PDA

View Full Version : Administrative and Maintenance Tools - Multiple account login detector (AE Detector)


Pages : [1] 2 3

MPDev
05 Sep 2006, 18:12
Mod of the Month winner!
Top 10 most installed mods for vB3.6!


Same plug-in found here:

http://www.vbulletin.org/forum/showthread.php?t=107566

There are no differences as this plug-in works with both 3.5 and 3.6 versions of vBulletin.

If you are like me and migrated from .threads, a common modification was an "AE detector", a simple mod that saved a cookie of a history of ids logged into on your site. If someone logged into more than one account, you got a PM letting you know that your site was being accessed from multiple accounts.

Over the years this was very helpful in identifying users who were posting under multiple accounts (alter-egos!) and users who would return after being banned.

You might be wondering why I don't use the vbcookie call - well, thats because on logout all vB cookies are cleared, so we need to store a cookie that is not effected by the login/logout process.

New Installation
1. Add New Product with attached XML
2. Go to vBulletin Options -> AE Multiple Login Detection Settings and set your specific settings.

Time to install: Easy - 2 minutes.

Upgrade
If you installed this as a Plug-in manually, you can delete that plugin and install this Product, just make sure to go into the Options and set them accordingly.

I hope you find this useful and will click INSTALL if you use it; should it prove useful to enough people I can look at making this installation more automated without the need for edits and an Admin Options page.

To upgrade you will want to reimport this XML file and edit your options accordingly.

1.0.3
-----
. Added a check to ensure that users weren't deleted when reporting violations
. added htmlspecialchars_uni call to username

Note: I am unable to get the call to construct_phrase with $vbphrase['multiplelogin_alert'] to work reliably, as such the $message variable is still set manually inside the plug-in and not via the phrase. If anyone has an idea of why this might not always work, I'm all ears.

1.0.2
-----
. Updated to include exclusion groups, users
. Changed so PM is sent by ae sender id

1.0.1
-----
. Released as a Product (thank you PHPGeek2k3 for your help)
. Added option to post to a forum versus send a PM (or both)
. All settings moved into Admin Option

1.0.0
-----
Initial release.

MPDev
05 Sep 2006, 18:13
This is the same plug-in as the one found in the 3.5 forum; just cross-posted here for the benefit of 3.6 users.

If for some reason your userids change - weather you reinstalled, started over or whatever; the best way to avoid getting false reports based on the users old userid is to edit the name of the cookie used by the AE Detector:

In Plugin Manager under the login_verify_success section edit the AE Detector: Login checker plug-in code.

Change each instance of "IDstack" to some new name for the cookie to be used. There are four of them all in the first 21 or so lines of the code.

1. if(isset($_COOKIE['IDstack']))
2. $idstack = $_COOKIE['IDstack'];
3. setcookie("IDstack", $idstack, time()+10368000, "/");
4. setcookie("IDstack", $idstack, time()+10368000, "/");

sola
05 Sep 2006, 19:00
Still as useful as ever.

TCB
05 Sep 2006, 19:25
A treat to install and to use....

Although it's not a completely safe way to keep out annoying people, it really comes in handy. Thanks

Neal-UK
05 Sep 2006, 20:43
This worked very well for me in the past stopping some idiots, so just installed on 3.6.

Excellent, thank you.

henners
05 Sep 2006, 20:58
Sounds really useful, given it an install :)

MentaL
05 Sep 2006, 23:11
You my friend are grade A meat. yum.

Ascor
06 Sep 2006, 00:29
installed and tested, work fine, thank you :)

Phalynx
06 Sep 2006, 09:10
Works great, thanks.

VBUsers
07 Sep 2006, 00:05
awesome and clicked install. good job!

tantawi
08 Sep 2006, 19:35
Essential plug-in, thanks!

Freesteyelz
08 Sep 2006, 19:48
Thank you, MPDev. :)

Keyser Söze
08 Sep 2006, 20:28
ok well u may know this but the hack version still comes up as 1.03 but here u have it listed as 1.0

ColeEsque
08 Sep 2006, 20:49
Installed.

Thanks!

C:)

mauisun
09 Sep 2006, 16:30
clicked install, very easy import and setup :)
...mauisun

YabbaDabba
09 Sep 2006, 22:59
Found in Options screen:

IS: List of usergroups that to not repot multiple logins sepertated by ","'s

Suggest:
Do not report multiple logins for these usergroups ID's (comma-separated list)

YabbaDabba
09 Sep 2006, 23:47
I suspect it would be better if all phrases were placed in the Phrase library.

An example phrase hardcoded in the xml:
$subject = $vbulletin->userinfo['username'] . " tripped AE detector";

Even better would be to give AE its own category in the Phrase library instead of sticking them in the VB category.

Otherwise, very cool!

oberheimhaven
11 Sep 2006, 19:46
Installed 1 m in tested and works 3.6.0 zero hassles

great hack
thxs
MarkAnthony
Musiciansquarters.com
Myspace.com/obeheimhaven

smoknz28
11 Sep 2006, 22:27
Right on....installed. ;)

Thank you for sharing.

Gonzo

YabbaDabba
14 Sep 2006, 06:05
Am I right in believing this can catch users hiding behind proxies (who otherwise don't clear their cookies after every session)?

YabbaDabba
14 Sep 2006, 15:44
Does AED generate a report for every additional (2nd, 3rd, 4th, etc.) identity found? Or does it just identify the first pair of overlapping accounts?

Put another way:
1 - Problem member gets banned
2 - Problem member re-registers
3 - AED spots overlap and generates report
4 - Problem member gets banned again
5 - Problem member re-registers again
6 - Does AED generate another report at this point?

YabbaDabba
16 Sep 2006, 04:41
It seems that the admin userID selected to generate a report thread does so from the computer of the overlapping users. The IP of the overlapping users' computer appears for the admin userID.

Anyway to prevent the IP logging behavior?

Otherwise, using the ID of one of the overlapping users to generate the report thread seems more appropriate.

p.s., neat hack!!

optrex
17 Sep 2006, 00:32
ignore me wrong hack

shoupz
17 Sep 2006, 09:32
installed, testing it out. *clicks installed

dodgeboard.com
20 Sep 2006, 02:37
Sometimes you get a hubby and a wife that both post from the same computer.

What would really be cool is if there was a way to set it to post a usernote to both duplicate registration ID's automatically (john123 = Jane456). That way I dont have to got post a note on there to keep track of dupe registrations.

Another cool feature would be to query for all duplicates; ie: run a report.

I like the hack though!!

MPDev
20 Sep 2006, 13:34
You could add them into the exception list, no?

Nathan2006
20 Sep 2006, 19:44
Thank you MPDev

Install

teedizz
27 Sep 2006, 09:30
For some reason this isnt creating a thread when I KNOW users have more then one userid, anyone explanation as to this may be happening? Im running 3.6.1

Neal-UK
27 Sep 2006, 09:40
If they clear their cookies or use another computer then you wont know. People using dial up are a pain, and those who have more than one ISP.

YabbaDabba
28 Sep 2006, 15:32
Does AED generate a report for every additional (2nd, 3rd, 4th, etc.) identity found? Or does it just identify the first pair of overlapping accounts?Every additional account on that computer generates a new report.

b6gm6n
28 Sep 2006, 16:18
did u know... that this mod is probebley my most useful and important addition to my forums...cheers

-b6

YabbaDabba
28 Sep 2006, 18:34
BUGS?

1 - Please move all the phrases into the Phrase library

2 - Fix the custom phrase bugs
I ended up having to edit the XML file to change phrases there.

3 - Have Report threads indexed in search properly
I have reports sent to a dedicated Mod-only forum with "Index New Posts in Search Engine" set to Y. Usernames are not found when searching this dedicated forum unless I go into admincp and reindex.

4 - Have report threads update the post counts properly
The Bot that generates these threads always has a "0" post count.

5 - Some unintended interaction between PM and thread generation
Had both PM and thread generation set to Y. Everything worked fine for weeks. Changed PM option to N. Threads no longer generated. This was reported as a problem on the AED for 3.5 thread also.


RECOMMEND ADDING A USE TIP TO YOUR ADMIN POST:
1 - Set up a bot account to be the author of any AED threads and PMs.
This will save people a lot of grief as otherwise the admin IP shows up associated with all the overlapping accounts.


POSSIBLE ENHANCEMENTS

1 - Skip user overlaps that have been previously reported
I realize that detecting this on the user's machine is unreliable for cookies, especially if the perp is using different computers and what not. Perhaps AED can detect if an identical post in an existing thread already exists? Or by comparing the userID's in the cookie to a logfile of past matches on the server?

2 - Automatically change new overlapping user's group assignment based on prior account's group
E.g., move new account "B" into usergroup "3" if earlier account "A" is in usergroup "2" (e.g., if member account A is in a "banned" group).

3 - Option to flush cookies
Or possibly an option to change the cookie domain; or add a trigger date to the cookie.
If a forum resets userID's, this plugin becomes worse than useless.

4 - Option to add current IP's to PM/thread for reported overlaps.

