Administrative and Maintenance Tools - Multiple Account Detection & Prevention

It happens all of the time. Some members will make multiple accounts to back their own opinion or get an extra vote in a poll. Here's a modification that will detect and prevent multiple accounts, as well as notify the administration about multiple accounts. Inspiration for this modification came from the work of MPDev (creator of the Multiple Account Login Detector) and randominity (creator of the Multiple Account Registration Prevention). This is basically a combination of those two modifications but with new and improved functionality.

This is not an update to the "Multiple Account Login Detector (AE Detector)" nor is it an update to the "Multiple Account Registration Prevention." If you have either one of these (or both of them) installed, you should uninstall them before installing this modification.

With the initial release of Multiple Account Detection & Prevention, I believe that I have fixed previous bugs/complications as well as improved the efficiency and logic of the code. This is my first publicly released modification. I would appreciate any comments and suggestions!

Confirmed! This works perfectly on all vBulletin 3.6, 3.7, and 3.8 versions.

Unfortunately, I cannot give support right now. I may be able to help periodically, but until my schedule yields some more free time, I won't be much support. Please check back in a week or two.

Basic Details
File Edits: None
Template Edits: None
New Files: 6
Hooks/Plugins: 3
Global Phrases: 36
Install Time: 2 Minutes or Less
Install Difficulty: None, Very Easy

Features and Settings
- Login Detection
- Registration Prevention (Multiple Methods)
- Ignore Child Accounts
- Ignored Users
- Ignored Usergroups
- Ignored ISPs
- Prevention Usergroup
- IP Address Based Prevention
- Extended IP Address Prevention
- IP Address Time Inclusion
- Banned Account Check
- Primary Banned Usergroup
- Cookie Expiration Time
- Cookie Refreshing
- Cookie Name
- Cookie Reset
- Multiple Account Reporter
- Reports via PM
- PM Report Recipients
- Reports via New Thread
- Forum for Report Threads
- Verbose Mode
- BB Codes: LIST, URL, CODE

How it Works
With every newly recognized login/registration, an account-counting cookie is set (or added onto) with the member's User ID. Depending on the settings, Multiple Account Detection & Prevention will analyze the cookie during login/registration to see if there are any multiple accounts.

Login Detection offers cookie-checking and reporting. Registration Prevention offers the same thing, plus more advanced features. First of all, when it prevents an account from registering, it actually moves the registrant to the Prevention Usergroup so that the administration can review the case. This also allows for customized privileges for recognized multiple registrants. Registration Prevention also has IP address detection which finds out just as much information about users. Depending on an administrator's preference, this modification can also reban a new registrant if one of their previous accounts has been banned. In fact, if the administration wishes, multiple registrants can simply be denied registration all together.

Whenever there is a detection/prevention, the modification will report the information to the administration through private messages, a new thread, or both (depending on settings). The Multiple Account Reporter can be any valid user.

Known Issues
- vB Optimise users: Reporting via thread seems to get messed up by vB Optimise, so try reporting via PM instead.
- PhotoPost vBGallery users: The registration handling appears to not work properly when PhotoPost vBGallery is enabled.

From what I can tell, these known clashes have been caused by the other modification's coding. The author of vB Optimise will not even work with me to fix it. Until they improve their coding, I'm not sure if I can do anything about these issues. As far as I know, administrators that do not use the above modifications will not have any problems.

Installation / Upgrade
Unzip the package (madp.zip), upload the files to your forum location, and import the product file (allow overwrite if upgrading). Please read the ReadMe.txt file that is packaged with the modification for more information.

Please remember to mark this modification as installed if you use it!
If you like it, nominate it for the Mod of the Month!

Thank you!

[Kiros72]

Quote:

Originally Posted by Forum-Germany

ok I do not install htaccess.

another problem:

I was with the IE as admin and registered with the FF as a user. but there is no double account displayed. pn, etc. did not set anything.

This works with cookies. If you have the IP Address Prevention, it should catch it, but if not, cookies will not carry through different browsers. Also, make sure you don't have your Admin account ignored.

Quote:

Originally Posted by psychobike

What is the main difference between your mod and this here: https://vborg.vbsupport.ru/showthrea...Login+Detector

The difference is the new and improved features, as well as faster, more efficient code.

Quote:

Originally Posted by my evil twin

Why don't you disable open directory listing, or just upload a blank "index.html"-file to this folder?

nobody can access your directory then without knowing the exact filenames.

Funny you should mention that, I actually thought that I did, but it appears that I only have it on my server... Apparently I forgot to package it. I'll reupload the package with a blank index.html. Of course, the version will remain the same.

Quote:

Originally Posted by ray-

Nice mod. Found a small error in 2 phrases.
In madp_reg_message:

Code:

A new account by the name of {3}/member.php?do=getinfo&username={1}]{1} has been registered. {4}

madp_regip_message:

Code:

A new account by the name of {3}/member.php?do=getinfo&username={1}]{1} has been registered with the IP address: {5}. {4}

(I removed the URL-tags in the above to avoid being displayed as links)
The & isn't being parsed. The link will now show up as

Code:

http://www.forum.com/member.php?do=getinfo&username=ray

and it should be

Code:

http://www.forum.com/member.php?do=getinfo&username=ray

Excuse me? I do not see any errors in that. If you removed the URL tags, that's modifying my modification, and then that's not my fault. If you keep the URL tags in there, it should display just fine. The & string is the correct way to link anything with & in it - it doesn't break anything. Also, there's no reason to not link to the member info - it just makes things easier.

[Forum-Germany]

real? an empty index.html can protect me?

