Administrative and Maintenance Tools - Multiple Account Detection & Prevention

It happens all of the time. Some members will make multiple accounts to back their own opinion or get an extra vote in a poll. Here's a modification that will detect and prevent multiple accounts, as well as notify the administration about multiple accounts. Inspiration for this modification came from the work of MPDev (creator of the Multiple Account Login Detector) and randominity (creator of the Multiple Account Registration Prevention). This is basically a combination of those two modifications but with new and improved functionality.

This is not an update to the "Multiple Account Login Detector (AE Detector)" nor is it an update to the "Multiple Account Registration Prevention." If you have either one of these (or both of them) installed, you should uninstall them before installing this modification.

With the initial release of Multiple Account Detection & Prevention, I believe that I have fixed previous bugs/complications as well as improved the efficiency and logic of the code. This is my first publicly released modification. I would appreciate any comments and suggestions!

Confirmed! This works perfectly on all vBulletin 3.6, 3.7, and 3.8 versions.

Unfortunately, I cannot give support right now. I may be able to help periodically, but until my schedule yields some more free time, I won't be much support. Please check back in a week or two.

Basic Details
File Edits: None
Template Edits: None
New Files: 6
Hooks/Plugins: 3
Global Phrases: 36
Install Time: 2 Minutes or Less
Install Difficulty: None, Very Easy

Features and Settings
- Login Detection
- Registration Prevention (Multiple Methods)
- Ignore Child Accounts
- Ignored Users
- Ignored Usergroups
- Ignored ISPs
- Prevention Usergroup
- IP Address Based Prevention
- Extended IP Address Prevention
- IP Address Time Inclusion
- Banned Account Check
- Primary Banned Usergroup
- Cookie Expiration Time
- Cookie Refreshing
- Cookie Name
- Cookie Reset
- Multiple Account Reporter
- Reports via PM
- PM Report Recipients
- Reports via New Thread
- Forum for Report Threads
- Verbose Mode
- BB Codes: LIST, URL, CODE

How it Works
With every newly recognized login/registration, an account-counting cookie is set (or added onto) with the member's User ID. Depending on the settings, Multiple Account Detection & Prevention will analyze the cookie during login/registration to see if there are any multiple accounts.

Login Detection offers cookie-checking and reporting. Registration Prevention offers the same thing, plus more advanced features. First of all, when it prevents an account from registering, it actually moves the registrant to the Prevention Usergroup so that the administration can review the case. This also allows for customized privileges for recognized multiple registrants. Registration Prevention also has IP address detection which finds out just as much information about users. Depending on an administrator's preference, this modification can also reban a new registrant if one of their previous accounts has been banned. In fact, if the administration wishes, multiple registrants can simply be denied registration all together.

Whenever there is a detection/prevention, the modification will report the information to the administration through private messages, a new thread, or both (depending on settings). The Multiple Account Reporter can be any valid user.

Known Issues
- vB Optimise users: Reporting via thread seems to get messed up by vB Optimise, so try reporting via PM instead.
- PhotoPost vBGallery users: The registration handling appears to not work properly when PhotoPost vBGallery is enabled.

From what I can tell, these known clashes have been caused by the other modification's coding. The author of vB Optimise will not even work with me to fix it. Until they improve their coding, I'm not sure if I can do anything about these issues. As far as I know, administrators that do not use the above modifications will not have any problems.

Installation / Upgrade
Unzip the package (madp.zip), upload the files to your forum location, and import the product file (allow overwrite if upgrading). Please read the ReadMe.txt file that is packaged with the modification for more information.

Please remember to mark this modification as installed if you use it!
If you like it, nominate it for the Mod of the Month!

Thank you!

[Kiros72]

Quote:

Originally Posted by I.am

Hello sorry just a question but this mod work also if members are using proxy servers?

Thanks

Technically, the IP address checks would come through if they used the same proxy server to register multiple accounts. Also, if the cookie information is passed through the proxy (which it should be for them to be able to login to vBulletin), then the cookie detection will also work.

Quote:

Originally Posted by Raul7

hi Kiros,
if i only care about login detection and not registration, i can just select no prevention and silent mode doesnt really matter then right?

Correct. In version 1.x no action is taken for login detections. Action is only taken for registration prevention (if you enable it to).

Quote:

Originally Posted by vitrag24

wht's difference between Multiple account login detector (AE Detector)
mod and this mod?
if difference, then which is better?
shd i keep both or only one? which?

The difference is plenty. MPDev's modification only detects logins. My modification detects logins and registrations and can prevent registrations as well. During registration, advanced IP checks can also take place if the administrator configures the options that way. Speaking of options, there are far more settings and features. There is also much better documentation for all of the configurations. My modification also uses faster functions (like explode() instead of split()) and in my opinion, it also has better logic within the code. On top of everything else, I provide support for my modification. I don't see too much support coming from MPDev, himself. I don't think that his/her modification is bad, but I honestly think that mine is better. That's the whole reason I built this modification up; I saw that major improvements could be made upon the idea.

Feel free to take my modification for a test-drive. You can always uninstall it and go back to the AE Detector if you want (everything will still work as it did before).

Also, you should not have my modification installed while the AE Detector is installed. Just chose one or the other.

Quote:

Originally Posted by exportforce

Yes another one that wants the same I do
First account instaban too! Yes.

I have a problem.
The thing just did not! ban a multiple one



Yes the two commas are there already I only edited the values for security reasons.
It did NOT! ban ABCABC as it should.

Multiple Account Detection & Prevention is NOT supposed to ban for multiple logins. It is only supposed to ban multiple registrants if you have it configured to do so. This was a multiple login detection, not a registration detection. In other words, the person just logged into another account; he/she did not make a new one.

Get it?

[vitrag24]

Quote:

The difference is plenty. MPDev's modification only detects logins. My modification detects logins and registrations and can prevent registrations as well. During registration, advanced IP checks can also take place if the administrator configures the options that way. Speaking of options, there are far more settings and features. There is also much better documentation for all of the configurations. My modification also uses faster functions (like explode() instead of split()) and in my opinion, it also has better logic within the code. On top of everything else, I provide support for my modification. I don't see too much support coming from MPDev, himself. I don't think that his/her modification is bad, but I honestly think that mine is better. That's the whole reason I built this modification up; I saw that major improvements could be made upon the idea.

Feel free to take my modification for a test-drive. You can always uninstall it and go back to the AE Detector if you want (everything will still work as it did before).

Also, you should not have my modification installed while the AE Detector is installed. Just chose one or the other.

Thanks.
i'll try your mod..it seems promising.
so do i have to uninstall AE detector mod first?
and i fear if your mod will move users or prevent from registrations to non-spammers too? as if someone surf on cybercafe and multiple users register there but they arent same but then ur mod will prevent them from registering?

i mean to ask wht does ur mod use to detect and prevent multiple registration?
wll it prevent non-spammers too anyway?

[static-skillz]

Is there any plan to fix the glitch regarding vBOptimize being installed?

[BlueNinjaGo]

Quote:

Originally Posted by vitrag24

Thanks.
i'll try your mod..it seems promising.
so do i have to uninstall AE detector mod first?
and i fear if your mod will move users or prevent from registrations to non-spammers too? as if someone surf on cybercafe and multiple users register there but they arent same but then ur mod will prevent them from registering?

i mean to ask wht does ur mod use to detect and prevent multiple registration?
wll it prevent non-spammers too anyway?

You should uninstall AE detector completely (not just disable) for it to function properly. (You can see by the comments that this has been verified again and again)

You can CHOOSE whether or not multiple accounts are moved to a prevention usergroup. Also, if you do choose to have multiple accounts moved to a prevention usergroup, you can always choose to move them to a new usergroup, after you verify they aren't a spammer/multiple account. (This does NOT stop them from registering.)

It's pretty much impossible to tell the difference between Spammer and non-Spammer by simply checking IP addresses or cookies. If you're worried about real, unique users being moved to a prevention usergroup, you can always activate "silent mode" which will ONLY notify you. (It will not take any actions in silent mode) This will help you get an idea of how many reports you can be expecting and give you an idea of how it works.

[sfc]

how do I uninstall.. I did a test and now can't get into my admin...

Warning: require_once([path]/madp/detection.php) [function.require-once]: failed to open stream: No such file or directory in [path]/includes/functions_login.php(185) : eval()'d code on line 3

[exportforce]

Quote:

Originally Posted by Kiros72

Multiple Account Detection & Prevention is NOT supposed to ban for multiple logins. It is only supposed to ban multiple registrants if you have it configured to do so. This was a multiple login detection, not a registration detection. In other words, the person just logged into another account; he/she did not make a new one.

Get it?

I want those instantly banned too.
Can you add this too ?
What about my suggestion? Can a few $ put it in front of the cue ?

[Kiros72]

Quote:

Originally Posted by vitrag24

Thanks.
i'll try your mod..it seems promising.
so do i have to uninstall AE detector mod first?
and i fear if your mod will move users or prevent from registrations to non-spammers too? as if someone surf on cybercafe and multiple users register there but they arent same but then ur mod will prevent them from registering?

i mean to ask wht does ur mod use to detect and prevent multiple registration?
wll it prevent non-spammers too anyway?

Quote:

Originally Posted by BlueNinjaGo

You should uninstall AE detector completely (not just disable) for it to function properly. (You can see by the comments that this has been verified again and again)

You can CHOOSE whether or not multiple accounts are moved to a prevention usergroup. Also, if you do choose to have multiple accounts moved to a prevention usergroup, you can always choose to move them to a new usergroup, after you verify they aren't a spammer/multiple account. (This does NOT stop them from registering.)

It's pretty much impossible to tell the difference between Spammer and non-Spammer by simply checking IP addresses or cookies. If you're worried about real, unique users being moved to a prevention usergroup, you can always activate "silent mode" which will ONLY notify you. (It will not take any actions in silent mode) This will help you get an idea of how many reports you can be expecting and give you an idea of how it works.

I couldn't have said it better myself. Okay, well I would have added a few more things, but I'll do that now

This modification will always check for a cookie that tracks which account the person has logged into. This happens for both registration and login. You can enable IP address detection for registration; this is to protect against someone clearing or modifying their cookies to get past the detection. Since IP addresses change and some (although very few) people may register while at a public place (i.e. library or cafe), I also include a time limit. This setting limits the time (in days) in which the modification will look for matching IP addresses. Take this scenario for example:

You have the IP address checks enabled and you have the time limit set to 30 days. Someone registers on a public computer. Two months later, another person registers on the same computer. Although they might have matching IP addresses, the modification knows to ignore it since it is past the time limit of 30 days.

So I would like to confirm this for you. You have nothing to worry about. You will be able to reverse anything (such as bans or changed usergroups) and you can uninstall it at any time and reinstall AE Detector with no permanent consequences.

Quote:

Originally Posted by static-skillz

Is there any plan to fix the glitch regarding vBOptimize being installed?

Unfortunately, the author of vBOptimise refuses to respond to my private messages. I cannot find anything wrong with my code, so I think he/she will have to be the one to fix this glitch. If I need to change something, then I will gladly, but again, I cannot find anything wrong with my code. Please notify the author of vBOptimise about this inconvenience. He/she might know what to do.

Quote:

Originally Posted by sfc

how do I uninstall.. I did a test and now can't get into my admin...

Warning: require_once([path]/madp/detection.php) [function.require-once]: failed to open stream: No such file or directory in [path]/includes/functions_login.php(185) : eval()'d code on line 3

It looks like you don't have the files correctly uploaded. The files within the 'upload' folder should be uploaded to your forum root. Once you have the files in place, it will work just fine. I can help you with this privately if you would like my assistance.

If you just want to uninstall it, you will need to add this line near the top of your config.php file:

PHP Code:

define('DISABLE_HOOKS', true); 


Reupload your config.php file and all hooks will be disabled. You will be able to login and modify whatever you need to.

Quote:

Originally Posted by exportforce

I want those instantly banned too.
Can you add this too ?
What about my suggestion? Can a few $ put it in front of the cue ?

Yes, I'll have actions available for multiple logins for my next major release.
Also, yes, money always helps. I work on projects that I get paid for before I work on projects that I wouldn't get paid for.

[Alfa1]

It would be good to have more functions to deal with returning banned members / trolls that keep opening new accounts.

Here's a functionality request / suggestion:

Have a usergoup that is not able to log out. Members in that usergroup are automatically forwarded to a site of your choice.

This way, returning trolls could silently be moved to this usergoup. They would not be able to log out except by clearing cookies.

Logician once created a code that disallowed banned members from logging out.

[Kiros72]

Quote:

Originally Posted by Alfa1

It would be good to have more functions to deal with returning banned members / trolls that keep opening new accounts.

Here's a functionality request / suggestion:

Have a usergoup that is not able to log out. Members in that usergroup are automatically forwarded to a site of your choice.

This way, returning trolls could silently be moved to this usergoup. They would not be able to log out except by clearing cookies.

Logician once created a code that disallowed banned members from logging out.

Hmm, while I do make other modifications (privately), this one modification has a set theme: detecting and preventing multiple accounts. Your suggestion is for a modification that deals with banned users, which is not what this modification is about. If you would like me to create a modification for such a purpose, I'll get around to it when I have the time. It's a good idea, though

[Alfa1]

Yes, thats true. Such modification would be a wonderful addition to the functionality that the MAD&P is offering.

Please create this modification when you find the time.