5 - Option to force acceptance of cookie
As pointed out by another user on the AED 3.5 thread, troublemakers with 1/2 a brain can get around this utility. Forcing cookie use (an option to deny access if cookie not present/written and/or detecting matching accounts against the logfile) would not affect most members at all.

6 - Create username variables for all cases
It would be nice to have variables for each reported username in both linked and unlinked states as well as for "all" user names.

brvheart
02 Oct 2006, 18:16
Well, I installed as this was one of the most useful that I used in 3.5.x but it does not work on my 3.6.1 board....it does not generate a PM or start a new thread....

Wachtmeister
08 Oct 2006, 19:06
Well, i used this hack and it is still one of my favoured, but since today it does not work :( I've upgraded to vb362 and don't get messages if users share their login. Is there a way how i can test the functionality?

jyajay
12 Oct 2006, 15:25
I do have v3.6.2 and this hack is running smoothly.

MPDev
12 Oct 2006, 19:25
Also running 3.62 with no problems....

brvheart
12 Oct 2006, 19:42
I must have a conflicting hack installed or something as this is not working for me at all :(

teedizz
18 Oct 2006, 07:42
Well, I installed as this was one of the most useful that I used in 3.5.x but it does not work on my 3.6.1 board....it does not generate a PM or start a new thread....


Im running 3.6.2 & im having the same exact problem.

mrkhm
18 Oct 2006, 07:45
kudos :)

MPDev
19 Oct 2006, 18:22
If for some reason your board changes userids, please refer to the second post:

http://www.vbulletin.org/forum/showpost.php?p=1068579&postcount=2

teedizz
19 Oct 2006, 22:31
i instaled this on a clean install & its not working at all...i loved this on 3.5.* but for some reason it work work at all

brvheart
20 Oct 2006, 15:34
unistalled, I cant get it to work no matter what I try...

teedizz
21 Oct 2006, 07:00
MPDev, can you please look at this a little closer & maybe fix whatever it is casuing it not to work bro. thanks.

Tulsa
22 Oct 2006, 16:11
It's working for me on 3.6.2

4yBak
23 Oct 2006, 17:00
I have question: are this hack can distinguish users that can work at the same computer. Example: internet-cafe, computer classes in schools, universities etc. where at the same computer can work many different peoples at different time.

In this case hack will work correctly? Thx.

MPDev
23 Oct 2006, 20:57
It uses a simple cookie; not any kind of technology to determine who is actually sitting in front of the computer when it is being used.

ConqSoft
23 Oct 2006, 21:02
not any kind of technology to determine who is actually sitting in front of the computer when it is being used.

How lame. You should have it check to see if a webcam is attached and take a picture so we can know who's REALLY there. ;)

MPDev
26 Oct 2006, 18:42
If you have the module installed that doesn't allow for URLs to be posted by users with XX posts, then that would prevent a post from being added to your AE forum if the user logging in has less than the number of allows posts required to post URLs.

Viper007Bond
27 Oct 2006, 08:33
Just got my first report. Very helpful! :D

coRtALoS
30 Oct 2006, 01:10
Not working. I'm on 3.6.2

teedizz
30 Oct 2006, 03:26
Something is wierd here. It works for some & not for others ( like myself ). What is a key code in the plug-in that may be preventing it from working on my site? I do have other hacks installed but nothing major, why do you think its not working for some MPDEV? Can you shoot out some suggestions?

teedizz
30 Oct 2006, 03:28
If you have the module installed that doesn't allow for URLs to be posted by users with XX posts, then that would prevent a post from being added to your AE forum if the user logging in has less than the number of allows posts required to post URLs.


I dont have that mod installed so that would count that out as a possible problem.

MPDev
30 Oct 2006, 13:27
Try this.

1) Clear your sitewide cookies (IDstack being the key one to delete).
2) Login as User #1. Logout.
3) Login as User #2.

Do you get any error messages?

4) Logout.
5) Login as Admin and check for new PM or post in forum depending on your settings.

I have mine setup to not send a PM, but to post in a forum.

osmanungur
30 Oct 2006, 14:37
thnx installed

cjwinternet
30 Oct 2006, 23:58
Installed thanks. Where can I edit the 'soup' comment?

voteforbird
31 Oct 2006, 04:04
Is it possible this system has a bug that erroneously reports multiple logins? Today we had an automated report for two members who have been around for ages. One with 3500 posts and another with 7500. We're supposed to believe they used the same computer?

ConqSoft
31 Oct 2006, 04:12
Maybe they visited each other? Logging on from the same computer isn't always a bad thing... Just something to keep an eye on for problem users.

teedizz
31 Oct 2006, 04:26
Try this.

1) Clear your sitewide cookies (IDstack being the key one to delete).


How do i do that bro?

MPDev
31 Oct 2006, 14:58
What browser do you use? It's in the cookie settings area with whichever one you use.

Is it possible this system has a bug that erroneously reports multiple logins? Today we had an automated report for two members who have been around for ages. One with 3500 posts and another with 7500. We're supposed to believe they used the same computer?

Since the mod uses a cookie that can only be stored on a single computer; one would assume that had to cross-login for some reason.

CoreIssue
12 Nov 2006, 16:13
It worked for one, but I just caught a banned user sneaking back on. Didn't report them.

Same IP but different name.

Only thing I changed was IE 6 to 7.

teedizz
12 Nov 2006, 17:41
What browser do you use? It's in the cookie settings area with whichever one you use.

Ok, I cleared all my cookies, made 2 accounts & still nothing happened. What file does this feed off of? Maybe i can post what that file looks like so you can look it over & see what may be casuing it not to work.

emmanuel132
14 Nov 2006, 17:53
this mod works for ever vbulletin correct 3.6.3? will it work for that?

MPDev
14 Nov 2006, 18:09
Yes, it works with 3.63.

emmanuel132
14 Nov 2006, 21:45
thank u mpdev good code

Luigi^
17 Nov 2006, 19:19
Hi,
I am trying translate the rows in Italian but when but the translation it stops to work, like never?

I replace:
$message = htmlspecialchars_uni($vbulletin->userinfo['username']) . " seems to have multiple personalities using $andids sharing the same computer. No soup for you! and you! and you!";
with
$message = "$andids utilizzano lo stesso computer";

and

$subject = $vbulletin->userinfo['username'] . " tripped AE detector";
with
$subject = $vbulletin->userinfo['username'] . " multiaccount";

it don't work, why?
thanks and sorry forum my english

Alfa1
18 Nov 2006, 14:14
MDPev,

Please read this: http://www.vbulletin.org/forum/showthread.php?t=131425&page=3
You might find this interesting. Would it be an idea to merge these hacks or to expand the functionality of AE?

coffee
19 Nov 2006, 21:12
Installed!

Thank you, MPDev.

MPDev
20 Nov 2006, 20:08
MDPev,

Please read this: http://www.vbulletin.org/forum/showthread.php?t=131425&page=3
You might find this interesting. Would it be an idea to merge these hacks or to expand the functionality of AE?

It might be, but I don't have the bandwidth to do it myself.

brvheart
20 Nov 2006, 20:55
just installed on my 3.6.3 and now it works....

EdQ
21 Nov 2006, 13:26
Is it possible this system has a bug that erroneously reports multiple logins? Today we had an automated report for two members who have been around for ages. One with 3500 posts and another with 7500. We're supposed to believe they used the same computer?

I just had two false alarms.

Both were Super Moderators. One is a personal friend. Who I know didn't logged into this users's PC. Which is a competitor's PC.

MPDev
21 Nov 2006, 13:28
There is no such thing as a "false alarm" (unless you've screwed up your system and everyone's userids have changed); it uses cookies which are only present on those computers.

EdQ
21 Nov 2006, 13:44
Well then I don't understand. I know this person isn't logging into the other members PC.

And my VB is working fine.

What is weird is both members were detected for the same user.

TaBaTaN
22 Nov 2006, 01:27
Installed!!
Thank you

Luigi^
22 Nov 2006, 01:33
Hi,
I am trying translate the rows in Italian but when but the translation it stops to work, like never?

I replace:
$message = htmlspecialchars_uni($vbulletin->userinfo['username']) . " seems to have multiple personalities using $andids sharing the same computer. No soup for you! and you! and you!";
with
$message = "$andids utilizzano lo stesso computer";

and

$subject = $vbulletin->userinfo['username'] . " tripped AE detector";
with
$subject = $vbulletin->userinfo['username'] . " multiaccount";

it don't work, why?
thanks and sorry forum my english

please help me :surprised:

coffee
22 Nov 2006, 02:50
please help me :surprised:

Edit the product-ae_detection.xml file by translating English to your language (I used translate.google.com (http://translate.google.com) because I don't speak Italian):

Line #53:
if ( !empty($andids) ) $andids .= "e";

Line #68:
$message = htmlspecialchars_uni($vbulletin->userinfo['username']) . " sembra avere personalità multiple usando $andids ripartire lo stesso calcolatore. Nessuna minestra per voi! e voi! e voi!";

Line #71
$subject = $vbulletin->userinfo['username'] . " rivelatore scattato di AE";

For the remaining phrases; use your Admin CP to search for this word in the titles: "multiplelogin" and then type the translation you want.

nocte
25 Nov 2006, 23:59
I's suggest to include the Mulitaccount Warning Threads in the search-index. Sometimes it might be useful to search through them.

