(2018-07-07, 06:06 PM)Wires Wrote: [ -> ]To be blunt, there's not a lot an administrator can do to stop account sharing. It's more about analysis and catching them. I've seen admins block VPNs, forcing 2FA and making use of 1 IP per registration setting in MyBB. From there you want to look at typing patterns, user behaviour and IP patterns to determine if users are account sharing.
It's troublesome, but users will always find a way to account share.
Yep... that statement pretty much sums it up.
It's virtually impossible to stop account sharing.
As of now, I do not know of any forum websites that have the capability to track down account sharing.
There may be some out there, but most likely they aren't "advertising" their ability to hinder account sharing.
Addendum:
Have you looked into modifying your .htaccess file?
Here's a partial list of my .htaccess file that blocks some of those annoying spam bots.
## BAN BOTS ##
SetEnvIfNoCase User-Agent "Twiceler" bad_bot
SetEnvIfNoCase User-Agent "VoilaBot BETA 1.2" bad_bot
SetEnvIfNoCase User-Agent "ADmantX Platform Semantic Analyzer" bad_bot
SetEnvIfNoCase User-Agent "Sogou web spider/3.0" bad_bot
SetEnvIfNoCase User-Agent "psbot" bad_bot
SetEnvIfNoCase User-Agent "GrapeshotCrawler" bad_bot
SetEnvIfNoCase User-Agent "libwww-perl/5.805" bad_bot
SetEnvIfNoCase User-Agent "Java/1.5.0_11" bad_bot
SetEnvIfNoCase User-Agent "Exabot" bad_bot
SetEnvIfNoCase User-Agent "bot/1.0" bad_bot
SetEnvIfNoCase User-Agent "panscient.com" bad_bot
SetEnvIfNoCase User-Agent "Charlotte/1.0b" bad_bot
This obviously not an exhausive list of all of the spam bots, but the list does block a lot of them from coming into my website.
In that same .htaccess file, I have a list of banned IP addresses from certain countries.
Shown below is a partial list of IP addresses that are banned.
#this list includes network data on the following countries:
#GHANA
<Limit GET POST>
order allow,deny
deny from 41.57.116.0/22
deny from 41.57.192.0/18
deny from 41.66.192.0/18
deny from 41.74.80.0/20
deny from 41.75.48.0/20
deny from 41.76.24.0/21
deny from 41.77.64.0/21
Maybe this can be used to stop account sharing?
If you have caught those account sharing accounts using the same IP addresses, you can list them similar to the way I have it listed above.
Something to think about.