Administrative and Maintenance Tools - Multiple Account Detection & Prevention

It happens all of the time. Some members will make multiple accounts to back their own opinion or get an extra vote in a poll. Here's a modification that will detect and prevent multiple accounts, as well as notify the administration about multiple accounts. Inspiration for this modification came from the work of MPDev (creator of the Multiple Account Login Detector) and randominity (creator of the Multiple Account Registration Prevention). This is basically a combination of those two modifications but with new and improved functionality.

This is not an update to the "Multiple Account Login Detector (AE Detector)" nor is it an update to the "Multiple Account Registration Prevention." If you have either one of these (or both of them) installed, you should uninstall them before installing this modification.

With the initial release of Multiple Account Detection & Prevention, I believe that I have fixed previous bugs/complications as well as improved the efficiency and logic of the code. This is my first publicly released modification. I would appreciate any comments and suggestions!

Confirmed! This works perfectly on all vBulletin 3.6, 3.7, and 3.8 versions.

Unfortunately, I cannot give support right now. I may be able to help periodically, but until my schedule yields some more free time, I won't be much support. Please check back in a week or two.

Basic Details
File Edits: None
Template Edits: None
New Files: 6
Hooks/Plugins: 3
Global Phrases: 36
Install Time: 2 Minutes or Less
Install Difficulty: None, Very Easy

Features and Settings
- Login Detection
- Registration Prevention (Multiple Methods)
- Ignore Child Accounts
- Ignored Users
- Ignored Usergroups
- Ignored ISPs
- Prevention Usergroup
- IP Address Based Prevention
- Extended IP Address Prevention
- IP Address Time Inclusion
- Banned Account Check
- Primary Banned Usergroup
- Cookie Expiration Time
- Cookie Refreshing
- Cookie Name
- Cookie Reset
- Multiple Account Reporter
- Reports via PM
- PM Report Recipients
- Reports via New Thread
- Forum for Report Threads
- Verbose Mode
- BB Codes: LIST, URL, CODE

How it Works
With every newly recognized login/registration, an account-counting cookie is set (or added onto) with the member's User ID. Depending on the settings, Multiple Account Detection & Prevention will analyze the cookie during login/registration to see if there are any multiple accounts.

Login Detection offers cookie-checking and reporting. Registration Prevention offers the same thing, plus more advanced features. First of all, when it prevents an account from registering, it actually moves the registrant to the Prevention Usergroup so that the administration can review the case. This also allows for customized privileges for recognized multiple registrants. Registration Prevention also has IP address detection which finds out just as much information about users. Depending on an administrator's preference, this modification can also reban a new registrant if one of their previous accounts has been banned. In fact, if the administration wishes, multiple registrants can simply be denied registration all together.

Whenever there is a detection/prevention, the modification will report the information to the administration through private messages, a new thread, or both (depending on settings). The Multiple Account Reporter can be any valid user.

Known Issues
- vB Optimise users: Reporting via thread seems to get messed up by vB Optimise, so try reporting via PM instead.
- PhotoPost vBGallery users: The registration handling appears to not work properly when PhotoPost vBGallery is enabled.

From what I can tell, these known clashes have been caused by the other modification's coding. The author of vB Optimise will not even work with me to fix it. Until they improve their coding, I'm not sure if I can do anything about these issues. As far as I know, administrators that do not use the above modifications will not have any problems.

Installation / Upgrade
Unzip the package (madp.zip), upload the files to your forum location, and import the product file (allow overwrite if upgrading). Please read the ReadMe.txt file that is packaged with the modification for more information.

Please remember to mark this modification as installed if you use it!
If you like it, nominate it for the Mod of the Month!

Thank you!

[Forum-Germany]

If I hack your (zip) unzip, I get a folder. / Upload / madp.
Do I have this folder in the root add?

www.Forum-Germany.de/Forum/madp/ <- really?

So I copy your php files with others in the root, but the whole folder.