.. espescially when you have up to 20 Warnings a day, like we have.

Devil Woman
27 Nov 2006, 12:16
Hi there, I have just come onto my computer to find a pan full on PM's on my forum :( as what they thought was a member had posted in a hidden forum just for staff.

turns out it wa sthe AE detector had picked up someone using multiple accounts and it had been posted in that forum only for some unknown reason it was autmatically posted using a members account and not the account I set in the AE Detector settings.

Can anyone help?

Thanks

voclain
08 Dec 2006, 00:24
I've installed this...but now I'm UNINSTALLED IT....what I was thinking it did was let me know when a USER was "SHARING" a username and password.

My site is a pay site....the only way you can get in is to pay. So...I'm pretty sure I have several users who have given there friends there Username and Password. The friend will NOT POST...but just read and share the account.

So....is there any way that anyone knows to KNOW if this is happening???? OTHER than watching the IP address of those who log in?????

Also...could this modification be altered to include this service???? IF SO...I would be willing to pay to have that modification done!

LET ME KNOW!

Yours,

Kirk

white_2kgt
16 Dec 2006, 00:42
Try this.

1) Clear your sitewide cookies (IDstack being the key one to delete).
2) Login as User #1. Logout.
3) Login as User #2.

Do you get any error messages?

4) Logout.
5) Login as Admin and check for new PM or post in forum depending on your settings.

I have mine setup to not send a PM, but to post in a forum.

Ok, I've had this installed for some time, it stopped working when I upgraded to 3.6x from 3.5x, today I decided to try and make it work again. Nothing made it work until I did this, how do you suggest I convince those using multiple accounts to clear their cookies? Is there something I can do to force it? (that would probably get annoying to everyone else though...) maybe you can fix it so this isn't a problem?

4yBak
17 Dec 2006, 15:18
how to prevent double detecting for the same peoples?

Example: I have on board 2 users that work at the same computer and each time I receive detect information.

MPDev
18 Dec 2006, 22:05
It won't report the same people over and over again unless they are somehow resetting their cookies themselves (like using logout and "clear all cookies" option); for which there is nothing you can do without adding database tracking to the code.

MPDev
18 Dec 2006, 22:08
I've installed this...but now I'm UNINSTALLED IT....what I was thinking it did was let me know when a USER was "SHARING" a username and password.

My site is a pay site....the only way you can get in is to pay. So...I'm pretty sure I have several users who have given there friends there Username and Password. The friend will NOT POST...but just read and share the account.

So....is there any way that anyone knows to KNOW if this is happening???? OTHER than watching the IP address of those who log in?????

Also...could this modification be altered to include this service???? IF SO...I would be willing to pay to have that modification done!

LET ME KNOW!

Yours,

Kirk

Right, this does not deal with the "sharing" of accounts; for that you would probably want to use IP tracking over a specific period of time. I have a paysite and it tracks user logins per day per IP and trigger a warning if used more than X times over that 24 hour period. (This is not a vBulletin thing, its a browser password thing).

For that you would need an to track all IPs used to login with timestamps and a checker.

Alfa1
18 Dec 2006, 22:30
Does this add on work well with PHP5.2?

MPDev
19 Dec 2006, 02:40
I'm not aware that the version of PHP has any bearing on the plug-in itself.

saf-t scissors
24 Dec 2006, 06:43
Just one suggestion: how about including the IP address of the machine in the warning message? I added the code $ip= IPADDRESS; up near where it's checking the cookie, then changed the message so it says something like ... sharing the same computer at IP $ip.

boing
25 Dec 2006, 01:11
Problem the search function is having problem after installing this hack and even after uninstalling...

Please help

Alfa1
29 Dec 2006, 01:05
Just one suggestion: how about including the IP address of the machine in the warning message? I added the code $ip= IPADDRESS; up near where it's checking the cookie, then changed the message so it says something like ... sharing the same computer at IP $ip.
I wonder why would you want that? If the pc is on dial up, AOL or another proxy, then many IP's will be used. If not the IP does not add anything. Or does it?

MPDev
02 Jan 2007, 19:54
Problem the search function is having problem after installing this hack and even after uninstalling...

Please help

This doesn't touch anything to do with "search"; not sure what you are referring to as a "problem" as that's pretty vague.

Frimon86
02 Jan 2007, 23:14
I really like this mod but lemmie try it out first.

I'm completely new to vb so please take it easy on me.
Ignore User IDs
List of user id's to not report multiple logins seperated by ","'s

Does this mean list the user i'd I dont want it to be posted to, because in this field it shows 1, and my user id is 1 because I am the admin, should I remove this 1 or leave it?

pipin
05 Jan 2007, 23:27
Hm,

i'm using this hack reporting to a forum through a special account, which isnt used at all.

But now i noticed that this account has multiple ip-adresses.

Can it be, that the IPs of the users, which are reported as using a multiaccount, are logged for that account by creating the reportthreads?

blazingpc
06 Jan 2007, 04:28
I've installed this (smooth BTW) and everything works fine but it will not create a thread.

It will show it in the latest posts but there is no thread and when I click on the link it says I do not have permission and the thread points to the public forum even though I've set it up in my MOD section.
The PM sending works great!! Just not the thread.
Any ideas on this?



EDIT: Never mind I was putting in the display order # instead of the forum id.:confused:


*INSTALLS*

gonecountry
07 Jan 2007, 00:21
Trying to uninstall since userid and usergroup exceptions are not working and I have several members who cannot login but when I uninstall via manage products I get the following error. Please help.

stwilson
15 Jan 2007, 05:58
Thanks for the MOD. This was a problem for me in the past.

ST

MPDev
17 Jan 2007, 02:12
Trying to uninstall since userid and usergroup exceptions are not working and I have several members who cannot login but when I uninstall via manage products I get the following error. Please help.

You didnt post the error.

Kadi
18 Jan 2007, 11:27
Hi,

Will it start detecting multiple users after they sign in with both accounts?

MPDev
18 Jan 2007, 15:25
I'm not sure I follow you - if they sign in two two accounts, it reports; it wont report again until someone uses a third account on that computer.

Kadi
22 Jan 2007, 14:26
Thanks you've answered my question.

Fr4gZ
25 Jan 2007, 17:06
Installed. I hope it works, we've had a few problems with people with aliases ont he site... very annoying.

SpanishHarlem
25 Jan 2007, 19:13
Installed. I hope it works, we've had a few problems with people with aliases ont he site... very annoying.

I think you will love how it work's. I caught someone that was banned 3 years ago on my forum. He also got a hold of someone elses password and logged in on her account as well.

MPDev
25 Jan 2007, 21:40
For us it's been a wonderful thing to catch people who were banned who join again or simply trouble makers who like to use alter egos to stir up trouble.

djjeffa
31 Jan 2007, 01:09
I am running 1.03 on my 3.6.4 it stop working when i went from 3.6.1 to 3.6.4
any recomendations?

blind-eddie
31 Jan 2007, 02:13
Im getting people I know well logging in, & it shows them sharing same pc. I know for a fact they have know clue who each other is. Is anyone else having this problem?

djjeffa
02 Feb 2007, 02:37
I am running 1.03 on my 3.6.4 it stop working when i went from 3.6.1 to 3.6.4
any recomendations?
bump.....................

blazingpc
02 Feb 2007, 03:02
I am running 1.03 on my 3.6.4 it stop working when i went from 3.6.1 to 3.6.4
any recomendations?


Have you tried to uninstall and re-install?

Also check all input fields for proper settings.

Corporal Clegg
02 Feb 2007, 21:35
*INSTALLED*

....and working perfectly. I have it set to send a PM rather than post a thread in a specific forum. I installed it just 2 days ago and have already caught 10 people using multiple accounts. Thank you very much for this extremely useful hack. I'm also using the multiple account registration prevention hack too, which works very nicely in combination with this hack.

Feature Request:

Now I'm no coder, but I was wondering something. Let's say someone has already registered multiple accounts *before* I installed this hack. What I would like to see as an added feature, would be a way to automatically place the multiple account into a "banned" usergroup.

Let's pretend that a few users already have multiple accounts...say user x with userid 100 has already registered accounts as user y and user z, with userid's of 200 and 300 respectively. Would it be possible to add a feature whereby the higher userid can be placed in a usergroup of your own choosing, say a "banned" usergroup when the AE detector is tripped? Most multiple accounts would have the higher userid than the user's original and primary account. So working on the difference in userid, the feature would automatically ban the higher userid and leave the lower one alone. It's not too hard right now for me to just manually ban the multiple account with the higher userid, but a feature to automatically do that would be nice.

The only other feature I can think of that I would like to see, would be a "strikes" system, whereby any user caught logging into multiple accounts more than X number of times would have the option of also being put into a "banned" usergroup.

I've got one person on my boards who must have at least 15 different personalaties and does things like make a post under one account, then he switches accounts, goes back to the post and compliments "himself" on the wisdom of the post.

Just a suggestion...this hack works wonderfully the way it is now, these are just "bonus" features that I'm suggesting here. Like I said, I'm no coder so I have no idea how difficult/impossible something like these suggestions might be.

Thanks for listening and for a great hack.


Corporal Clegg

djjeffa
04 Feb 2007, 17:03
I've got one person on my boards who must have at least 15 different personalaties and does things like make a post under one account, then he switches accounts, goes back to the post and compliments "himself" on the wisdom of the post.



Corporal Clegg
as soone as he logout of one name an into another the hack will alert ya then you warn him and if he continues ban his ip or there is a hack that dont let you log out somewhere make a special user group and put him in there.
hope this helps a bit.

Black Widow
05 Feb 2007, 22:05
thanks.

great hack...

gusfune
06 Feb 2007, 14:43
System went crazy, installed it propely on a fully functional board and it's triggering everytime with PMs and Threads saying X and Y are the same person.
Previously, before i've reinstalled my boards it worked without any problem, but now it's triggering all the time, and it's definitevely not working because it's happening all the time and saying that users 500miles away are the same person...

blind-eddie
06 Feb 2007, 18:48
System went crazy, installed it propely on a fully functional board and it's triggering everytime with PMs and Threads saying X and Y are the same person.
Previously, before i've reinstalled my boards it worked without any problem, but now it's triggering all the time, and it's definitevely not working because it's happening all the time and saying that users 500miles away are the same person...


I get simular results, I just delete those & move on to next one.

gusfune
07 Feb 2007, 05:39
I get simular results, I just delete those & move on to next one.
Yea, I could do it, but that's not how this system is supposed to work.
When I had my forums on 3.6.0 that used this same system worked perfectly, 100% of all reported logins were true, not like what's going on lately: messed results...

leftie
13 Feb 2007, 19:19
How can i edit the "no soup for you" phrase. It is saying it has been edited and saved in phrases but will not show in the posts. Can it be 'forced' to save.

MPDev
13 Feb 2007, 21:15
leftie, after you click on Mark Installed ;), check the plug-in itself; I had troubles with the phrases at one point and had to go back to using text in the plug-in.

Nothing has changed in the code to make it function differently between versions, so I can't explain why it would behave differently.

GeekDrew
13 Feb 2007, 21:21
leftie -- by "will not show in the posts", are you talking about posts that it makes after you edited the phrase, or posts that were already made before you edited the phrase?

leftie
14 Feb 2007, 18:00
Oops sorry MPDev *installed*.

GeekDrew,, I am talking about posts that have been made after the phrase edit.
Could i edit the xml file itself (two references to no soup for you) and reinstall.

Alfa1
17 Feb 2007, 22:19
MPDev, I have a feature request, which would be very handy IMHO:

If one of the reported accounts was banned, then display the reason for this ban in the Multiple Login Detection reports.

What do you think of this?

teedizz
19 Feb 2007, 20:54
i just dont know why this doesnt work for me. It use to work perfectly on 3.5.4 but now that im on 3.6.4 it dont work

ive tried on all versions, 3.6.0, 3.6.1, 3.6.2, 3.6.3, and 3.6.4 and it never worked...damn, i need this dang hack too

Eagle Creek
21 Feb 2007, 17:35
Very nice but... Why aren't there any phrases? Everything is INSIDE the plugin.

Works nice on 3.6.4 though.

akulion
22 Feb 2007, 01:59
hey is it possible to exclude someone from tripping the detector?

cos i have about 5 or 6 families who come to my forum
the adults like to discuss
the kids usually play games in the arcade

and everyday i have about 8 or 9 pms telling me the AED was tripped by these users
so any resolve for this please?

Alfa1
22 Feb 2007, 22:17
Yes, you can add their userid's to admincp -> vbulletin options -> AE detector -> ignore users (or simular)

klaus
23 Feb 2007, 06:31
First off I love this hack and it works awesome for my community. All of the moderators love it.

While investigating a user just now I noticed that all Flagged users share user "admin" IP in common. Every time it trips and posts a new thread in my "incident log" forum it is user admin that posts, and admin posts from the same IP as the offender rather then my server IP. First I was alert and concerned but eventually figured out what was happening. No complaints on this, just an observation I thought was worth sharing.

taydu
23 Feb 2007, 08:19
can you add e-mail option to it?

subzero06
23 Feb 2007, 16:58
I have a question
How do i set so another user that i created "AE DETECTOR" makes the threads instead of the admin making automatic threads when someone tripped the detector...

Bakushan
03 Mar 2007, 06:44
I heard in some states this is considered a form of spyware unless mentioned in the sites TOS. I was curious if anyone knew this to be true and if so did you update your terms of service to be covered legally. (and if so what exactly did you update it with) Hope this kind of question is ok to ask thanks for any help.

MrNase
06 Mar 2007, 15:39
Why did you exclude the first line:

//$message = construct_phrase($vbphrase['multiplelogin_alert'], htmlspecialchars_uni($vbulletin->userinfo['username']), $andids);
$message = htmlspecialchars_uni($vbulletin->userinfo['username']) . " seems to have multiple personalities using $andids sharing the same computer. No soup for you! and you! and you!";


?? :)

MPDev
07 Mar 2007, 01:59
Why did you exclude the first line:

//$message = construct_phrase($vbphrase['multiplelogin_alert'], htmlspecialchars_uni($vbulletin->userinfo['username']), $andids);
$message = htmlspecialchars_uni($vbulletin->userinfo['username']) . " seems to have multiple personalities using $andids sharing the same computer. No soup for you! and you! and you!";
?? :)

Because it didn't work.

skariko
08 Mar 2007, 00:33
I tryed to test it but it doesn't work, why?

I've VBulletin 3.6.5.

manofphat
09 Mar 2007, 05:30
I'm using vB 3.6.5 and it just tripped on users that haven't even been activated yet and are for sure different people (I know them both in RL)

blind-eddie
09 Mar 2007, 13:50
lol....that will happen alot....not sure why

Opus4
09 Mar 2007, 17:49
Not sure if this was mentioned before, but... If there are multiple forums at the same site, it can trip on different users using the same ID on both sites. I checked it out on a test forum -- created new users & got the notifications that multiple users logged in from the same place. Once installed on an active forum, a new test user there ended up with notifications that listed users that certainly never used my PC, simply because they had the same IDs as the test users on the test forum. That might explain some false positives.

djjeffa
11 Mar 2007, 22:21
ok mine hasent worked for a while any commom problems with this hack? i upgraded it an set to write over and rentere all the settings but its not pming or posting threads and i have had a few difrent members test it.

puertoblack2003
11 Mar 2007, 22:41
ok mine hasent worked for a while any commom problems with this hack? i upgraded it an set to write over and rentere all the settings but its not pming or posting threads and i have had a few difrent members test it.

sup jeffa, i sure you probably did this but make sure you put the right post # i had that problem my self and that was the cause.

and make sure the user id is the same default is 1 make sure you are user id 1

djjeffa
11 Mar 2007, 23:29
I uninstalled and reinstalled still with no luck
send pm and make new thread checked but it stll not working?

puertoblack2003
12 Mar 2007, 00:15
I uninstalled and reinstalled still with no luck
send pm and make new thread checked but it stll not working?

make sure you have it turned on when you installed the default is off..

djjeffa
12 Mar 2007, 01:38
make sure you have it turned on when you installed the default is off..

heres what i got

GeekDrew
12 Mar 2007, 01:52
Those settings appear as though they might possibly be correct... has it ever worked? If it did, Have you changed any settings since the last time it worked?

djjeffa
12 Mar 2007, 02:00
Those settings appear as though they might possibly be correct... has it ever worked? If it did, Have you changed any settings since the last time it worked?

i was running the 3.5 version and it stop working in december so I upgradded to this version and havent had any luck

ZombieAndy
15 Mar 2007, 20:26
I had this working until around december also... its not worked since.

anyone know how to fix it?

blind-eddie
15 Mar 2007, 20:34
Yep, uninstall it & look for one that works.....

djjeffa
16 Mar 2007, 02:50
I uninstalled and reinstalled now the pm system is working but it wont start new threads

daddygrim
16 Mar 2007, 13:29
anybody????????

daddygrim
16 Mar 2007, 20:02
Yeah This Just Worked..lmao Amazing!!!

KiraLove
17 Mar 2007, 00:12
Hello all. I would like a version of this that also logs to SQL both for ease of generating a report in the admin panel showing all the duplicate ID's that have been detected over time, as well as eliminating duplicate reports.

Right now if you have a user who logs in with two accounts you get a report. But then if he moves to his laptop, you get the report again. If the user logs in from internet cafe's and libraries while travelling, or where the machines are routinely wiped of user activity and cookies, then you will get the reports over and over same one every day.

If we log to SQL then duplicates can be optionally eliminated (I personally would enable it).

If anyone can help me with this I love you for it :-) Also if not, is there a way to hire coders here for things like this?

teedizz
17 Mar 2007, 00:27
i iwsh this would work on my forum...it use to work on 3.5.4 but never again since i upgraded to 3.6.*

daddygrim
17 Mar 2007, 00:42
ummmmit worked but...my members in 2 different states..so how could it detect they both logging on from the same pc?

