Request to list approval date in Admin Member list in 2.1.4

Started by Cal O'Shaw, March 01, 2025, 03:18:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Cal O'Shaw

March 01, 2025, 03:18:31 PM
Hello,

We've had issues lately on our site and it would help to locate "sleeper" accounts if the Admin version of the Member List included a column for when the account was approved.  We can then see when the account was approved, last time logged on, and number of posts.  This can help us determine how long an account has been present, level of activity, and act accordingly.

A 'last logged in' date of 'never' doesn't tell us if the account was approved yesterday or a year ago.

Thanks

Doug Heffernan

#1
March 01, 2025, 04:11:27 PM
Quote from: Cal O'Shaw on March 01, 2025, 03:18:31 PMHello,

We've had issues lately on our site and it would help to locate "sleeper" accounts if the Admin version of the Member List included a column for when the account was approved.  We can then see when the account was approved, last time logged on, and number of posts.  This can help us determine how long an account has been present, level of activity, and act accordingly.

A 'last logged in' date of 'never' doesn't tell us if the account was approved yesterday or a year ago.

Thanks

As per the rules, is this a paid request or a free one?

Cal O'Shaw

#2
March 01, 2025, 11:37:28 PM
Free, I hope.  I volunteer for the site as well as having no idea what a MOD would cost (which would likely be out of my pocket).

This request does rest on the hope that the approval date is recorded with the member record.  If it isn't, then I guess the request dies right here.

However, if the approval date is recorded, then it is possible to know when a member actually was allowed to access the site and determine if the member was just approved or had been approved quite some time before.

Once the member has logged on for the first time we have the number of days to use as one of the points to determine if they should be deleted.  Unfortunately, if they haven't, a logged on date of 'Never' is very hard to translate to a number of days.

I suppose an alternative would be to replace 'Never' with the days since approval, perhaps in () or with a * after it to indicate the days are since approval rather than logged on.

We think we might be dealing with possible "sleeper" members, accounts created but left unused until they attempt an attack from inside our site (we've had that before, as I would imagine other sites have), so this would help us find possible sleepers who haven't logged in yet, as well as people who registered and never bothered to come back.

Hope this helps explain my request a bit better.

Thanks

GL700Wing

#3
March 02, 2025, 02:21:47 AM
Quote from: Cal O'Shaw on March 01, 2025, 11:37:28 PMThis request does rest on the hope that the approval date is recorded with the member record.  If it isn't, then I guess the request dies right here.
The approval date/time is not currently stored in the members table so even though a new column could be added to this table it could only be populated (and data displayed) for members whose accounts are approved after (and while) the mod is installed.
Life doesn't have to be perfect to be wonderful ...

Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Doug Heffernan

#4
March 02, 2025, 05:12:30 AM
Quote from: Cal O'Shaw on March 01, 2025, 11:37:28 PMWe think we might be dealing with possible "sleeper" members, accounts created but left unused until they attempt an attack from inside our site (we've had that before, as I would imagine other sites have), so this would help us find possible sleepers who haven't logged in yet, as well as people who registered and never bothered to come back.

To attack your site how? Do you mean by way of spamming? If not, can you please elaborate a little further?

Cal O'Shaw

#5
March 02, 2025, 07:59:57 PM
The attacker software keeps going after "TopicSolved::hooks". 
The attackers are listed as 'Guest' in the error log, and no IPs are listed, but we assume they spoof the IPs.

There are a pair of errors in each variant of attack:
(I've replaced our address with '***')
-- Hook call: function "TopicSolved::hooks" in file /home2/***/public_html/forum/Sources/Class-TopicSolved.php could not be called.
-- The callable TopicSolved::hooks could not be called.

Each pair of attacks are using different ways to attack:
http://***/forum/index.php?action=admin;area=logs;sa=errorlog;desc
http://***/forum/index.phpts=1740960225
http://***/forum/index.php?
http://***/forum/index.php?action=keepalive;time=1740960189458
http://***/forum/index.php?action=register
http://***/forum/index.php?topic=4373.msg762556;topicseen

etc...

I became aware of the issue about a week or so ago.  It runs nonstop, with roughly 1 to 120 seconds between attacks.  I have deleted well over 30,000 of these error message pairs so far.

We were at v1.1.3 of Topic Solved but I updated to v1.3.1 to see if that fixed it, but did not.

I checked the support topic for Topic Solved but no one has reported a similar problem.  So I have not yet removed Topic Solved as we've found it useful for years with no issues involving it until now.

About the same time we started getting a rash of member requests, and then a few started posting in Cryllic or had a signature that was a URL in Cryllic.  We have been deleting those members and stopped approving any new members until this is solved.  And this is why I was hoping the approval date was recorded, so we could check accounts approved around the same time.


