MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Requests > Is there anything to stop account sharing?
Full Version: Is there anything to stop account sharing?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

ShadowOne

2018-07-07, 10:16 AM
As stated in title.

The most general fix would be having a plugin that assigns each account to a Country, based on the registration IP. This cannot be changed. If somebody logs inside the account from another Country, the account gets banned.

What can be done to make this more efficient?

effone

2018-07-07, 01:48 PM
May try 2FA that requires login code to be entered generated in an app (Authy or Google Authenticator) installed in personal mobile only...

Serpius

2018-07-07, 02:36 PM
(2018-07-07, 01:48 PM)effone Wrote: [ -> ]May try 2FA that requires login code to be entered generated in an app (Authy or Google Authenticator) installed in personal mobile only...

If you're referring to this PLUGIN, this has not been reviewed by the MyBB staff.

So, I don't know if it's safe to use on my website.

linguist

2018-07-07, 03:52 PM
What good would that do against people using anonymizers or VPNs or against people from the same country sharing accounts?

ShadowOne

2018-07-07, 04:03 PM
(2018-07-07, 01:48 PM)effone Wrote: [ -> ]May try 2FA that requires login code to be entered generated in an app (Authy or Google Authenticator) installed in personal mobile only...

That's an idea but code can still be shared, and up to my knowledge there's not yet a public plugin for 2FA that works with Authy or Gauth

(2018-07-07, 03:52 PM)linguist Wrote: [ -> ]What good would that do against people using anonymizers or VPNs or against people from the same country sharing accounts?

That's why I'm looking for smarter ideas.

Wires

2018-07-07, 06:06 PM
To be blunt, there's not a lot an administrator can do to stop account sharing. It's more about analysis and catching them. I've seen admins block VPNs, forcing 2FA and making use of 1 IP per registration setting in MyBB. From there you want to look at typing patterns, user behaviour and IP patterns to determine if users are account sharing.

It's troublesome, but users will always find a way to account share.

Serpius

2018-07-07, 08:58 PM
(2018-07-07, 06:06 PM)Wires Wrote: [ -> ]To be blunt, there's not a lot an administrator can do to stop account sharing. It's more about analysis and catching them. I've seen admins block VPNs, forcing 2FA and making use of 1 IP per registration setting in MyBB. From there you want to look at typing patterns, user behaviour and IP patterns to determine if users are account sharing.

It's troublesome, but users will always find a way to account share.

Yep... that statement pretty much sums it up.

It's virtually impossible to stop account sharing.

As of now, I do not know of any forum websites that have the capability to track down account sharing.

There may be some out there, but most likely they aren't "advertising" their ability to hinder account sharing.

Addendum:

Have you looked into modifying your .htaccess file?

Here's a partial list of my .htaccess file that blocks some of those annoying spam bots.

## BAN BOTS ##
SetEnvIfNoCase User-Agent "Twiceler" bad_bot
SetEnvIfNoCase User-Agent "VoilaBot BETA 1.2" bad_bot
SetEnvIfNoCase User-Agent "ADmantX Platform Semantic Analyzer" bad_bot
SetEnvIfNoCase User-Agent "Sogou web spider/3.0" bad_bot
SetEnvIfNoCase User-Agent "psbot" bad_bot
SetEnvIfNoCase User-Agent "GrapeshotCrawler" bad_bot
SetEnvIfNoCase User-Agent "libwww-perl/5.805" bad_bot
SetEnvIfNoCase User-Agent "Java/1.5.0_11" bad_bot
SetEnvIfNoCase User-Agent "Exabot" bad_bot
SetEnvIfNoCase User-Agent "bot/1.0" bad_bot
SetEnvIfNoCase User-Agent "panscient.com" bad_bot
SetEnvIfNoCase User-Agent "Charlotte/1.0b" bad_bot

This obviously not an exhausive list of all of the spam bots, but the list does block a lot of them from coming into my website.

In that same .htaccess file, I have a list of banned IP addresses from certain countries.

Shown below is a partial list of IP addresses that are banned.

#this list includes network data on the following countries:
#GHANA
<Limit GET POST>
order allow,deny
deny from 41.57.116.0/22
deny from 41.57.192.0/18
deny from 41.66.192.0/18
deny from 41.74.80.0/20
deny from 41.75.48.0/20
deny from 41.76.24.0/21
deny from 41.77.64.0/21

Maybe this can be used to stop account sharing?
If you have caught those account sharing accounts using the same IP addresses, you can list them similar to the way I have it listed above.

Something to think about.
MyBB Community Forums > Extensions > Plugins > Plugin Requests > Is there anything to stop account sharing?