GeekDrew
17 Mar 2007, 00:57
ummmmit worked but...my members in 2 different states..so how could it detect they both logging on from the same pc?

How are you sure they're in different states? Are you certain that they didn't use the same PC? Are their IPs different?

daddygrim
17 Mar 2007, 01:01
The IP Address is: 72.86.0.69. The host name is: pool-72-86-0-69.lyncva.east.verizon.net

The IP Address is: 207.96.37.198. The host name is: montcogov198.erols.com


BOTH DIFFERENT.

GeekDrew
17 Mar 2007, 01:10
Hell if I know. ;) Have any user IDs changed lately?

Oh, and what's with the "BOTH DIFFERENT"? Seems your caps lock button wasn't stuck before....

daddygrim
17 Mar 2007, 01:17
Caps Smaps...i Copied And Pasted The Ips..i Always Talk In Caps.

djjeffa
19 Mar 2007, 03:47
well like i said before the pm part is working but it still dont want to start new threads each time.
any ideals if you look at my previous post you will see everything is set right

daddygrim
19 Mar 2007, 03:51
anybody?????

wolf32
19 Mar 2007, 03:58
Would be fantastic if you could block the IP, but this will do just fine!!!

daddygrim
19 Mar 2007, 14:25
well???????????????????

rolfw1
23 Mar 2007, 18:47
Hi MPDev, is it possible to include both/all usernames in the thread title which is generated?

If it is, can you tell me what to change and how to find it please? :)

PS. Love the mod. :)

Doctor Death
23 Mar 2007, 20:37
How do you change the PM it sends to something a little more official? Would be nice to be able to set that text in ADMINCP setup.

Great mod

djjeffa
24 Mar 2007, 00:01
ok mine hasent worked for a while any commom problems with this hack? i upgraded it an set to write over and rentere all the settings but its posting threads and i have had a few difrent members test it. I even unistalled and re installed, the pm part work but not the thread making one and yes I checked all the settings

help!!!!!!!!!!

blind-eddie
24 Mar 2007, 05:25
Yep, I dont work....

Mattikana
24 Mar 2007, 16:31
Mine stopped working 3 months ago..
What's going on!?

Zolo
24 Mar 2007, 16:58
mine .. it stoped sending me PMs & sometimes its only creating a new thread upon detection , all the AE options are OK!

teedizz
24 Mar 2007, 23:53
I even pm'd the coder offering money if he could get this to work for me but it fell on deaf ears. I dont understand wy he ( or anyone with coding experience ) cant look at this hack a bit closer because its no reason why it works some some and doesnt work for others. It may be something minor thats causing this to work when it wants to.

Ryloth
25 Mar 2007, 17:17
The PM sent is from a phrase called 'multiplelogin_alert'

Just go in there and change it to what you what it to be......

Fungsten
26 Mar 2007, 00:22
I've received PMs saying that someone logged on using another members IP#. When I went to check it there was no such thing.

daddygrim
26 Mar 2007, 02:20
i know i had it detect someone with 2 different ip addresses.

Jimandbob
26 Mar 2007, 02:34
Mine stopped working 3 months ago..
What's going on!?


It works fine for me....And always has done:D Great work

ZombieAndy
26 Mar 2007, 20:39
Is this still supported or not? it clearly has problems working on vB.3.6.5 and the creator dosn't seem interested.

Joe Blow
27 Mar 2007, 06:57
Has anybody got this working on 3.6.5?

k_v
27 Mar 2007, 08:34
it works on 3.6.5 without any problems..

teedizz
28 Mar 2007, 06:47
is there a way to reset your boards cookies so that all users would have to log back in? Maybe thats why its not working...lol...im just throwing things out there to why this may not ork.

Joe Blow
28 Mar 2007, 09:08
Yes, mine is working on 3.6.5 now, just took a while to get my first victim.

Can I assume that this will detect matches from previously banned accounts?

Doctor Death
01 Apr 2007, 18:49
would love to see version checking implemented in this@!

Great mod

MPDev
02 Apr 2007, 01:49
It's not that I don't care; its that the mod works exactly as it was designed on all versions.

What may cause it not to work is other mods you may have installed. For example, if you have the mod installed that doesn't allow a user to post a URL in their post until they have XX posts, the post to the forum will fail since the user doesn't have enough posts to make the thread to begin with. In this case you end up having to modify my mod to include something like:

$vbulletin->userinfo[posts] = 20;

before it tries to post.

I don't have time to trace down all the mods you have running; but what I do know is that this mod works as it was designed.

accessdeniedzzz
02 Apr 2007, 01:53
Very good :up:
just a question in case that user delete the cookies the detector will no more detect him!
is there possibility to make the cookies MySql Based ?

MPDev
02 Apr 2007, 02:00
I've never heard of a "MySQL based cookie"....

amcd
02 Apr 2007, 11:48
MPDev, it doesnt work on my forum for some reason, just wondering if any of these hacks on my forum are hindering from your hack to work... can you please help. thx

Atakan Marquee Text 1.00 Atakan Marquee Text Edit Disable Export Uninstall
Bills PayPal Donate 1.3 Bills PayPal Donate Edit Disable Export Uninstall
Dynamic Forum Home Announcement Hack by Logician 1.0 Dynamic Forum Home Announcement Hack by Logician Edit Disable Export Uninstall
Extended Signature Limits 1.0.3 This Hack gives you more control (font size, # of lines, etc.) of what Users can put into their Signature Edit Disable Export Uninstall
Invites System 1.4.0 An automatic system which gives your users a limited number of invites that they can give out. When this system is enabled, regular registration without invites is restricted. Edit Disable Export Uninstall
Log Logins Hack 1.1 Log Logins Hack Edit Disable Export Uninstall
Miserable Users 2.05 A way to really annoy anyone you don't want visiting your forum. Edit Disable Export Uninstall
Multiple Login Detector 1.03 Cookie-based multiple account login detector Edit Disable Export Uninstall
Referrer in Memberinfo 1.0.0 Create By: Psionic Vision Edit Disable Export Uninstall
Shoutcast Status Full 2.0 Shoutcast Status Forumhome 2.0 Edit Disable Export Uninstall
v3 Arcade 1.0.6 A multiplayer gaming system for your vBulletin forum. Edit Disable Export Uninstall
v3 Arcade - Manually Add Game 1.0.3 Provides an additional Game Tool to manually add a game without the use of a script or import tool. Edit Disable Export Uninstall
v3 Arcade - Who's Online in the Arcade? 2.0.0 Displays who's online in your Arcade, and on a per game basis.

MPDev
02 Apr 2007, 16:51
I wouldn't know since I'm not using most of those hacks.

Lapsetur
10 Apr 2007, 10:53
it's not working with 3.6.5

Dream
10 Apr 2007, 11:01
This sounds like a great idea, I'm testing it out, thanks.

MPDev
10 Apr 2007, 13:06
it's not working with 3.6.5

If you read above you, many would disagree.

Lapsetur
10 Apr 2007, 14:05
You mean the plugins I am runnin

Custom Links 1.6.0

Members who have visited the forum 4.41

Separate Sticky and Normal Threads 1.0.5

Top 'X' Stats by InfiniteWebby 1.2.2

vbBOL

Muellmann
11 Apr 2007, 02:46
an interesting aspect: If one forum A has installed this hack and it saves a cookie at a user and this user visits and registers later on forum B (also with your hack installed), will the cookie from forum A interfere with forum B? If so, this would make many wrong alarms, because many people use to register on multiple forums. :confused:
Or does the cookie include the domain information of the forum where it was saved and AE checks, if it's a cookie only from this forum?

GeekDrew
11 Apr 2007, 02:50
Cookies are saved on a per-domain basis; there is no (realistic) way that AE operating on a forum on a different domain could be interfering with another AE's operation.

BadgerDog
12 Apr 2007, 00:20
Installed with thanks.... :)

Seems to be working on 3.6.4 so far.... did a test from same computer with different user names and it did what it was supposed to. Posted a thread in forum, sent PM's to moderators etc....

Only thing I'd like to do is clean up the "no soup" thing in the messages. Where do I do that?

Regards,
Badger

Phillip Chapman
13 Apr 2007, 02:15
I've been using the 3.5.x version since the original plugin was released. I recently removed the plugin, upgraded our board to 3.6.1, then installed the 3.6.x version.

I customized the "multiplelogin_alert" phrase removing the soup line and changing it to a custom message. However, it appears that the "multiplelogin_alert" phrase is only showing the default verbiage when we get an alert. If someone could please advise how to fix this we'd appreciate the insight.

Also, if we need to remove anything manually from the 3.5.x version, please let us know. We don't want any stray code around.

citroenar
16 Apr 2007, 00:18
It work without problems in 3.6.5!

MPDev
16 Apr 2007, 01:35
You have to modify the plug-in code to change the phrase; I could never get the phrase itself to work out of the languages properly.

