PrinceOfAbyss Posted August 27, 2012 Author Posted August 27, 2012 Guys, give me your opinion please: First of all, the upcoming version of the app will give you the option to choose upon the action taken when a member who already uses an account on a particular machine tries to register a new account. You will be able to choose among the following Prohibit the new account registration Proceed with the registration and automatically ban the newly created member No action at all (registration will complete) So, suppose this scenario: You permit a member to create multiple accounts from the same machine. So, they try to create a second one. The script will search for their machine ID in the members table to see whether it finds members with the permission to allow multiple accounts. Now. both accounts share the same "machine ID", meaning that the same machine ID will be tied to both accounts (remember that the first is allowed to create multiple accounts). Now he tries to creates a third account. The script will search for their machine ID in the members table to see whether it finds members with the permission to allow multiple accounts (like it did when the second account was created as well). But now it finds one account with the permission to create multiple accounts, and another one (the second) that doesn't have that permission set. Should the script need at least one account with the special permission, or all of them to have it?
Tsvi Posted August 27, 2012 Posted August 27, 2012 Guys, give me your opinion please: First of all, the upcoming version of the app will give you the option to choose upon the action taken when a member who already uses an account on a particular machine tries to register a new account. You will be able to choose among the following Prohibit the new account registration Proceed with the registration and automatically ban the newly created member No action at all (registration will complete) So, suppose this scenario: You permit a member to create multiple accounts from the same machine. So, they try to create a second one. The script will search for their machine ID in the members table to see whether it finds members with the permission to allow multiple accounts. Now. both accounts share the same "machine ID", meaning that the same machine ID will be tied to both accounts (remember that the first is allowed to create multiple accounts). Now he tries to creates a third account. The script will search for their machine ID in the members table to see whether it finds members with the permission to allow multiple accounts (like it did when the second account was created as well). But now it finds one account with the permission to create multiple accounts, and another one (the second) that doesn't have that permission set. Should the script need at least one account with the special permission, or all of them to have it? Well, it's a really good idea to make this selection so we can prohibit a new registration of a new user that has/had multiple account, but I think if you do that you should enter this registration try to the report either, so the administrator will know that this "bad" user is trying to come back so he'll open his eyes for further registrations... (It'll be useful for sure!) And about the scenario you presented, There will be an option to permit a member to make multiple accounts like excluding them or something like that? If so, I think that final result is that he'll be able to create his third account. You should collect all the 3 users with the same "Machine ID", and check if at least one of them have this special permission to create multiple accounts so it'll allow him to create his third account. :)
PrinceOfAbyss Posted August 27, 2012 Author Posted August 27, 2012 I remember your "obsession" with the notification system :P So, for the scenario part of your answer, you propose that at least one of the 1,2, x accounts should suffice to have that permission for a 3rd, 4th, 5th account to be created. That's good (easier for me to program :P). Let's wait for a couple more answers though! :D
Tsvi Posted August 27, 2012 Posted August 27, 2012 I remember your "obsession" with the notification system :tongue: So, for the scenario part of your answer, you propose that at least one of the 1,2, x accounts should suffice to have that permission for a 3rd, 4th, 5th account to be created. That's good (easier for me to program :tongue:). Let's wait for a couple more answers though! :D Heh it's a good obsession ;) But anyway, as you remember what i asked you if you can do is to send an automatic report to the Report Center in the Moderator ACP that would be awesome. Anyways, about the scenario, it's the most sense and logical what I've said, because tell you the truth, it's not a feature that many will use (I think!), the only thing that come to my mind is to let an administrator that permission to create multiple accounts for testing purposes, I can't see any other idea of a situation that I, personally, will you such feature. Maybe it'll be useful for others, what I can add on this subject is that you can add a text field to this feature that you'll be able to tell your application the number of maximum multiple accounts that this "Machine ID" can register, and it'll kind of resolve your question about those scenarios ;)
Kurt De Pauw Posted August 27, 2012 Posted August 27, 2012 Okay my opinion, I think nobody should be abel to create more then one account But there should be an option to exlude certain computer Id's, or groups. Like an admin that is testing or so
Tsvi Posted August 27, 2012 Posted August 27, 2012 By the way, as a reminder, it would be a very good if you'll add a button for every report in the ACP so can just remove the line for good, so it won't exclude any users or ban them, because at the moment the only way you can make this log to disappear is to Exclude specific user, or to ban him. It's not so practical i think, there are times that I need only to hide the log for good without taking any action on those duplicate users. And... it's simple to implement ;P
AlexJ Posted August 27, 2012 Posted August 27, 2012 By the way, as a reminder, it would be a very good if you'll add a button for every report in the ACP so can just remove the line for good, so it won't exclude any users or ban them, because at the moment the only way you can make this log to disappear is to Exclude specific user, or to ban him. It's not so practical i think, there are times that I need only to hide the log for good without taking any action on those duplicate users. And... it's simple to implement ;P This can be useful when sometimes you use login as user to resolve the user specific issue and then this mod starts marking you as duplicate user and you just can't get rid of it from ACP. Also cleaner way to indicate duplicates would be nice. Example: User A registers from PC A.Now user B registers from PC A Then under ACP it should link User A to User B. Now user C registers from PC A then it should all link up user A, B and C. Right now is left and right blocks kind of structure. Would it be possible to make it: User A and all it's duplicate account under it ? Then please give option to either remove the notification without taking any action as suggested by Tsvi or to mark it as complete unless and until User D registers from PC A.
