MokoConsulting/MokoJoomCommunity
1
0
Fork 0
Code Issues 78 Pull Requests Packages Projects Releases 1 Wiki Activity

[MokoCBRegGuard] [FEATURE] Configurable per-flag risk weights #18

New Issue
Open
opened 2026-06-02 19:31:34 +00:00 by jmiller · 0 comments
jmiller commented 2026-06-02 19:31:34 +00:00
Owner
Copy Link
Copy Source

Migrated from MokoCBRegGuard#22

Feature Description

Expose per-flag weight overrides as plugin parameters so administrators can tune the risk scoring to their community's threat profile.

Problem or Use Case

Flag weights are currently hardcoded in RegGuardHelper::calculateRiskScore() (SFS = 3, IP_FREQUENCY = 2, RDNS_HOSTING = 1, etc.). Different communities have very different threat profiles:

  • An age-restricted site needs BIRTHDAY_AGE_LOW weighted higher
  • A site that allows VPN use wants RDNS_HOSTING weighted lower
  • A site heavily targeted by SFS-listed spammers may want even higher SFS weights

There is no way to adjust these without modifying source code.

Proposed Solution

Add per-flag weight parameters to the plugin configuration:

  • weight_sfs_ip (default: 3)
  • weight_sfs_email (default: 3)
  • weight_ip_frequency (default: 2)
  • weight_birthday_future (default: 2)
  • weight_birthday_invalid (default: 2)
  • weight_birthday_age_low (default: 2)
  • weight_rdns_hosting (default: 1)
  • weight_ip_localhost (default: 1)
  • weight_birthday_suspicious (default: 1)
  • weight_birthday_year_old (default: 1)
  • weight_birthday_age_high (default: 1)

Fall back to current hardcoded defaults when a param is not set (backward compatible).

Alternative Solutions

  • Adjust risk thresholds instead (coarser control, does not change relative flag importance)
  • Provide preset profiles like strict / moderate / lenient (less flexible)

Benefits

  • Who: Any administrator wanting to fine-tune risk scoring for their specific community
  • Problem solved: Eliminates need to modify source code for scoring adjustments
  • Value: Makes the plugin adaptable to diverse community types and threat landscapes

Implementation Details (Optional)

  • New params in cbregguard.xml (one per flag type)
  • Modify RegGuardHelper::calculateRiskScore() to accept params and read weights from config
  • Maintain current defaults as fallbacks for backward compatibility
  • Group weight params in a dedicated XML fieldset for clean UI

Relevant Standards

  • Code quality standards

Checklist

  • I have searched for similar feature requests before creating this one
  • I have clearly described the use case and benefits
  • I have considered alternative solutions
  • This feature aligns with the project's goals and scope
> Migrated from MokoCBRegGuard#22 ## Feature Description Expose per-flag weight overrides as plugin parameters so administrators can tune the risk scoring to their community's threat profile. ## Problem or Use Case Flag weights are currently hardcoded in `RegGuardHelper::calculateRiskScore()` (SFS = 3, IP_FREQUENCY = 2, RDNS_HOSTING = 1, etc.). Different communities have very different threat profiles: - An age-restricted site needs `BIRTHDAY_AGE_LOW` weighted higher - A site that allows VPN use wants `RDNS_HOSTING` weighted lower - A site heavily targeted by SFS-listed spammers may want even higher SFS weights There is no way to adjust these without modifying source code. ## Proposed Solution Add per-flag weight parameters to the plugin configuration: - `weight_sfs_ip` (default: 3) - `weight_sfs_email` (default: 3) - `weight_ip_frequency` (default: 2) - `weight_birthday_future` (default: 2) - `weight_birthday_invalid` (default: 2) - `weight_birthday_age_low` (default: 2) - `weight_rdns_hosting` (default: 1) - `weight_ip_localhost` (default: 1) - `weight_birthday_suspicious` (default: 1) - `weight_birthday_year_old` (default: 1) - `weight_birthday_age_high` (default: 1) Fall back to current hardcoded defaults when a param is not set (backward compatible). ## Alternative Solutions - Adjust risk thresholds instead (coarser control, does not change relative flag importance) - Provide preset profiles like strict / moderate / lenient (less flexible) ## Benefits - **Who:** Any administrator wanting to fine-tune risk scoring for their specific community - **Problem solved:** Eliminates need to modify source code for scoring adjustments - **Value:** Makes the plugin adaptable to diverse community types and threat landscapes ## Implementation Details (Optional) - New params in `cbregguard.xml` (one per flag type) - Modify `RegGuardHelper::calculateRiskScore()` to accept params and read weights from config - Maintain current defaults as fallbacks for backward compatibility - Group weight params in a dedicated XML fieldset for clean UI ## Relevant Standards - [x] Code quality standards ## Checklist - [x] I have searched for similar feature requests before creating this one - [x] I have clearly described the use case and benefits - [x] I have considered alternative solutions - [x] This feature aligns with the project's goals and scope
jmiller added the pending: testingregguard labels 2026-06-02 19:52:02 +00:00
Sign in to join this conversation.
Labels
Clear labels
admin-ui
Admin interface work
 bug: critical
Critical bug blocking functionality
 enhancement
Feature enhancement or improvement
 membership
Membership/subscription related
 obsolete
No longer applicable after repo consolidation
 payments
Payment system related
 pending: testing
Feature built, needs testing before close
 regguard
Registration guard related
 social-login
Social login related
bug
Something is not working
 chore
Maintenance and housekeeping
 documentation
Documentation improvements
 enhancement
Improvement to existing functionality
 feature
New feature or request
 pending: dependency
Blocked by another issue or external dependency
 pending: deployment
Tested and approved, awaiting deployment to production
 pending: design
Needs UI/UX or architecture design before implementation
 pending: documentation
Feature works, needs documentation/wiki update
 pending: feedback
Awaiting feedback or decision from stakeholder
 pending: review
Implementation complete, awaiting code review
 pending: testing
Feature implemented but not yet tested
 priority: critical
Must fix immediately
 priority: high
Should fix soon
 priority: low
Nice to have
 priority: medium
Fix when convenient
 refactor
Code restructuring without behavior change
 roadmap
Planned feature or enhancement tracked on the roadmap
 scope: client
Client-specific work
 scope: dolibarr
Dolibarr modules and customizations
 scope: infrastructure
Server, CI, backups, monitoring
 scope: joomla
Joomla templates and extensions
 scope: waas
MokoWaaS platform
 security
Security vulnerability or hardening
 status: blocked
Waiting on external dependency
 status: duplicate
Duplicate of another issue
 status: in-progress
Being worked on
 status: needs-review
Ready for review
 status: wontfix
Will not be addressed
No labels pending: testing regguard
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoJoomCommunity#18
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?