Lapsetur
16 Apr 2007, 09:29
I found the problem when I disable "Members who have visited the forum" it started work again

BBI-Ross
16 Apr 2007, 10:05
INSTALLED

This is sweet, thank you!

Dunno012007
17 Apr 2007, 18:35
Works great thanks INSTALLED

MPDev
18 Apr 2007, 13:06
Click INSTALL, please :)

alexi
19 Apr 2007, 17:19
Working GREAT! I love this
I have clicked install
One suggestion for future improvement- would it be possible to have all the usernames listed in the title of the thread? It would make it much easier to find problems

theassasin
20 Apr 2007, 10:30
AE Multiple Login Detection Settings does not appear in vBulletin options
I've already installed this hack. I'm running vBulletin v.3.6.5.
please help me. tnx

Mattikana
21 Apr 2007, 18:22
I found the problem when I disable "Members who have visited the forum" it started work againI also have this hack installed and my AE Detector hasn't worked for a while. Imho there's a big chance that this hack is interfering with the other one.

AFemaleProdigy
27 Apr 2007, 17:53
Wow! Installation was super easy and fast! Hope it works well too! Thanks!

mtha
27 Apr 2007, 21:01
It works great.

however, I need more information than that, so I create an other version of this hack, with multipleloginlog table in database (with option to use it), to store (userid,idstack,dateline,ipaddress,proxyip,useragent,url)


No interface to see the log yet, only store to database, and you can check in the database to see the log.

amcd
28 Apr 2007, 05:03
This is wonderful, mtha. Exactly what I had been waiting for. Been wanting to do it for a long time but never got around to actually doing it.

I am installing it right away. Will give more feedback later.

Snake
28 Apr 2007, 14:35
Is this going to work just fine on 3.6.5?

amcd
28 Apr 2007, 15:00
It works great.

however, I need more information than that, so I create an other version of this hack, with multipleloginlog table in database (with option to use it), to store (userid,idstack,dateline,ipaddress,proxyip,useragent,url)


No interface to see the log yet, only store to database, and you can check in the database to see the log.
Its good, but analysing this table will not be easy as all the ids are not stored in the userid column. Some of them are in the serialised array only, and that is not indexable.

Also, if a person has more than 2 ids, it is creating multiple records for that person.

I think it would be more fruitful to store one record for each id/cookie combination. Lets say userid 1453 logs in with cookie 78, then the plugin should store 1453 and 78 if such a record does not already exist. Later when the user logs in with id 1782 and the same cookie value, this should be recorded as well.

Now when we have to check if userid 1453 has any alter ego, we just run a query where cookievalue=78.

The advantage of this scheme would be that even shared ids would be tracked.

Dream
01 May 2007, 06:33
Just thought important to say, I like the no soup for you :P

Also this mod is working nice, although it was just a guy that registered twice and a couple that uses the forum on the same computer.

Mrdby
08 May 2007, 14:39
love it!!!!

redtailboa
08 May 2007, 16:33
Does this still work if a user logins then logs out, and clears cookies?

MPDev
09 May 2007, 14:40
If they use the vB cookie clearer, yes; if they clear their own cookies manually, no.

MeMySelfNi
11 May 2007, 01:45
I have caught several trolls since installing this.

Mrdby
12 May 2007, 05:13
I have caught several trolls since installing this.lmao me too!!

coffee
13 May 2007, 20:04
Works great with vB 3.6.6 !

Alphawolf83
14 May 2007, 18:39
Works great with vB 3.6.6 !
Stopped working here (3.6.6) for unknown reasons.. :erm:

//edit. It does work..

coffee
20 May 2007, 18:07
Now tested with 3.6.7_PL1 and works too.

KHALIK
30 May 2007, 04:30
XML Error: unknown at Line 0

I get this error message when trying add this plugin. What is the cause of this problem.

tycity
07 Jun 2007, 06:18
Installed - talk about ez to implement! Love it.

mfyvie
16 Jun 2007, 08:12
Just to give everyone some advanced warning: I've had permission from MPDev (developer of this mod), to overhaul and extend it. I've started this process and am testing it on my own system. When it is ready, I will release the "enhanced version".

I'm doing this because I get about 3-5 duplicate accounts per day and the workload with having to deal with this is too much.

Examples of new features being added is the ability to send "please explain" PMs to offenders who have been detected with multiple accounts. This cuts down on the amount of work someone has to do - they simply wait for the reply. Notification messages can also be appending to an existing thread (rather than a new thread started each time).

The changes will also mean that the mod will be fully phrased based and the notification messages themselves will contain more useful information as well as links to various handy functions (like ban).

I'm also looking at making it more database-based - in that each cookie will be assigned a unique serial number. This will bring many advantages - such as the ability to exempt a particular computer from the check, rather than having to exempt the users themselves.

Just wanted to let those of you who are interested know - so you can watch out for it when it is released. I can't give you a promise at this stage when that will be - maybe a couple of weeks.

Doctor Death
16 Jun 2007, 14:24
Thats great, I am glad you are running with it. Would like to have the output messages configurable if at all possible as well (e.g. the admin messages).

Thanks! Look forward to it.

mfyvie
16 Jun 2007, 14:28
Thats great, I am glad you are running with it. Would like to have the output messages configurable if at all possible as well (e.g. the admin messages).

Thanks! Look forward to it.

Yes, it will - as per the post above :

mod will be fully phrased based

Spinball
25 Jun 2007, 09:23
Just to give everyone some advanced warning: I've had permission from MPDev (developer of this mod), to overhaul and extend it. I've started this process and am testing it on my own system. When it is ready, I will release the "enhanced version".

I'm doing this because I get about 3-5 duplicate accounts per day and the workload with having to deal with this is too much.

Examples of new features being added is the ability to send "please explain" PMs to offenders who have been detected with multiple accounts. This cuts down on the amount of work someone has to do - they simply wait for the reply. Notification messages can also be appending to an existing thread (rather than a new thread started each time).

The changes will also mean that the mod will be fully phrased based and the notification messages themselves will contain more useful information as well as links to various handy functions (like ban).

I'm also looking at making it more database-based - in that each cookie will be assigned a unique serial number. This will bring many advantages - such as the ability to exempt a particular computer from the check, rather than having to exempt the users themselves.

Just wanted to let those of you who are interested know - so you can watch out for it when it is released. I can't give you a promise at this stage when that will be - maybe a couple of weeks.

Excellent - thanks.

YabbaDabba
25 Jun 2007, 18:45
Notification messages can also be appending to an existing thread (rather than a new thread started each time).MOST excellent!

Also, and you may have anticipated this already, but it would be useful to allow admins to reset the AED if their userID counts have been reset. Perhaps this means a timestamp or AED version number in the cookie.

And once an overlap has been reported for a particular pairing, it would be useful to stop further reports of that particular pairing. That is, once users A and B are reported as overlapping, it isn't necessary to report it again. But this should not stop new overlap reports for A and C, or B and C, from being made.

mfyvie
25 Jun 2007, 20:51
Just an update on this:

I've completely rewritten the back-end (the old mod was only the backend), but I've yet to write the front end which will allow easy management of all the reports, cookies etc. At the moment the new version is running on my production forum (around 3000 visits per day), so I'd like to keep running it to make sure it is stable and works as it is supposed to. So far, so good.

The new features are too numerous to mention, but it does import the old cookies from the original version, so there's a pretty much seamless upgrade path between the old and the new version.

I'm not sure when this is going to be ready, but I would guess about 1 month, most of the difficult logic and tricky testing was done in the backend, so writing the front end should hopefully be simpler.

Now onto your suggestions:

MOST excellent!

Also, and you may have anticipated this already, but it would be useful to allow admins to reset the AED if their userID counts have been reset. Perhaps this means a timestamp or AED version number in the cookie.

Cookies contain a unique cookieID which ties back to the database, userids on the cookie and the first visit on that cookie, as well as an MD5 hash of the cookie contents. Everything is based on userids, so to be honest if someone resets all their userid numbers (why would someone want to do this) then it won't work anymore. Thankfully the fix in this situation would be easy - the admin would have to drop all the records from the AED tables (can someone tell me what AED is supposed to stand for, I should really know since I'm writing it - the A and the D I get, but the E?).

If during the login process the cookie ID on the PC is not found in the DB then it will be removed from the machine and a fresh cookie issued - in this way it would solve the problem you've just described. This functionality has already been tested.

And once an overlap has been reported for a particular pairing, it would be useful to stop further reports of that particular pairing. That is, once users A and B are reported as overlapping, it isn't necessary to report it again. But this should not stop new overlap reports for A and C, or B and C, from being made.

I've implemented this a little differently. Firstly the same users logging into the same cookie will not raise another report (that is also how it worked in the old/current version). Before you had the choice just to exempt users, but now you can exempt a cookie as well. The advantage of exempting a cookie is that all subsequent users won't be reported (unless they go to another computer and log in). This is useful for a PC where many people share it (like a common PC in a work cafeteria for example).

Of course if you've exempted a cookie and it gets cleared, then you'll get the report again unless the users have been exempted.

The main thing that used to bug me with the old one was having to retrieve the userids and enter them into that comma separated list. This will be much easier in future! The system also automatically PMs offenders and asks them to explain. If they don't, you can have them automatically banned or suspended within a configurable period of time. There's also an option to immediately ban users who register from a computer where a banned user has logged in...

nocte
25 Jun 2007, 21:57
Hi, here are my suggestions:

The reports should be searchable. So if you enter a specific user name in the searchbox you should find the reports.


The system info (e.g. browser, os, screen resolution, ..) as well as the IP-Adress(es) should be within the report. In some cases this might be helpful. It would be also helpful to have for each posting the system info saved to have a thrid way to compare users (appart from shared IP-Adress and cookie)


The first save date of the cookie should be reported.


I'd love to have a automatic cronjob that searched once a day for users who were during the last 24 hours online with the same ip-adress. We have a very huge forum that is a few years old so searching for a specific ip often shows dozens of users who accidently had the ip-adress during the last years.

mfyvie
26 Jun 2007, 10:25
The reports should be searchable. So if you enter a specific user name in the searchbox you should find the reports.

The actual interface will be concerned more with dealing with the current issues - such as tracking new reports and resolving them, so it won't deal too much with history. However, each time an incident is reported it can be sent as a PM, started as a new thread in a given area or appended to an existing thread. Each report contains detailed information about each user found on the cookie. If you keep this information you can then use the advanced search features of VB to locate the info you need.

The system info (e.g. browser, os, screen resolution, ..) as well as the IP-Adress(es) should be within the report. In some cases this might be helpful. It would be also helpful to have for each posting the system info saved to have a thrid way to compare users (appart from shared IP-Adress and cookie)

I have deliberately left out IP address and browser info from the reporting. Why? IP address is becoming more and more useless as a way to track users - that's the whole idea behind the cookie-based approach. Many users are logging on via proxies (for example when they are at work), or are using dynamically allocated address which are changing often. Including the IP really would be of limited use.

What about browser details? Since our cookie is tied to that specific browser, why do we need these details? How will it help? All we need to know is that a cookie with a given ID is tied to a particular computer. I don't want to include detail in the report unless it is really useful.

However, the report does mention how many times a user has been allocated a cookie, and warns if this number is too high - could indicate cookie deleting behaviour. However, users who delete their cookies after each session will probably never be caught by this hack anyway.

The first save date of the cookie should be reported.

Yes, the first time each user is added to a cookie this date is saved both in the cookie and in the DB. It is also mentioned in any reports.

I'd love to have a automatic cronjob that searched once a day for users who were during the last 24 hours online with the same ip-adress. We have a very huge forum that is a few years old so searching for a specific ip often shows dozens of users who accidently had the ip-adress during the last years.

Such a feature is out of scope for this mod and has nothing to do with any of its functions. However, you should be able to do this with a simple SQL query, or write such a cronjob yourself. Remember that people who work in the same company would be flagged with this. Most of my users are in the same country, so such a report would produce so many false positives that it would keep me busy investigating them all!!

I'll post some samples a bit later on about how some of the reports look that are running on my forum at the moment.

Darat
26 Jun 2007, 10:48
AED - I've always thought it stood for "alter ego detector".

mfyvie
26 Jun 2007, 15:40
Ok everyone - it's time to show you some goodies of how this product looks so far. As I said earlier only the backend is done (a few minor tweaks to do), but you can see a few things in the meantime.

The program is keeping a running log. This is basically a development feature I put in to track how the flow of the program through the various bits. But actually it turned out kind of cool.

This is what the standard text looks like for an alert message raised to the admins:

(note that I have removed personal info like email address)

Duplicate Account Alert

Multiple users have been detected using the same computer. The following details are available:

Unique cookie ID: 241
Date cookie dropped: 10:38, 24th Jun 2007
Cookie first dropped for: Francko

Manage or configure options for this computer(cookie) here (http://www.englishforum.ch/#) or for all cookies here (http://www.englishforum.ch/#).

User Details

Username (ID): Francko (http://www.englishforum.ch/member.php?u=4353) (4353)

First seen on this cookie: 10:38, 24th Jun 2007
Last seen on this cookie: 10:38, 24th Jun 2007
Cookies used last 720 days: 2
Cookies used last 30 days: 2
Joined date: 02:06, 17th Apr 2007
Last activity: 02:40, 23rd Jun 2007
Number of posts: 1
Email address: ****@hotmail.com
Ban status: Not banned (Ban this user (http://www.englishforum.ch/modcp/banning.php?do=banuser&userid=4353))

The following profile information is recorded for this user - Location: -

---

Username (ID): Egla (http://www.englishforum.ch/member.php?u=4630) (4630)

First seen on this cookie: Imported from legacy cookie
Last seen on this cookie: Imported from legacy cookie
Cookies used last 720 days: 0
Cookies used last 30 days: 0
Joined date: 22:56, 24th Apr 2007
Last activity: 13:46, 19th Jun 2007
Number of posts: 14
Email address: ****@yahoo.co.uk
Ban status: Not banned (Ban this user (http://www.englishforum.ch/modcp/banning.php?do=banuser&userid=4630))

The following profile information is recorded for this user - Location: London

---

This report was generated by a modification for vBulletin that detects multiple users using the same computer. Details for this modification can be found here (http://www.vbulletin.org/forum/misc.php?do=producthelp&pid=mfyvie_20070617).The users can also get a PM. This is what they look like on my system, but the standard version of the product will have different, more generic text:

Dear test03,

We've recently had reason to believe that either someone else has been using your account, or that you may have two accounts on this system.

Sometimes we make mistakes, so we'd just like to check whether you are using more than one account. Please take a moment to read through this information (http://www.englishforum.ch/announcements/4342-policy-multiple-usernames-changing-usernames.html), which outlines our policy.

It may explain why we have sent you this message.

We'd be grateful if you could clarify this situation for us. Please note: If we do not hear from you in 7 days, or by 29.06.2007, your account will be automatically banned. If this is an honest misunderstanding, please accept our apologies in advance

Thanks for your understanding and co-operation in this matter.I've still got a few minor tweaks like adding info to the admin reports that a user will get a PM and whether or not they will be banned or suspended, and how much time they have left.

Please also see screenshot attached to this post.

nocte
26 Jun 2007, 20:10
I have deliberately left out IP address and browser info from the reporting. Why? IP address is becoming more and more useless as a way to track users - that's the whole idea behind the cookie-based approach. Many users are logging on via proxies (for example when they are at work), or are using dynamically allocated address which are changing often. Including the IP really would be of limited use.

Imagine this situation (we accutally have this issue):

There’s a Club with a public internet terminal. Many forum users log in there.

The Club’s owner has an account too as well as many more fake accounts to promote his club.

Sometimes the owner uses his own PC – so we can be quite sure that in that case all multiple accounts are fake accounts.

Sometimes the owner uses the public PC – in that case we can’t distinguish between normal users and the owner’s fake accounts.

So let’s imagine the owner clears the browser cache on his private computer and logs in again with several of his accounts. In this case we have to wait and watch again for a while till we can guess whether he’s using the public or the private PC (in other words: if we can ban all multiple accounts or if there may be normal users among them)

Did I make myself clear? When public computers are involved it may be very comfortable to have system data as well.

NeitherSparky
27 Jun 2007, 01:19
Please also see screenshot attached to this post.

I'm NeitherSparky and I approve this mod. ;) Looks great!

Bravo
27 Jun 2007, 13:16
Ok everyone - it's time to show you some goodies of how this product looks so far. As I said earlier only the backend is done (a few minor tweaks to do), but you can see a few things in the meantime.

The program is keeping a running log. This is basically a development feature I put in to track how the flow of the program through the various bits. But actually it turned out kind of cool.

This is what the standard text looks like for an alert message raised to the admins:

(note that I have removed personal info like email address)

The users can also get a PM. This is what they look like on my system, but the standard version of the product will have different, more generic text:

I've still got a few minor tweaks like adding info to the admin reports that a user will get a PM and whether or not they will be banned or suspended, and how much time they have left.

Please also see screenshot attached to this post.

do you have a beta for this that can be used?
looks awesome nice job so far

mfyvie
27 Jun 2007, 13:21
do you have a beta for this that can be used?
looks awesome nice job so far

I understand that people will be very keen to get their hands on it. However, I have to make sure that everything runs properly on my system first, so I am taking extra care with this. If something doesn't work as designed it has the potential not just to alert the wrong users, but to wipe out or invalidate the existing cookie data that users of the existing version have been using.

Therefore I'm not prepared to let it out in the wild for a beta just yet until I have finished the few extra things I want to put into the backend. When it's just a matter of putting the front end on, then I'll probably let a few people who are willing to test use a beta.

I'll announce that on this thread when it is appropriate, but unfortunately I can't give a time for that at this stage :-(

mfyvie
29 Jun 2007, 11:29
Imagine this situation (we accutally have this issue):

There’s a Club with a public internet terminal. Many forum users log in there.

The Club’s owner has an account too as well as many more fake accounts to promote his club.

Sometimes the owner uses his own PC – so we can be quite sure that in that case all multiple accounts are fake accounts.

Sometimes the owner uses the public PC – in that case we can’t distinguish between normal users and the owner’s fake accounts.

So let’s imagine the owner clears the browser cache on his private computer and logs in again with several of his accounts. In this case we have to wait and watch again for a while till we can guess whether he’s using the public or the private PC (in other words: if we can ban all multiple accounts or if there may be normal users among them)

Did I make myself clear? When public computers are involved it may be very comfortable to have system data as well.

OK, I can see your point here. Problems like that are very hard to track down. Having the IP address or extra information about the PC might not help in a case like that - they might be identical installations. One thing you might like is the logging feature, if the accounts are being created or used in quick succession this is much easier to spot in a log than by searching for and examining the profiles of individual users.

I've extended a few extra things based on suggestions. IP address first on cookie and last on cookie is now reported, as well as each individual first / last IP for a user on a given cookie. The browser user agent string is stored and reported, as well as the list of accepted languages from that browser. Screen resolution is a little harder to capture and requires the use of javascript. I don't really want to go down that road at this stage just for that information.

nocte
29 Jun 2007, 18:29
I've extended a few extra things based on suggestions. IP address first on cookie and last on cookie is now reported, as well as each individual first / last IP for a user on a given cookie. The browser user agent string is stored and reported, as well as the list of accepted languages from that browser.thank you :)

gim
30 Jun 2007, 00:32
Very good! :D

mfyvie
30 Jun 2007, 15:29
Version 2.0 now ready for beta

Those of you who have expressed interest in beta testing the latest version I have been talking about will be pleased to know that it is ready for beta testing.

At this point only the "back end" is complete. But since the original version of this mod was only the back end, I can't see that anyone is going to complain because all the front end functions aren't complete!

If you would like to apply to become a beta tester the following conditions apply:


Be able to read and follow instructions
Upgrade to newer versions promptly if I send you an update
Be willing to give feedback about the mod
You should have a forum which gets quite busy. The busier and bigger the forum, the better this mod will be tested!
Be willing to tinker around with the various settings, cross-reference the log files and generally investigate what is going on. If you love catching out lying users as much as I do, you are going to have fun with this modYou can apply to become a beta tester by sending me an email (not a PM) via the send email function in my profile. That will be the first test of whether you can follow instructions, if you don't send an email, you failed that test :D.

I will then send you the file (it is still a single .xml file) and communication with the other beta testers will then be done by way of traditional email, since we don't need to clutter up this thread with the details.

Just to make something clear: Version 2.0 of this mod will be released separately. The original concept and a small amount of code from mpdev's original version have been used. I sought permission from him to redevelop and release this new version before I wrote a single line of code, and I reaffirmed that arrangement a few days ago just to be sure that I had his blessing.

Beta testers who will be upgrading from the original version will be happy to know that all the existing cookies out there (which I have named legacy cookies) will be imported and re-issued into the new format. This means that all that data you are currently tracking out there will not be lost!

I expect this beta test to last for about one month. Once I have enough testers I will not accept any more applications. I will update this thread when that happens.

Fungsten
30 Jun 2007, 19:55
You can apply to become a beta tester by sending me an email (not a PM) via the send email function in my profile. That will be the first test of whether you can follow instructions, if you don't send an email, you failed that test :D.

First bug. You are not accepting emails through your Profile. :eek:

mfyvie
30 Jun 2007, 20:17
First bug. You are not accepting emails through your Profile. :eek:

That's very strange, I just checked and my settings definitely allow email from other members! If for some reason it doesn't work then send me a PM with your email address.

oicyu8chu
30 Jun 2007, 21:20
Very useful. Appreciate this.

Choo

NeitherSparky
01 Jul 2007, 07:16
I won't volunteer for beta testing because I don't think I could get results back to you quickly, as I only get one to maybe five or six new registrants per day and of course most of them are not registering a second account. But I wish you luck, because I want this mod when it is released to the rest of us. :up:

Ceege
16 Jul 2007, 21:32
Any update on this?

mfyvie
17 Jul 2007, 13:47
Any update on this?

The update is that so far I've had only one beta tester from a very large forum. A few minor changes were made based on our experiences on that forum. I have had one other beta tester, but didn't hear from him again after I gave him the file.

Although my current beta tester is not using any of the advanced features (such as automatic notifications or automatic banning / suspending), I still feel that the code is quite solid. I haven't had time to write any of the front-end functions yet, but I hope to get to this in a couple of weeks.

bulbasnore
18 Jul 2007, 02:50
I dropped in to see if anyone was having the same problem I'm having... I have a user who gets detected everytime as "thisuser appears to be using the same computer as thisuser". The userid is identical when you click the linked user names. Corrupt cookie?

txspaderz
18 Jul 2007, 03:26
Email sent! Wish I had saw this earlier

txspaderz
27 Jul 2007, 01:12
Any update on this by any chance?

Razin
27 Jul 2007, 11:00
requesting for a update... 3.6.7:D

//Razin

k_v
27 Jul 2007, 11:40
it works on 367

MPDev
27 Jul 2007, 19:47
No update necessary; works fine.

dyna88
01 Aug 2007, 03:00
I dropped in to see if anyone was having the same problem I'm having... I have a user who gets detected everytime as "thisuser appears to be using the same computer as thisuser". The userid is identical when you click the linked user names. Corrupt cookie?

I have also seen this a few times with a certain user and I have also seen it show the same user 3 times like this..

user1 seems to have multiple personalities using user1 and user1 and user1 sharing the same computer.

I also just had this...

user1 seems to have multiple personalities using user2 and Admin and user1 sharing the same computer.

I know for a fact user1 did not login as Admin...lol

Lea Verou
04 Aug 2007, 09:30
Idea: It would be very useful to be able to exclude "user couples", not only users.
For instance, if I know for sure that user X and user Y login from the same computer but are different people (eg brothers), I will not want to put them in the whitelist, as each one of them might some day create a double account. So, I keep having new posts each time they login, which is quite annoying.
If that's difficult, what about just posting in the existing thread, instead of creating a new one, if the couple is the same?

Fungsten
04 Aug 2007, 23:58
Has anyone had problems with this and VB 3.6.8? Mine's not working at all.

troybtj
07 Aug 2007, 03:11
Installed. I like the whitelist idea! I'm running 3.6.7, so will wait on forum udpate for this one to be udpated unless others have it running on 3.6.8

Fungsten
07 Aug 2007, 19:33
I re-installed it on VB 3.6.8 since it wasn't working since the update. We shall see.

lazytown
10 Aug 2007, 08:08
Quote:
Originally Posted by bulbasnore https://www.vbulletin.org/forum/external/2011/11/11.gif (http://www.vbulletin.org/forum/showthread.php?p=1294165#post1294165)
I dropped in to see if anyone was having the same problem I'm having... I have a user who gets detected everytime as "thisuser appears to be using the same computer as thisuser". The userid is identical when you click the linked user names. Corrupt cookie?

I have also seen this a few times with a certain user and I have also seen it show the same user 3 times like this..

Quote:
user1 seems to have multiple personalities using user1 and user1 and user1 sharing the same computer.
I also just had this...

Quote:
user1 seems to have multiple personalities using user2 and Admin and user1 sharing the same computer.
I know for a fact user1 did not login as Admin...lol

Add me to the list. I've seen a user reported under the same account multiple times "usera" is sharing an account with "usera." I've also seen a user reportedly sharing an account with a user who hasn't logged in for years (before I installed the mod). The only possibility I can think of is a corrupt cookie unless there is a bug or incompatibility (I'm using 3.6.5).

-vissa

lazytown
10 Aug 2007, 08:09
Idea: It would be very useful to be able to exclude "user couples", not only users.
For instance, if I know for sure that user X and user Y login from the same computer but are different people (eg brothers), I will not want to put them in the whitelist, as each one of them might some day create a double account. So, I keep having new posts each time they login, which is quite annoying.
If that's difficult, what about just posting in the existing thread, instead of creating a new one, if the couple is the same?

This is an excellent suggestion as I don't want to completely whitelist a member either (but a pair/group would be fine).

-vissa

ozmazdaclub
10 Aug 2007, 17:29
mfyvie - Any Updates? Check PM also.

Zagis
10 Aug 2007, 21:31
I re-installed it on VB 3.6.8 since it wasn't working since the update. We shall see.It's not working for me ether on VB 3.6.8. Is it working after re-installation?

Fungsten
11 Aug 2007, 00:47
It's not working for me ether on VB 3.6.8. Is it working after re-installation?

Yes. But I'm also getting this issue with one of my users:

I dropped in to see if anyone was having the same problem I'm having... I have a user who gets detected everytime as "thisuser appears to be using the same computer as thisuser". The userid is identical when you click the linked user names. Corrupt cookie?

Zagis
15 Aug 2007, 09:42
It's not working on VB 3.6.8.Is there any plans for update MPDev?

MPDev
15 Aug 2007, 16:46
I am still on 3.67, so until I find the time to upgrade I won't be able to verify if there is a version specific issue.

firstrebel
16 Aug 2007, 08:48
I am on 3.6.8 and this works OK.

Bob