[PC101]

Hey y'all,

I've got a real problem and I can't figure out how these buggers are doing it! Last week I had a guy sign up and create TWO accounts with the same name, address, same IP, and everything. Thinking it was a fluke, I deleted member account #327 and told him not to create duplicate accounts. After learning he's been doing this all over the place, I went a head and banned him!

PC101 Computer Forum View Profile #327 : BebopVT <-- I just deleted this one.
PC101 Computer Forum View Profile #328 : BebopVT

Now, it's happening again...

PC101 Computer Forum View Profile #333: Shemker394 -- shemker394[at]freestuffo1(dot).com
PC101 Computer Forum View Profile #334: Shemker394 -- shemker394[at]freestuffo1(dot).com

And I have one more guy who email is coming from the same .com as these first two except for the last digit...

PC101 Computer Forum View Profile #335 : LClan439 -- lclan439[at]freestuffo2(dot).com

Note too... all three are coming from the same IP addres too!

I've placed these last three under miserable user rather than delete them so maybe y'all can see what I mean and tell me what's going on.

The other thing that's weird is my "Multiple Login Detector" hack is NOT sending me alerts!

Any feedback will be appreciated!

Lyte

[Get Shorty]

Are they putting spaces at the end of the username?

[bmelton]

The following phrases mean the same thing visually, but are different programmatically:
Jelly
JellALT+0121

It looks like you're using an older version of vBulletin, so you might want to upgrade. Might have been a parsing update since 3.5.3 that fixes the ability to do that.

Just a guess, but that's the most likely candidate I can think of.

[PC101]

I don't think it's spacing thing because I tried to create two accounts of the same name, with one using a space.... didn't work.

Plus! When I tried to use the same email twice, VB wouldn't allow it.

What exactly does this mean... " Might have been a parsing update since 3.5.3 that fixes the ability to do that."

I'm running 3.5.3 right now. It isn't that old... is it??

Lyte

[Get Shorty]

Quote:

Originally Posted by PC101

I'm running 3.5.3 right now. It isn't that old... is it??

Not terribly, but why not upgrade to the latest and greatest?

[bmelton]

3.5.3 isn't THAT old, no, but age isn't really a factor in software so much as what's been fixed since your version. If the reason they're able to sneak duplicates past you is because you're using an older version, then it's worth it to upgrade I would think.

[Adam]

y = y
^ ^
alt+121 y

Is what bmelton was saying and I am not sure if they can do this in 3.6 but it is worth a shot to atleast check in a test board, right?

[RedMatrix]

I know for certain that version 3.6 offers you a place to place ASCII codes you want to block, such as the ASCII code for a space. Any letter is either a key press, or alt+ code. To the naked eye, they are the same, but to software, they are different. [just like the numbers above the QWERTYUIOP are different than the 10-key pad]

If the culprit used an ASCII code in their email and name, then the software thinks they are different.

[PC101]

Morning y'all,

This is VERY educational. Thanks! I wasn't aware of this design flaw. I do think it's odd that Jelsoft would not make preventing this sneaky registration standard on all their software. I'll have to see if there's a way to prevent this on 3.5.3 without upgrading to 3.6

I've been considering upgrading but I'm told it would mean loosing my skin and possibly some of my mods. I don't have the time or money to retool the whole friggin' site!

Thanks agian!

Lyte

[bmelton]

Versioning is something that happens as they fix bugs. In an ideal world, vBulletin 1.0 would have all the security features of 3.6, but in reality, they moved from 1.0 to 1.1, 1.2, 2.0, etc. because they were fixing things in the process.