[Kiros72]

The entire folder should be copied. After the upload, you should have this:

www.forum-germany.de/forum/madp/detection.php
www.forum-germany.de/forum/madp/functions_madp.php
www.forum-germany.de/forum/madp/prevention.php
www.forum-germany.de/forum/madp/set.php

(IF www.forum-germany.de/forum/ is the location of your forums!)

The product file (product-kiros_madp.xml) also needs to be imported through the AdminCP product manager.

[Forum-Germany]

Thank you. I have it installed. It has 20 seconds.

But I'm still worried that hackers can use this folder to a virus or something in my forum to bring.
If I were a htaccess file would create, how must it look like? can you please tell me? : o I am sorry that I pester.

[blind-eddie]

Quote:

Originally Posted by blind-eddie

On my site, I have a few members who live in the same address. If they both take turns on their pc, this will detect them & ban them?

Is there a way to stop that from happening. If not, this could be a bad idea for some boards.

Quote:

Originally Posted by Kiros72

When they login, nothing will be done except a detection report. A user will not be affected unless he/she is registering - in which case, the registrant will be moved to the Prevention Usergroup or rebanned if a previous account is found to be banned. Again, the Login Detection will not prevent a user from logging in nor will it ban anyone; it will just notify you through PM/thread depending on your settings.

If you do not want to receive the notifications for those users who use the same computer, then add one of their User ID numbers to the Ignored Users and enable Ignore Child Accounts. With Ignore Child Accounts enabled, as long as a user is seen as a multiple of an ignored user (or Usergroup), the user will be ignored from any kind of detection.

Would that solve your problem?

Yes, that would solve my problem, Thank you.:up:

[Kiros72]

Quote:

Originally Posted by Forum-Germany

Thank you. I have it installed. It has 20 seconds.

But I'm still worried that hackers can use this folder to a virus or something in my forum to bring.
If I were a htaccess file would create, how must it look like? can you please tell me? : o I am sorry that I pester.

I'm not sure that there would be a way to disallow public access but to allow vBulletin to still use it. This is partially why a .htaccess file is not included in this modification. The majority of the reason is because there is no way that any of these files can be used improperly. None of these files use $_GET, $_REQUEST, or $_POST. Only $_COOKIE is used and that will not even get called if someone manually accesses the files. You should not worry about this.

If you know how, you can simply copy the code from the files to the plugins, but this will make vBulletin consistently use more memory. The modification is coded with files to make everything faster and more efficient. Again, the files do not add any risk because they are only useful if vBulletin uses them - not if some person tries to.

Quote:

Originally Posted by blind-eddie

Yes, that would solve my problem, Thank you.:up:

Notta problem. Just remember to mark it as installed for updates

[Forum-Germany]

ok I do not install htaccess.

another problem:

I was with the IE as admin and registered with the FF as a user. but there is no double account displayed. pn, etc. did not set anything.

[1320Nation]

What is the main difference between your mod and this here: https://vborg.vbsupport.ru/showthrea...Login+Detector

[Forum-Germany]

That is but in the description.

[my evil twin]

Quote:

Originally Posted by Forum-Germany

2nd why no htaccess file? dan but everyone can access it or I see this wrong? I do not want a door for a hacker up. do you?

Why don't you disable open directory listing, or just upload a blank "index.html"-file to this folder?

nobody can access your directory then without knowing the exact filenames.

[ray-]

Nice mod. Found a small error in 2 phrases.
In madp_reg_message:

Code:

A new account by the name of {3}/member.php?do=getinfo&username={1}]{1} has been registered. {4}

madp_regip_message:

Code:

A new account by the name of {3}/member.php?do=getinfo&username={1}]{1} has been registered with the IP address: {5}. {4}

(I removed the URL-tags in the above to avoid being displayed as links)
The &amp; isn't being parsed. The link will now show up as

Code:

http://www.forum.com/member.php?do=getinfo&username=ray

and it should be

Code:

http://www.forum.com/member.php?do=getinfo&username=ray