PrinceOfAbyss Posted August 27, 2012 Author Posted August 27, 2012 Some quick bad news: Log in as member feature is programmed in such a way that it's impossible to distinguish a normal member login from this "admin" login. At this point, anyone who uses this feature will continue to receive those falls duplicates. I'll contact the devs for a second opinion, but 99,9% that's what they'll tell me Oh, the above is true, unless you are willing to perform a single file edit...
3DKiwi Posted August 28, 2012 Posted August 28, 2012 I'm happy to do a file edit. Looking forward to the new version. This is a great mod and essential if you want to keep tight control over members having multiple accounts and also to keep banned members coming back.
Michel_72 Posted August 28, 2012 Posted August 28, 2012 Log in as member feature is programmed in such a way that it's impossible to distinguish a normal member login from this "admin" login. Correct me if I'm wrong, but this information being logged is not the problem. The problem is it being displayed as a duplicate. You could make an exclude list (using member ID numbers) within your apps settings that would exclude certain members (certain admins) from being displayed as duplicate. That's what we are looking for or not? Cheers, Michel
PrinceOfAbyss Posted August 28, 2012 Author Posted August 28, 2012 Correct me if I'm wrong but anything that is logged, is logged to later be displayed. What's the purpose of running such an app if you hide duplicates? :P But anyway, exclusions exist even in the current version of the app. The difference is that they are not completely hidden, but instead moved to the exclusion list.
Michel_72 Posted August 28, 2012 Posted August 28, 2012 Well, the goal is to hide admin's that 'login as member' or not? If I could put myself (being an admin that in fact regularly logs in as a member) in some permanent exclude list, I wouldn't get a miles long excludes list like I am seeing now ;) Cheers, Michel
PrinceOfAbyss Posted August 28, 2012 Author Posted August 28, 2012 That's exactly what I don't understand from what you say. Before you talked about an exclusion list. There is one. Now you talk about a permanent exclusion list. Is the current exclusion list a temporary one? Be more specific please about what you mean. It seems there is currently no way to automatically distinguish a login through ACP from a normal login. So, such logins will be logged by the app as duplicates of the admin performing the login. But then, even in the current version, you can click one the green (+) button and add the duplicate in the exclusion list.
Michel_72 Posted August 28, 2012 Posted August 28, 2012 I thought I was pretty specific at first ;) I am an admin on my site. When members have problems with their account, I test that myself by pressing 'log in as member'. In that case I show up as a 'duplicate' of that specific member. Since I do that a lot, that is pretty annoying because I have to press exclude every time and that exclude list grows to huge proportions. What I would want is to permanently prevent myself from being displayed as a duplicate (of any member), so I don't have to exclude myself every time I 'log in as member' and there will be no more useless entries in the excluded duplicates list. Cheers, Michel
PrinceOfAbyss Posted August 28, 2012 Author Posted August 28, 2012 The new version will allow you to exclude members in a way that they will not produce any more duplicate alerts etc...
Michel_72 Posted August 28, 2012 Posted August 28, 2012 Thanks. Are you also putting click-able links to the member profiles on the member names? Cheers, Michel
PrinceOfAbyss Posted September 5, 2012 Author Posted September 5, 2012 One teaser image of the new release!!! :D Next week it will be in Marketplace, only few details are left...
Tsvi Posted September 6, 2012 Posted September 6, 2012 Very nice. But have to ask something... something I still don't understand. What are those statistics means? I mean what are those unique machines and those unique members? Never paid so attention to it. In the unique members it counts all the members that are logging in since you installed this application and it checks somehow if the member is logging only from his own computer or he's using multiple computers. I got that right?
Kurt De Pauw Posted September 11, 2012 Posted September 11, 2012 Hello again ! today I noticed a false postive. I'm 100% sure it is a false postive. because it is my account and I didn't logged in with the other users account. Regards
PrinceOfAbyss Posted September 11, 2012 Author Posted September 11, 2012 @Kurt: Do you have a second installation of IPB on the same server (such as your live board in /forum and a dev board in /dev)? @Tsvi: I'm currently building the modCP part of the app. Once I ginish this, I'll update the topic and give a full example of the app! Stay tuned mate! :)
Kurt De Pauw Posted September 11, 2012 Posted September 11, 2012 No only one IPS community running on a shared webshosting
PrinceOfAbyss Posted September 17, 2012 Author Posted September 17, 2012 Let me write a quite detailed "manual" of the app with some images: Here you see the Overview (finalized this time, not just a teaser) page in ACP. As you see, I've added a button that allows you to include the ignored members (the members that are excluded from being reported as duplicates) in the stats.About the stats themselvesUnique Machines is the number of different computers that have accessed the community (by members, not visitors) • With One Member is the subset of the computers above, where only one member per computer was signed in the community • With Multiple Members is the subset of computers, where multiple members per computer were signed in (and this actually is the duplicates stats)Unique Members is the number of members that have accessed the community • From One Machine is the subset of members that have used only one device to access the community • From Multiple Machines is the subset of members that have used more than one device to access the community (don't confuse this with duplicate members, this only means that a member has used two or more computers to access the board ie from one at work and from another at home) Here you see the same Overview page, but with the option to include ignored members in the stats. See how this affects them? Ie, in this case, there is 1 "ignored" member that has used more than 1 account to access the community. So, the total Unique Machines increased from 1 to 2, and the With Multiple Members field became 1 from 0. Similarly, the member stats are affected as well. Here you see the Settings page of the app. You can set the action to take when a "guest" (who already has an account) tries to register another one. You can also set the error message a "guest" will see when they try to register a new account and the above setting is set to prohibit multiple accounts (there is no error message when the above setting is set to allow the registration but ban the new member) Finally, you can define who can access the ModCP plugin (more on the plugin later). You can choose among admins and mods (setting is Moderators), or just admins (setting is Administrators) Here you see the alert in board index which indicates that fraud (by that I mean duplicate) registration(s) were detected. What you see here as an alert is very much related to the setting about the action to take when such registrations are detected. Ie. if you have set that setting to Proceed with account registration, no alert will be displayed, and actually no log will be created about the fraud registration either. On the other hand, if you have set the setting to completely Prohibit the account registration only those cases will be counted, and additionally the alert itself will be a hyperlink to the appropriate tab (Prohibited Registrations) in ModCP. Finally, if if you have set the setting to Register the account but immediately mark it as banned then the alert will hyperlink to that tab (Banned Registrations) in ModCP and the counter will count only those cases. Have in mind that those registration attempt logs are persistent, meaning that they don't "expire" or get automatically pruned by some task. You will have to manually delete them in ModCP to make them disappear. And this is what I mean by "the counter will count only the relevant cases". Ie. let's say that you have set the setting to Prohibit the account registration and 5 attempts were logged. Those will produce the alert 5 Fraud Registrations, which will automatically link to the Prohibited Registrations tab. Now, you visit that tab in ModCP, but don't delete the logs. The alert will keep being displayed until you delete the logs. Now, without deleting them, you change the setting to Register the account but immediately mark it as banned, and 10 such attempts are detected. The alert now will be 10 Fraud Registrations, and will automatically link to the Banned Registrations tab in ModCP. The 5 prohibited cases are not deleted, they just don't appear anymore in the alert, as the alert follows the setting. Similarly, if you now change the setting to Proceed with account registration the alert will go off, but the 15 (5 prohibited + 10 banned) logs will be there in their respective tabs until you manually delete them. Here you see the Banned Registrations tab, after following the alert hyperlink See here how the counter decreases as I delete some logs? Now, this may trick you. You see in the alert 79 Fraud Registrations, but in the logs you only count 9 entries. This is because meanwhile I've changed the setting to Prohibit registrations, and now the counter counts the prohibited registrations (the inactive tab), not the banned ones. This is indeed where the alert refers to... The Prohibited Registrations. Again, if I started deleting those, the counter would decrease, but would not go off until I deleted them all, or set the setting to Proceed with account registration. And this is it. The hard part that required very much and careful thinking and coding has gone. Now, I have to recode the duplicates and exclusions management pages in ACP (both are super easy). So, by the end of this week, the new release will be completed. Then, I think I'll test it in my own live board for some days, and after that I'll update the file in Marketplace! :smile: I forgot to mention that both tabs in ModCP, match aesthetically and functionally very well with the rest of the tabs in ModCP. Ie. IP addresses in both tabs are hyperlinks to the IP Lookup section (admin IPs are not disclosed), and member usernames use hovercards. Particularly for the Banned Registrations tab, hovercards are also used for the created (and banned) members in the log entries as well.
Tsvi Posted September 17, 2012 Posted September 17, 2012 Awesome! ;) But... What do you mean by that... "Ie. if you have set that setting to Proceed with account registration, no alert will be displayed, and actually no log will be created about the fraud registration either." If we want to let them proceed with that registrations, we do need to see an alert and so the log will be logged about that, because that I won't be able to know about a new fraud account, And we haven't done anything if that's the case. So what's the idea?
PrinceOfAbyss Posted September 17, 2012 Author Posted September 17, 2012 The idea is that the registration alert is tied to and controlled by the registration setting in a scheme like this: Allow normal registration -> No log, no alert Allow registration and ban the the new member -> Log the event, display the alert, and show the event in Banned Registrations Prohibit the registration -> Log the event, display the alert, and show the event in Prohibited Registrations Sorry, this is how this part of the app will work. Of course that does NOT affect the duplicate member logging in ACP. I mean, even if you have set it to allow normal registration and an existing member creates a new account, although an alert won't be triggered in the public side, you will see the existing member and new account as duplicates in ACP.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.