Since the approval date is not saved in 2.1.4 or earlier, could my request for a MOD be changed to a request the approval date be recorded in a later version of SMF, perhaps 2.1.5?

Hope this is useful.

Doug Heffernan

#6
March 03, 2025, 06:06:08 AM Last Edit: March 03, 2025, 06:34:34 AM by GL700Wing
Quote from: Cal O'Shaw on March 02, 2025, 07:59:57 PMThe attacker software keeps going after "TopicSolved::hooks". 
The attackers are listed as 'Guest' in the error log, and no IPs are listed, but we assume they spoof the IPs.

There are a pair of errors in each variant of attack:
(I've replaced our address with '***')
-- Hook call: function "TopicSolved::hooks" in file /home2/***/public_html/forum/Sources/Class-TopicSolved.php could not be called.
-- The callable TopicSolved::hooks could not be called.

Each pair of attacks are using different ways to attack:
http://***/forum/index.php?action=admin;area=logs;sa=errorlog;desc
http://***/forum/index.phpts=1740960225
http://***/forum/index.php?
http://***/forum/index.php?action=keepalive;time=1740960189458
http://***/forum/index.php?action=register
http://***/forum/index.php?topic=4373.msg762556;topicseen

I don't know why you reached that conclusion, but those messages you posted have nothing to do with an attack.

Quote from: Cal O'Shaw on March 02, 2025, 07:59:57 PMSince the approval date is not saved in 2.1.4 or earlier, could my request for a MOD be changed to a request the approval date be recorded in a later version of SMF, perhaps 2.1.5?

As mentioned above by @GL700Wing, the custom field will take affect immediately after the mod installation, regardless of the forum version.

GL700Wing

#7
March 03, 2025, 07:07:36 AM
Quote from: Cal O'Shaw on March 01, 2025, 11:37:28 PMHowever, if the approval date is recorded, then it is possible to know when a member actually was allowed to access the site and determine if the member was just approved or had been approved quite some time before.
At present when the memberlist is viewed by a forum admin via 'Administration Center > Members > View all Members' only the date the member was last online is shown.

If you want this listing to also show the date/time the member applied to join the forum (ie, their registration date) you can modify the ./Sources/ManageMembers.php file as follows

Find:
Code Select
'last_active' => array(
Add before:
Code Select
'date_registered' => array(
'header' => array(
'value' => $txt['date_registered'],
),
'data' => array(
'function' => function($rowData) use ($context)
{
return timeformat($rowData['' . 'date_registered' . '']);
},
),
'sort' => array(
'default' => 'date_registered DESC',
'reverse' => 'date_registered',
),
),

You cannot view this attachment.
Life doesn't have to be perfect to be wonderful ...

Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Cal O'Shaw

#8
March 05, 2025, 08:44:19 PM
Quote from: Doug Heffernan on March 03, 2025, 06:06:08 AMI don't know why you reached that conclusion, but those messages you posted have nothing to do with an attack.
Then any idea what is causing it?  We made no code changes, such as installing new MODs, in months. 
The errors are reported as coming from outside (Guest). 
Guests are only allowed to see a login panel.
We've been using Topic Solved for years, so I'm concerned about what might happen if I uninstall the MOD.

When I logged in today, this was top of the list (I had emptied the log 3 days ago):
You cannot view this attachment.

I do appreciate you looking at this.

Cal O'Shaw

#9
March 05, 2025, 08:58:50 PM
GL700Wing,

THANK YOU!

That will help me in weeding out member accounts that have sat for a longer than reasonable time for the member to have received the acceptance email and yet not log in.

I wonder if this might be useful for others trying to weed out unused accounts, maybe as a MOD or future feature?  I know it's a single insert (and I'll be applying it shortly), but the knowing of where to insert and what to insert may be unknown to other admins, or they may not want to risk damaging their sites.

Again, thank you so much for your help!

Cal O'Shaw

#10
March 07, 2025, 11:00:22 PM
GL700Wing,

Again, thank you.  I've discovered accounts that were registered in 2023 that had never logged in that I was finally able to see with your help!

GL700Wing

#11
March 08, 2025, 03:44:02 AM
Quote from: Cal O'Shaw on March 07, 2025, 11:00:22 PMGL700Wing,

Again, thank you.  I've discovered accounts that were registered in 2023 that had never logged in that I was finally able to see with your help!
You're welcome.

I find it interesting that the 'Date Registered' information is shown on the main memberlist (ie, the one users can see) but not on the memberlist that admins see in the Administration Center (mind you, seems it's always been that way) and while I know that admins can search for members based on their registration date that's not as convenient as just already having it displayed.
Life doesn't have to be perfect to be wonderful ...

Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas
Print
Go Up Pages1
User actions
Advertisement: