Username fraud

10metreh · 2009-01-08, 19:39

A user has created the username XYZZY for himself/herself/itself. I guess the real Xyzzy (God) considers this identity fraud/terrorism. Is it possible to make sure no two users can have the same username except for capitals from now on?

J.F. · 2009-01-08, 19:59

God must be in a tolerant mood, not to smite that impostor.

Xyzzy · 2009-01-08, 20:05

There is a provision in the control panel to prevent certain words from being used in a user name. We had assumed that it was case insensitive but apparently it is not. Lesson learned.

Hopefully the individual in question will register again using a different name.

2009-01-09, 23:55

It's not a caps issue.

Xyzzy · 2009-01-10, 23:44

Quote:

It's not a caps issue.

The system has no setting to prevent multiple registrations using the same name. (Well, it might, but we have no idea where it is.) We just have a list of words that are blacklisted. Your user name is not on that list.

ixfd64 · 2009-01-11, 01:28

Are you allowing usernames with non-ASCII characters?

If so, it is possible that the impostor is using some sort of Cyrillic alphabet.

Xyzzy · 2009-01-11, 02:18

The forum allows UTF-8 stuff. I suppose that means all sorts of weird characters.

10metreh · 2009-01-11, 10:28

Could someone please get rid of my clone? I have no part in that post. There needs to be a setting to prevent that from happening!

Xyzzy · 2009-01-11, 15:19

Quote:

Could someone please get rid of my clone? I have no part in that post. There needs to be a setting to prevent that from happening!

The clone seems so well behaved.

mdettweiler · 2009-01-11, 22:41

Aha! I think I've figured out how whoever was responsible for this created the duplicated 10metreh. (And no, it wasn't me.

)

First I used a Perl script to compare each character of the 10metreh doppleganger's username with the respective character typed from my keyboard, which of course are the same as the ones in the real 10metreh's username. The script located the first "е" as being different from a standard "e" as found on my keyboard (a standard model purchased in the U.S.).

I then Googled to find a Unicode character lookup website, copied and pasted the first "е" from the doppelganger's username into the lookup field, and came up with this:

http://www.fileformat.info/info/unic...0435/index.htm

Apparently, the character used is a "CYRILLIC SMALL LETTER IE", Unicode hex code 0435. It's outwardly indestinguishable from the regular "e", which has a hex code of 006D, but Unicode-aware computer programs will see them as completely different characters.

In a short while I will attempt to create a second mdettweiler, and make a post here with it, as a proof of concept. Of course, in my particular case the difference should be easy to spot since one is a moderator (hence green username) and the other is not, but it should nonetheless suffice for the purpose of this demonstration.

Max

Batalov · 2009-01-11, 23:28

It is a common problem on some boards. (Cloning and look-alike nicknames are problematic.)

One of the solutions is to disallow mixed alphabets, but even then
РОМРА (in Cyrillic) looks like POMPA.

What you may want to implement is a variant of the http://en.wikipedia.org/wiki/Soundex algorithm (but not as severe similarity compression as the real Soundex).
All letters that look like "e" should be mapped to latin "e".
All letters that look like "P" should be mapped to latin "P".
Greek capital M, Cyrillic М, and latin M --> mapped to "M".
etc. Some letters which are barely distinguishable should be mapped to their latin counterparts, too, e.g. 0, Cyrillic and Greek O --> to "O".
Cyrillic З --> to "3", etc.

Then wrap it into a function and if f(Nickname2) == f(Nickname1), then Nickname2 should be disallowed at the attempted creation.

My 2 cents.

P.S. Oh yes, and even more strictly if Lowercase(f(Nickname2)) == Lowercase(f(Nickname1))...

2009-01-08, 19:39	#1
10metreh Nov 2008 100100010010₂ Posts	Username fraud A user has created the username XYZZY for himself/herself/itself. I guess the real Xyzzy (God) considers this identity fraud/terrorism. Is it possible to make sure no two users can have the same username except for capitals from now on?

2009-01-11, 10:28	#8
10metreh Nov 2008 4422₈ Posts	Could someone please get rid of my clone? I have no part in that post. There needs to be a setting to prevent that from happening! Last fiddled with by 10metreh on 2009-01-11 at 10:32

2009-01-11, 23:28	#11
Batalov "Serge" Mar 2008 Phi(4,2^7658614+1)/2 2×4,663 Posts	It is a common problem on some boards. (Cloning and look-alike nicknames are problematic.) One of the solutions is to disallow mixed alphabets, but even then РОМРА (in Cyrillic) looks like POMPA. What you may want to implement is a variant of the http://en.wikipedia.org/wiki/Soundex algorithm (but not as severe similarity compression as the real Soundex). All letters that look like "e" should be mapped to latin "e". All letters that look like "P" should be mapped to latin "P". Greek capital M, Cyrillic М, and latin M --> mapped to "M". etc. Some letters which are barely distinguishable should be mapped to their latin counterparts, too, e.g. 0, Cyrillic and Greek O --> to "O". Cyrillic З --> to "3", etc. Then wrap it into a function and if f(Nickname2) == f(Nickname1), then Nickname2 should be disallowed at the attempted creation. My 2 cents. P.S. Oh yes, and even more strictly if Lowercase(f(Nickname2)) == Lowercase(f(Nickname1))... Last fiddled with by Batalov on 2009-01-11 at 23:31

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
election fraud?	davar55	Lounge	4	2016-07-03 13:56
Electronic voting fraud vs. the old-fashioned type	cheesehead	Soap Box	22	2011-10-26 19:50
More Bank Fraud	R.D. Silverman	Soap Box	2	2009-09-21 18:54
username and password in url?	stars10250	PrimeNet	30	2009-07-02 14:13
How to consolidate 2 Username?	stuymer	PrimeNet	4	2004-02-29 21:33

2009-01-08, 19:59	#2
J.F. Jun 2008 1001000₂ Posts	God must be in a tolerant mood, not to smite that impostor.

2009-01-08, 20:05	#3
Xyzzy "Mike" Aug 2002 79·101 Posts	There is a provision in the control panel to prevent certain words from being used in a user name. We had assumed that it was case insensitive but apparently it is not. Lesson learned. Hopefully the individual in question will register again using a different name.

2009-01-09, 23:55	#4
10mеtreh 2³·5·7·23 Posts	It's not a caps issue.

2009-01-11, 01:28	#6
ixfd64 Bemusing Prompter "Danny" Dec 2002 California 2364₁₀ Posts	Are you allowing usernames with non-ASCII characters? If so, it is possible that the impostor is using some sort of Cyrillic alphabet.

2009-01-11, 02:18	#7
Xyzzy "Mike" Aug 2002 79×101 Posts	The forum allows UTF-8 stuff. I suppose that means all sorts of weird characters.

2009-01-11, 22:41	#10
mdettweiler A Sunny Moo Aug 2007 USA (GMT-5) 3×2,083 Posts	Aha! I think I've figured out how whoever was responsible for this created the duplicated 10metreh. (And no, it wasn't me. ) First I used a Perl script to compare each character of the 10metreh doppleganger's username with the respective character typed from my keyboard, which of course are the same as the ones in the real 10metreh's username. The script located the first "е" as being different from a standard "e" as found on my keyboard (a standard model purchased in the U.S.). I then Googled to find a Unicode character lookup website, copied and pasted the first "е" from the doppelganger's username into the lookup field, and came up with this: http://www.fileformat.info/info/unic...0435/index.htm Apparently, the character used is a "CYRILLIC SMALL LETTER IE", Unicode hex code 0435. It's outwardly indestinguishable from the regular "e", which has a hex code of 006D, but Unicode-aware computer programs will see them as completely different characters. In a short while I will attempt to create a second mdettweiler, and make a post here with it, as a proof of concept. Of course, in my particular case the difference should be easy to spot since one is a moderator (hence green username) and the other is not, but it should nonetheless suffice for the purpose of this demonstration. Max