[ray-]

Quote:

Excuse me? I do not see any errors in that. If you removed the URL tags, that's modifying my modification, and then that's not my fault. If you keep the URL tags in there, it should display just fine. The & string is the correct way to link anything with & in it - it doesn't break anything. Also, there's no reason to not link to the member info - it just makes things easier.

You don't get it. I removed the url-tags, otherwise you won't see that piece of code in my reply. I left it the way it was in the phrase.
Point is, the & is not being parsed. In other words, the link that'll show up in the message or pm will be:
http://www.forum.com/member.php?do=g...p;username=ray instead of http://www.forum.com/member.php?do=getinfo&username=ray

Not clear enough? Here's how it would be on vb.org:
https://vborg.vbsupport.ru/member.ph...;username=ray-

Doesn't work, because the "&" isn't parsed.
What does work is:
https://vborg.vbsupport.ru/member.ph...&username=ray-

[Manic Mechanic]

I have Multiple account login detector (AE Detector) installed.
https://vborg.vbsupport.ru/showthread.php?t=183268
Is this an upgrade for that or a completely different installation?

[Kiros72]

Quote:

Originally Posted by Forum-Germany

real? an empty index.html can protect me?

An empty index.html will just ensure that the files are not listed in the /madp/ folder. Nothing bad can come from someone knowing of the files in this folder, but it allows there to be a blank page instead of showing specific files.

Quote:

Originally Posted by ray-

You don't get it. I removed the url-tags, otherwise you won't see that piece of code in my reply. I left it the way it was in the phrase.
Point is, the & is not being parsed. In other words, the link that'll show up in the message or pm will be:
http://www.forum.com/member.php?do=g...p;username=ray instead of http://www.forum.com/member.php?do=getinfo&username=ray

Not clear enough? Here's how it would be on vb.org:
https://vborg.vbsupport.ru/member.ph...;username=ray-

Doesn't work, because the "&" isn't parsed.
What does work is:
https://vborg.vbsupport.ru/member.ph...&username=ray-

Apparently, we are both right. & is a correct and standard entity, however, it seems that the '&' in '&' is being parsed, so it's turning out to be &.

The & entity is a standard - just like &nsbp; and © - but since this is affecting some browsers like Opera, I'll try it with a blank & in hopes that it will be correctly parsed into &.

Thank you for bringing this up.

Quote:

Originally Posted by Manic Mechanic

I have Multiple account login detector (AE Detector) installed.
https://vborg.vbsupport.ru/showthread.php?t=183268
Is this an upgrade for that or a completely different installation?

This is a completely different modification. You should uninstall the "Multiple account login detector (AE Detector)" and "Multiple Account Registration Prevention" before installing this modification.

[Manic Mechanic]

OK thank you very much for response.

[Total666]

Great job ..... ANd thanks ,,

[alessai]

Quote:

I'll be happy to add in a feature if I can, but I do not understand what you are trying to ask me. Could you please reword your request?

sorry my bad,
lets say that alessai1 and alessai2 are sharing the same computer

when i open alessai1 profile it will be great if there is a tab (anything else is fine) that shows alessai2 is sharing the computer with alessai1.....

when i want to give alessai1 infraction a note appears, that tell me alessai2 is sharing the computer with alessai1

another idea (dont really need it) if alessai1 and alessai2 posted in the same thread, a small icon appears on alessai1 postbit that takes you to alessai2 post (and same apply to alessai2 post).

those ideas will make our life much easier because to me right now the addon is useless because i have a big forum, and i cant prevent every one and cant check every thread created by the addon

[Kiros72]

Quote:

Originally Posted by alessai

sorry my bad,
lets say that alessai1 and alessai2 are sharing the same computer

when i open alessai1 profile it will be great if there is a tab (anything else is fine) that shows alessai2 is sharing the computer with alessai1.....

when i want to give alessai1 infraction a note appears, that tell me alessai2 is sharing the computer with alessai1

another idea (dont really need it) if alessai1 and alessai2 posted in the same thread, a small icon appears on alessai1 postbit that takes you to alessai2 post (and same apply to alessai2 post).

those ideas will make our life much easier because to me right now the addon is useless because i have a big forum, and i cant prevent every one and cant check every thread created by the addon

I'm truly sorry, but at this time, I do not think I'll be able to add that. A few reasons: I would like this modification to remain as compatible as possible with previous versions, and there are major profile differences between vBulletin 3.6.x and vBulletin 3.7.x; also, such a feature would require a database table, and I don't want to get into database work if the modification doesn't require it to function properly; and finally, I wouldn't know where to begin with the install/uninstall code for a database-involved modification.

Maybe in time, if I learn more about the differences in vBulletin versions, install/uninstall code for database tables, and SQL, itself. For now, though, my only suggestion is to let the modification prevent multiple registrants, and then prune the multiple accounts on a weekly basis by going to the AdmcinCP home, clicking [View] next to 'Users to Moderate' near the top, and deleting all of them. That should work out nicely as long as you have the Prevention Usergroup set to 4 (Users Awaiting Moderation).

Again, I'm sorry that I cannot add in those features at this time =/

On a brighter note, I'm about to release version 1.0.2, which has a few improvements, a fix for the & interpretation that 'ray-' brought up, and an added feature (Ignored ISPs).

[Kiros72]

Alright, version 1.0.2 has been released.

The Ignored ISPs feature has not been sufficiently tested, so while I will continue testing it on my forums, I would like feedback on this somewhat-beta feature.

I'll try to have version 1.0.3 out as soon as possible, which will enable administrators to have a custom name for the cookie instead of just IDstack.

Edit:

I have just finished up version 1.0.3 and I plan to release it later today - after a good bit of testing.