Signup abuse detection and blocking

xF2 Add-on Signup abuse detection and blocking 1.8.12

No permission to download
Compatible XF Versions
2.0, 2.1, 2.2
Visible Branding
Additional Requirements
php 5.6+
Outbound HTTP & DNS requests
socket_create support for portscaning
Number Domain Install
From (simple) multiple accounts detection to isp/connection fingerprinting with score-based moderating/rejecting logic. These are very effective low-hanging fruit at reducing spam.

Supports migration configuration from the following XF1 add-ons;
  • TPU Spam Detect
  • Alter ego Detector
See the FAQ Known Issues for known limitations. This is not a turn-key solution, and each site may require customization!

For multiple account detection, supports reporting to reports/threads. And will send reports to the same report/thread. To send to thread you must select the "Multi-account to thread" extra.

For connection fingerprinting more additional information is collected and recorded on the account.

Note; Configuration defaults are conservative, aimed at blocking VPNs and proxies. There are a large number of configuration options for this add-on!

Multiple account handling permissions
  • Bypass multiple account checking
  • Can enable / disable alerting for user
  • Can enable / disable alerting for log
  • View reportings.
Use Multiple account to thread add-on to send multiple account reports to threads.

Per-user whitelist:

Multiple account logs per-user:
Related Resources
Known issues
  • This is not a turn-key solution for blocking spam, but rather a toolkit.
    • On banning a spammer, it is recommended to check the "User Registration Record" for that user and check the signup IP to see if it is associated with an ISP which provides VPN, hosting, or proxy services but not residential services
      If so, you may wish to consider adding that ISP to be grey listed (ie auto-moderate) or blacklisted (auto-reject).
  • "Multi-account to thread" does not support merging threads, it will generate a new report thread if it's target is merged or hard deleted.
  • There may be GDPR considerations due to the additional information collected and exposed to staff. This information is currently not purged when the account is deleted.
  • Geo location information is not an exact science, and VPN providers are adversarial at ensuring ip-geo location may not be accurate
Last update
5.00 star(s) 2 ratings

More resources from ENXF NET

Latest updates

  1. 1.8.12 - Bugfix update

    Fix 'no javascript' not working for external account association Fix multi-account detection not...
  2. 1.8.3 - Bugfix update

    Remove unexpectedly wide locking on user table during multi-account detection
  3. 1.8.2 - Bugfix update

    Fix admincp multi-account list pagination not generating correct links

Latest reviews

good addon for large forums .
This add-on has greatly reduced the amount of spam we get over @ our site. Prior to installing this, multiple spam accounts per week would slip through and be allowed to post spam threads. 99% of them are caught by the advanced filtering rules in this mod.