Skip to Content Skip to Menu

Discouraging Login Sharing

  • djsdjs
  • djsdjs
  • OFFLINE
  • Posts: 7
  • Thanks: 0
  • Karma: 4
12 years 9 months ago #192267 by djsdjs
Discouraging Login Sharing was created by djsdjs
I am wondering if CB Subs has features to discourage login sharing.

I know that complete prevention is impossible.

However, login status messages that show the user id's last 5 logins and the Ip addresses would send a message that it is being paid attention to.

Would also be nice to have reports and even email alerts for the administrator to detect when login id sharing might be occurring.

Is there anything like this in the product or anything like this planned?

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
12 years 8 months ago #192343 by krileon
Replied by krileon on topic Re: Discouraging Login Sharing
Currently there's no security feature to prevent login sharing. We may implement something similar to other sites that track number of IPs and block based off a predefined count being reached. It's something to review for CB 2.0. I'm not guaranteeing it'll be implemented, but I'm not saying it definitely isn't either; it's a maybe. For now there has been a couple of workarounds implemented. For example using CB Auto Actions to store ip address to a field upon login then on subsequent login matching those IPs to see if they're different, etc..


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • djsdjs
  • djsdjs
  • OFFLINE
  • Posts: 7
  • Thanks: 0
  • Karma: 4
12 years 8 months ago #192386 by djsdjs
Replied by djsdjs on topic Re: Discouraging Login Sharing
It would be great to simply start with a login message that shows the user that this is being tracked. I have put in a request with the developer of Saxum IP logger to support a login message features that is CB compatible (they already have last 5 for admins and it includes location): saxum2003.hu/en/downloads/category/2-iplogger.html

Also, I don't think I would ever want auto-blocking - rather I would want a report to the admin about suspicious activity that is based on some basic analytics parameters.

For instance, broadly differing geographic locations in the same day. Over 10 logins in a single day (even if from the same IP). The same page being viewed over 50 times in a week.

Maybe a *configurable* auto-email warning them that their activity appears to be login sharing and they should contact the admin with an explanation.

Would like the reporting to also be threshold based - so I don't even have to review a report if there is nothing concerning.

Thresholds for auto-emails and admin report emails should be independent.

I am VERY interested in MAXIMUM discouragement with NO ACTUAL intervention (due to the administrative overhead).

If I reduce login sharing by 70% just by login messages and warning emails - I'm good for the day.

If I start auto-blocking accounts just due to a change in IP address, I make the system into a burden for myself and my customers by - a) Creating ticked customers who are disabled due to normal behaviors like accessing from home, work and then a business trip, b) manual re-enablements AFTER ticked customers contact me.

Also, I feel this should be a part of CBSubs, not core CB, so you are getting revenue for helping those of us who bought the component retain earned revenue. It is very justifiable to limit this feature to CBSubs from a business perspective.

Depending on what I charge for my memberships, this feature could be a huge money *generator* and it would definitely be a differentiating feature compared to other Joomla membership management systems.

Tagline: "CBSubs saves more money than it costs by discouraging Login Sharing."

I would just beg you that it focus on "communicating to the user that the system is monitoring for user id sharing" rather than an over-simplistic disablement that costs me much more admin work and costs me my "customer satisfaction" - I can't buy "Customer Sat" back easily.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
12 years 8 months ago #192586 by krileon
Replied by krileon on topic Re: Discouraging Login Sharing
It's something we're considering for core of CB for CB 2.0. We'll be reviewing out similar popular systems (Joomla extensions or otherwise) and seeing what works best. For now there is no such solution that I am aware of, but you could sort of rig something together with CB Auto Actions and a database table quite easily.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • beat
  • beat
  • ONLINE
  • Posts: 2169
  • Thanks: 463
  • Karma: 352
12 years 7 months ago #195925 by beat
Replied by beat on topic Re: Discouraging Login Sharing
I believe there are also already Joomla-level plugins that allow something like that.

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

Please Log in or Create an account to join the conversation.

  • Richard67
  • Richard67
  • OFFLINE
  • Posts: 30
  • Thanks: 1
  • Karma: 0
12 years 4 months ago - 12 years 4 months ago #204474 by Richard67
Replied by Richard67 on topic Re: Discouraging Login Sharing
Hi Krileon,

krileon wrote: For example using CB Auto Actions to store ip address to a field upon login


How can I get the user's current IP address within auto actions?

I have set up an email auto action which sends me an email when a user has successfully logged in on my site.

I've read the substitution usage tutorial but still have no idea how I can get the IP address.

Can you give me a hint?

Is somewhere a complete list of substitution variables available?

Best regards

Richard67
Last edit: 12 years 4 months ago by Richard67.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum