The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Multiple account login detector (AE Detector) Details »» | |||||||||||||||||||||||||||
Multiple account login detector (AE Detector)
Developer Last Online: Dec 2016
Mod of the Month winner! Top 10 most installed mods for vB3.6! Same plug-in found here: https://vborg.vbsupport.ru/showthread.php?t=107566 There are no differences as this plug-in works with both 3.5 and 3.6 versions of vBulletin. If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts. Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned. You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process. New Installation 1. Add New Product with attached XML 2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings. Time to install: Easy - 2 minutes. Upgrade If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly. I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page. To upgrade you will want to reimport this XML file and edit your options accordingly. 1.0.3 ----- . Added a check to ensure that users weren't deleted when reporting violations . added htmlspecialchars_uni call to username Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears. 1.0.2 ----- . Updated to include exclusion groups, users . Changed so PM is sent by ae sender id 1.0.1 ----- . Released as a Product (thank you PHPGeek2k3 for your help) . Added option to post to a forum versus send a PM (or both) . All settings moved into Admin Option 1.0.0 ----- Initial release. Show Your Support
|
Благодарность от: | ||
too_cool_3 |
Comments |
#212
|
||||
|
||||
Quote:
|
#213
|
|||
|
|||
Quote:
Also, and you may have anticipated this already, but it would be useful to allow admins to reset the AED if their userID counts have been reset. Perhaps this means a timestamp or AED version number in the cookie. And once an overlap has been reported for a particular pairing, it would be useful to stop further reports of that particular pairing. That is, once users A and B are reported as overlapping, it isn't necessary to report it again. But this should not stop new overlap reports for A and C, or B and C, from being made. |
#214
|
|||
|
|||
Just an update on this:
I've completely rewritten the back-end (the old mod was only the backend), but I've yet to write the front end which will allow easy management of all the reports, cookies etc. At the moment the new version is running on my production forum (around 3000 visits per day), so I'd like to keep running it to make sure it is stable and works as it is supposed to. So far, so good. The new features are too numerous to mention, but it does import the old cookies from the original version, so there's a pretty much seamless upgrade path between the old and the new version. I'm not sure when this is going to be ready, but I would guess about 1 month, most of the difficult logic and tricky testing was done in the backend, so writing the front end should hopefully be simpler. Now onto your suggestions: Quote:
If during the login process the cookie ID on the PC is not found in the DB then it will be removed from the machine and a fresh cookie issued - in this way it would solve the problem you've just described. This functionality has already been tested. Quote:
Of course if you've exempted a cookie and it gets cleared, then you'll get the report again unless the users have been exempted. The main thing that used to bug me with the old one was having to retrieve the userids and enter them into that comma separated list. This will be much easier in future! The system also automatically PMs offenders and asks them to explain. If they don't, you can have them automatically banned or suspended within a configurable period of time. There's also an option to immediately ban users who register from a computer where a banned user has logged in... |
#215
|
|||
|
|||
Hi, here are my suggestions:
|
#216
|
|||
|
|||
Quote:
Quote:
What about browser details? Since our cookie is tied to that specific browser, why do we need these details? How will it help? All we need to know is that a cookie with a given ID is tied to a particular computer. I don't want to include detail in the report unless it is really useful. However, the report does mention how many times a user has been allocated a cookie, and warns if this number is too high - could indicate cookie deleting behaviour. However, users who delete their cookies after each session will probably never be caught by this hack anyway. Yes, the first time each user is added to a cookie this date is saved both in the cookie and in the DB. It is also mentioned in any reports. Quote:
I'll post some samples a bit later on about how some of the reports look that are running on my forum at the moment. |
#217
|
|||
|
|||
AED - I've always thought it stood for "alter ego detector".
|
#218
|
|||
|
|||
Ok everyone - it's time to show you some goodies of how this product looks so far. As I said earlier only the backend is done (a few minor tweaks to do), but you can see a few things in the meantime.
The program is keeping a running log. This is basically a development feature I put in to track how the flow of the program through the various bits. But actually it turned out kind of cool. This is what the standard text looks like for an alert message raised to the admins: (note that I have removed personal info like email address) Quote:
Quote:
Please also see screenshot attached to this post. |
#219
|
|||
|
|||
Quote:
There?s a Club with a public internet terminal. Many forum users log in there. The Club?s owner has an account too as well as many more fake accounts to promote his club. Sometimes the owner uses his own PC ? so we can be quite sure that in that case all multiple accounts are fake accounts. Sometimes the owner uses the public PC ? in that case we can?t distinguish between normal users and the owner?s fake accounts. So let?s imagine the owner clears the browser cache on his private computer and logs in again with several of his accounts. In this case we have to wait and watch again for a while till we can guess whether he?s using the public or the private PC (in other words: if we can ban all multiple accounts or if there may be normal users among them) Did I make myself clear? When public computers are involved it may be very comfortable to have system data as well. |
#220
|
||||
|
||||
I'm NeitherSparky and I approve this mod. Looks great!
|
#221
|
|||
|
|||
Quote:
looks awesome nice job so far |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|