would like to detect all members that have created multiple accounts. I understand that this hack only detects multiples in case they try to register. Not in case they already have registered?
Is there anything I can do to get a check of existing members?
Reply With Quote
  #276  
Old 04-13-2009, 11:43 PM
Kiros72 Kiros72 is offline
 
Join Date: Apr 2006
Location: Albany, LA - USA
Posts: 215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by exportforce View Post
I just did a livetest with a pal.
He registered with the same IP & Browser 2 Accounts.
The 2nd was banned instantly, the first one was not touched.
Can you please make it possible that it will ban BOTH, I am really extremly in need of this.

Also please make the mod report if already banned accounts do a multilogin.
I had someone logged in with shareaccounts which are already banned but I did NOT get a notice about that like AE Detector did.
(he just killed the cookies and that do a lot of ppl do. I need the option)
The original account isn't touched for safety measures. This is to protect you. Because if you don't have yourself on the ignored list for some reason (like testing something) and you get busted, you wouldn't want to get banned out of your own site... Would you? This is why I made it this way.

This modification should report those who do multiple logins regardless if they are banned or not (as long as it's a NEW detection).

Quote:
Originally Posted by Alfa1 View Post
My forum has been without multiple account detection for some months and i would like to detect all members that have created multiple accounts. I understand that this hack only detects multiples in case they try to register. Not in case they already have registered?
Is there anything I can do to get a check of existing members?
Unfortunately, this would require database work. I'm still in the slow, slow development of a major release, 2.0.0, which will include database features. Until the new version is released, the only suggestion that I can offer is to look through all of your past reports (if you haven't deleted them).
Reply With Quote
  #277  
Old 04-14-2009, 12:12 AM
exportforce exportforce is offline
 
Join Date: Jun 2007
Posts: 157
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Kiros72 View Post
The original account isn't touched for safety measures. This is to protect you. Because if you don't have yourself on the ignored list for some reason (like testing something) and you get busted, you wouldn't want to get banned out of your own site... Would you? This is why I made it this way.

This modification should report those who do multiple logins regardless if they are banned or not (as long as it's a NEW detection).
Can you optionally change this?
I am really in extreme need of this, that ALL accounts get instantly banned for multiaccounting, no matter who it will be.

Also I am in need of the notification from AE Detector that already banned accounts did a multiple login. So I can find new multipleaccounts too.

Also it would be very cool if the addon would also instantly send a note if a user accesses a 3rd account and the addon tells me again all 3 accounts, even if he just a minute ago logged in with another. Also it would be great if it would tell me which detection what nick has gotten to be multiple (Cookie, IP, both)

I have a really hard time with multipleaccounts, sometimes ppl with over 8 accounts show up, so just to tell a number.

(No, just preventing to register a new Account is not an option for me, for they just kill the cookies and reconnect if they recognize that)
Reply With Quote
  #278  
Old 04-14-2009, 03:35 AM
kursed kursed is offline
 
Join Date: Dec 2005
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Kiros72 View Post
it would still not have thought anything out of the ordinary because it only reports NEW detections. This is because you wouldn't want to keep on being spammed notifications if someone kept logging in and out throughout one day. So yeah, this is probably what happened. This is also why it worked after you cleared your cookies.

Understand?
Understood. That I guess was the issue here. Thank you so very much for your help.
Reply With Quote
  #279  
Old 04-14-2009, 04:27 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Kiros72 View Post
Unfortunately, this would require database work. I'm still in the slow, slow development of a major release, 2.0.0, which will include database features. Until the new version is released, the only suggestion that I can offer is to look through all of your past reports (if you haven't deleted them).
I have just recently got this hack to work. Until January i was using the AE detector. The few months without detection seems to have resulted in a lot of returning trolls.

DB features would be great.

Some suggestions:

- After each account:
  • Add a link to PM the member. (optimal would be a predefined PM text to be sent)
  • Add a link to search the database for all IP's that belong to the account.
  • Add a link to add the account to the miserable users group
  • Add a link to add the account to 'Tachy goes to Coventry'
  • Add a link to ban the member.
- Add a function to ignore the accounts or IPs in the future.
- If an IP is reported, then add the whois.
Reply With Quote
  #280  
Old 04-14-2009, 05:05 PM
Kiros72 Kiros72 is offline
 
Join Date: Apr 2006
Location: Albany, LA - USA
Posts: 215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by exportforce View Post
Can you optionally change this?
I am really in extreme need of this, that ALL accounts get instantly banned for multiaccounting, no matter who it will be.
I'll try to include this option in my next version, but understand that this is not a priority of mine. This would be an unsafe feature that could get a lot of people in trouble, so again, it's no priority.

Quote:
Originally Posted by exportforce View Post
Also I am in need of the notification from AE Detector that already banned accounts did a multiple login. So I can find new multipleaccounts too.
Multiple Account Detection & Prevention already does this.

Quote:
Originally Posted by exportforce View Post
Also it would be very cool if the addon would also instantly send a note if a user accesses a 3rd account and the addon tells me again all 3 accounts, even if he just a minute ago logged in with another. Also it would be great if it would tell me which detection what nick has gotten to be multiple (Cookie, IP, both)
Multiple Account Detection & Prevention already does this too.

Quote:
Originally Posted by exportforce View Post
I have a really hard time with multipleaccounts, sometimes ppl with over 8 accounts show up, so just to tell a number.

(No, just preventing to register a new Account is not an option for me, for they just kill the cookies and reconnect if they recognize that)
Umm, okay, well if they clear they're cookies and have their IP address changes, there's nothing that anyone can do about that. The AE Detector didn't even have registration IP address checks. I don't see what you're wanting me to do about people trying to evade the system.

Quote:
Originally Posted by kursed View Post
Understood. That I guess was the issue here. Thank you so very much for your help.
Glad I could help

Quote:
Originally Posted by Alfa1 View Post
I have just recently got this hack to work. Until January i was using the AE detector. The few months without detection seems to have resulted in a lot of returning trolls.

DB features would be great.
Hmm, if you want to "start over," then you can either change the Cookie Name or do a cookie reset. The cookie reset would take a substantial amount of time, but the cookie name change would be immediate.

I cannot say exactly how long the wait will be for the next version, but it's going to be at least another couple of weeks. I've got a big project that I'm still working on.
Reply With Quote
  #281  
Old 04-14-2009, 05:40 PM
exportforce exportforce is offline
 
Join Date: Jun 2007
Posts: 157
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Kiros72 View Post
I'll try to include this option in my next version, but understand that this is not a priority of mine. This would be an unsafe feature that could get a lot of people in trouble, so again, it's no priority.
If it is a matter of money, please tell me a price to get this a bit higher into your priority list.
Maybe as a hardcoded option in a file, so if you really want to activate it, it is not easily accessable through the options


Quote:
Originally Posted by Kiros72 View Post
Multiple Account Detection & Prevention already does this too.
For me not. As Stated. Account X and Y are already banned for being shared accounts. Yesterday someone logged into both accounts with the same IP and browser and the System did NOT inform me about that.
About the detectiontype... in our test the text was missing, now on a real one it showed the detection very well

Quote:
Originally Posted by Kiros72 View Post
Umm, okay, well if they clear they're cookies and have their IP address changes, there's nothing that anyone can do about that. The AE Detector didn't even have registration IP address checks. I don't see what you're wanting me to do about people trying to evade the system.
If you directly deny a registration they'll figure more fast, that they should do this. If you let them register and instantly ban them, they don't fiddle around much. Don't know why but it works better that way
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:59 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05658 seconds
  • Memory Usage 2,386KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (14)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (3)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (7)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete