Detecting Multiple Accounts

[Mike Bobbitt]

I have a fairly regular issue with users creating multiple accounts, whether it's to slip past a ban, lost password, or simple confusion.

To try to detect these, I've put together a script which lists every IP address that has seen more than one account post from it. (Script attached)

It's not pretty, and you will need to customize it a bit, but it should do the trick. Please note that this page takes some serious processing to build, so you may want to run it infrequently.

Each IP address is clickable, taking you to the forum "track IP" page for that address. If an account still exists, it's name will be clickable as well, taking you to the user's profile.

Note that since this page is not protected, you should either remove it when not in use, or place it under a password protected web directory. (It could allow users to get address info for each other, if they know you're using it.)

Enjoy, and good hunting!

Edit: Slightly updated, to allow easier setup. (DB/table names have been turned into variables.)

Edit 2: Updated to work with 1.1.

Edit 3: Updated for SMF 2... I can't un-attach the 1.1 version, so here is a link to the SMF 2 script: http://army.ca/deleteme/multiple_accts_php.txt

[azuregenesis]

i would like a step by step on how this is setup

thank you.

i'm getting these error messages:

Warning: Cannot modify header information - headers already sent

and

SELECT command denied to user

[Mike Bobbitt]

You need to edit the script to ensure the path to your SSI.php needs to be correct:

Code Auswählen Erweitern

require('/var/www/html/forums/SSI.php');

And just below that, change these settings if required (the defaults may work, as they are the SMF defaults):

Code Auswählen Erweitern

// Database name
$accounts_db_name="smf";

// Database tables
$db_message_table="smf_messages";
$db_member_table="smf_members";

Once that's done just browse to multiple_accounts.php and it should display the info.

[azuregenesis]

ah. i see. forgot to edit the databse settings..

thank you!

[joker]

I'm getting: Error writing file '/tmp/MYWwQGzY' (Errcode: 28)
Any hint?

[[Unknown]]

I'm getting: Error writing file '/tmp/MYWwQGzY' (Errcode: 28)
Any hint?

Getting Errors From MySQL?

-[Unknown]

[Mike Bobbitt]

Sounds like you're on your way, but let me know if you need any assistance.


Cheers
Mike

[joker]

Thanks [Unknown] , but there is enough db/diskspace. That's why I asked here.

[[Unknown]]

Joker, this means the /tmp partition is full.  Don't check your space, just tell your host.  This is not your fault, and you can't fix it.

-[Unknown]

[joker]

I run my own server, the /tmp IS empty and the error remains the same. 

[[Unknown]]

Then perhaps tmp_table_size is larger than the available space in the /tmp partition.  Check "df".

-[Unknown]

[rojamaia]

i believe that this one is going to be useful.  however, i can't really understand how i would edit the database info as you have posted.   can you post an example?

mine is now like this:

Code Auswählen Erweitern

// Database name
$accounts_db_name="smf";

// Database tables
$db_message_table="smf_messages";
$db_member_table="smf_members";

// Make sure table name includes database name
$db_message_table="`$accounts_db_name`.`$db_message_table`";
$db_member_table="`$accounts_db_name`.`$db_member_table`";

require('http://catbalogan.com/discussion/SSI.php');


my database name is "smf"
i'm not sure how to the rest, although i know that my member and messages tables are simply "smf_members" and "smf_messages"

[Mike Bobbitt]

I've re-jigged the script a bit so it's easier to configure. Sounds like all you should have to do is update the system path to SSI.php. It can't be a URL, it has to be a filesystem path, such as /var/www/html/forums/SSI.php or /home/malinaobenny/www/forums/SSI.php.


Cheers
Mike

[rojamaia]

i already configured it as:

/malinaobenny/discussion/SSI.php


then i ran the PHP, but all i got is a blank white page

[Mike Bobbitt]

That looks like it's not a complete path, check your Settings.php and use the value found in $boarddir as the directory. (Just append /SSI.php to that.)

[rojamaia]

i did, and it was only '/discussion' there, so i set it into '/discussion/SSI.php' but it didn't work either

Code Auswählen Erweitern


require('discussion/SSI.php');

// Database name
$accounts_db_name="smf";

// Database tables
$db_message_table="smf_messages";
$db_member_table="smf_members";

// Make sure table name includes database name
$db_message_table="`$accounts_db_name`.`$db_message_table`";
$db_member_table="`$accounts_db_name`.`$db_member_table`";

[Mike Bobbitt]

You're missing a leading /:

require('/discussion/SSI.php');

If that's the right path, it should work. Anything in your web server error logs?

[rojamaia]

it now works, but this is what i got:

You have an error in your SQL syntax near 'OR ID_BOARD = 0)
ORDER BY addDeny DESC, ID_BOARD' at line 5
File: /discussion/Sources/Load.php
Line: 435

[Mike Bobbitt]

Works ok for me on a couple of test boards... have you made any changes to Load.php? Any mods installed?

[rojamaia]

yes, i had some mods

this is the code in the vicinity of line 435:

Code Auswählen Erweitern

$request = db_query("
SELECT permission, addDeny
FROM {$db_prefix}member_permissions
WHERE ID_MEMBER = $ID_MEMBER
AND (ID_BOARD = $board OR ID_BOARD = 0)
[color=red]ORDER BY addDeny DESC, ID_BOARD", __FILE__, __LINE__);[/color]
$remove = array();
while ($row = mysql_fetch_assoc($request))
{
if (empty($row['addDeny']))
$removals[] = $row['permission'];


[Mike Bobbitt]

Looks like you need help from the mod or SMF folks from here... I'd be tempted to revert back to a clean SMF install, as something that has been changed is causing problems.

[jrstark]

This works great!

Any tips on separating out all the AOLers?

[Mike Bobbitt]

Unfortunately if a lot of people appear to be sharing the same IP pool (such as AOL) there's not too much that can be done other than manaul investigation of suspicious accounts. The script itself is pretty simplistic in it's approach.

[SleePy]

i get this error "Hacking attempt..."
while running it. any ideas?
i think i got all the information correct. i copied most of it like  the db_name out of my settings.php and i put it in the same directory as forums so my require is just require('SSI.php');
this is on my test site so i dont need to worry about it right now.

[Sheepy]

May be we can extend the search fulltext index function to do an word statistic for each users, one of the techniques of stylometry?

[unrelenting]

I get:

CGI Error

The specified CGI application misbehaved by not returning a complete set of HTTP headers.

[jerm]

Open up a new topic. Bumping posts that are a year old doesn't help.
Nor does your post help at all.

[vconcept]

I get this error :

Multuple Accounts
This script discovers users who have potentially created multiple accounts by checking for IP addresses where multiple accounts have been seen.


Fatal error: Call to undefined function: show_topofpageads() in /home/www/xxxxxxxxxxxxxxxxx/web/smf/Sources/Load.php(1724) : eval()'d code on line 202

[Davy-D]

This script is soooooo nice. Exactly what I have been looking for.
Keep up the great work.

Davy-D

[mersindost]

I get this error :

Multuple Accounts
This script discovers users who have potentially created multiple accounts by checking for IP addresses where multiple accounts have been seen.


Fatal error: Call to undefined function: show_topofpageads() in /home/www/xxxxxxxxxxxxxxxxx/web/smf/Sources/Load.php(1724) : eval()'d code on line 202

Yes.İ have same problem 

require('/var/www/html/forum/SSI.php'); What i can write here?

my site url: www.videotr.net/forum   (linux host) /domains/videotr.net/public_html/forum/

[Dreadfull]

Mike Bobbitt, edit line 16

Code Auswählen Erweitern


echo "<h1>Multuple Accounts</h1>\n";

should be

Code Auswählen Erweitern


echo "<h1>Multiple Accounts</h1>\n";


just a thought .. also, great job.

[JungleBunny]

Got the same error

Fatal error: Call to undefined function: show_topofpageads() in /var/www/****/****/BORD/Sources/Load.php(1792) : eval()'d code on line 147

Line 147 says:

// Most database systems have not set UTF-8 as their default input charset.
        if (isset($db_character_set) && preg_match('~^\w+$~', $db_character_set) === 1)
                db_query("
                        SET NAMES $db_character_set", __FILE__, __LINE__);


Any ideas

Would be a fantastic script.

[cmcmom]

I just wanted to explain what I do for this without any code.  When I get a new applicant I trace the IP before acceptance to see if any other posts or user has that IP.  This would have saved a LOT of headache and heartache at my old board.

[kasparh]

i know this is a very old topic, but the script is fascinating.
I'm tryng to extend the use of the script to another group that not is administrator.
How can i do that ?
I find this piece of code on the script, but i don't know how to personalize with another group name for example "guard"

   // Set this to restrict access. Currently only admins are allowed.
   $isstaff = $user_info['is_admin'];
}

if (!$isstaff) {
   echo "ERROR: You are not permitted to run this script.";
   if ($armyca) {
      include "$include_dir/footer.php";
   }
   exit (1);
}

any help very much appreciated

[Mike Bobbitt]

Basically you can set $isstaff = TRUE for any user you want to have access. Some sample code that might help pick out a specific group:

Code Auswählen Erweitern

// Detect group membership
function getGroups($userid = 0) {

global $context;
global $smcFunc;

// If no userid was passed in, check the currently logged in user
if (!$userid) {
$userid = $context['user']['id'];
global $isadmin;
}

$isstaff = 0;

// Staff group IDs
$staffgroup_ids = "1,2,20,21";

// Reformat staff IDs into regex
$staffgroups = "(" . join("|", explode(",", $staffgroup_ids)) . ")";

$result = $smcFunc['db_query'] ('', "SELECT m.id_group, m.additional_groups FROM {db_prefix}members AS m WHERE m.id_member = {int:id_member}", array (
'id_member' => $userid
));

while ($res = $smcFunc['db_fetch_assoc'] ($result)) {
$groups = $res['id_group'];
if ($res['additional_groups']) {
$groups .= "," . $res['additional_groups'];
}

$groups = ",$groups,";

// Staff
if (preg_match("/,$staffgroups,/", $groups)) {
$isstaff = 1;
} else {
$isstaff = 0;
}
}
$smcFunc['db_free_result'] ($result);

return $isstaff;
}

In this example, anyone in group numbers 1, 2, 20 or 21 will have access to the tool.

[kimcarter14]

That's quite unfair for other members here. And what's the reason why they registered multiple accounts here?

[Mike Bobbitt]

Not sure I understand... What is unfair?