MokoConsulting/MokoJoomCommunity
1
0
Fork 0
Code Issues 78 Pull Requests Packages Projects Releases 1 Wiki Activity

[MokoCBRegGuard] [FEATURE] Username pattern detection #23

New Issue
Open
opened 2026-06-02 19:31:35 +00:00 by jmiller · 0 comments
jmiller commented 2026-06-02 19:31:35 +00:00
Owner
Copy Link
Copy Source

Migrated from MokoCBRegGuard#17

Feature Description

Add regex-based username analysis to detect bot-generated or suspicious usernames during registration.

Problem or Use Case

Spam bots often use formulaic usernames — random character strings, sequential numbers, keyboard walks, or known bot prefixes (user12345, test9876). The plugin currently performs no username analysis.

Proposed Solution

Add configurable regex patterns that flag suspicious usernames:

  • Excessive consecutive digits
  • All-consonant or all-vowel strings
  • Known bot-name patterns (configurable regex list)
  • Very short usernames (< 3 chars)

Generate a USERNAME_SUSPICIOUS flag (weight: 1) when a match is found.

Alternative Solutions

  • Manual moderator review of all usernames (does not scale)
  • Rely on other checks to catch bots (misses username-only signals)

Benefits

  • Who: Sites with high bot registration volume
  • Problem solved: Catches spam bots that pass IP and email checks but use obviously fake usernames
  • Value: Additional signal layer with zero external API dependency

Implementation Details (Optional)

  • New params in cbregguard.xml: enable_username_check, username_suspicious_patterns (textarea, one regex per line)
  • New RegGuardHelper::checkUsername() static method
  • Default patterns provided but fully customizable

Relevant Standards

  • Security best practices
  • Code quality standards

Checklist

  • I have searched for similar feature requests before creating this one
  • I have clearly described the use case and benefits
  • I have considered alternative solutions
  • This feature aligns with the project's goals and scope
> Migrated from MokoCBRegGuard#17 ## Feature Description Add regex-based username analysis to detect bot-generated or suspicious usernames during registration. ## Problem or Use Case Spam bots often use formulaic usernames — random character strings, sequential numbers, keyboard walks, or known bot prefixes (user12345, test9876). The plugin currently performs no username analysis. ## Proposed Solution Add configurable regex patterns that flag suspicious usernames: - Excessive consecutive digits - All-consonant or all-vowel strings - Known bot-name patterns (configurable regex list) - Very short usernames (< 3 chars) Generate a `USERNAME_SUSPICIOUS` flag (weight: 1) when a match is found. ## Alternative Solutions - Manual moderator review of all usernames (does not scale) - Rely on other checks to catch bots (misses username-only signals) ## Benefits - **Who:** Sites with high bot registration volume - **Problem solved:** Catches spam bots that pass IP and email checks but use obviously fake usernames - **Value:** Additional signal layer with zero external API dependency ## Implementation Details (Optional) - New params in `cbregguard.xml`: `enable_username_check`, `username_suspicious_patterns` (textarea, one regex per line) - New `RegGuardHelper::checkUsername()` static method - Default patterns provided but fully customizable ## Relevant Standards - [x] Security best practices - [x] Code quality standards ## Checklist - [x] I have searched for similar feature requests before creating this one - [x] I have clearly described the use case and benefits - [x] I have considered alternative solutions - [x] This feature aligns with the project's goals and scope
jmiller added the pending: testingregguard labels 2026-06-02 19:52:03 +00:00
Sign in to join this conversation.
Labels
Clear labels
admin-ui
Admin interface work
 bug: critical
Critical bug blocking functionality
 enhancement
Feature enhancement or improvement
 membership
Membership/subscription related
 obsolete
No longer applicable after repo consolidation
 payments
Payment system related
 pending: testing
Feature built, needs testing before close
 regguard
Registration guard related
 social-login
Social login related
bug
Something is not working
 chore
Maintenance and housekeeping
 documentation
Documentation improvements
 enhancement
Improvement to existing functionality
 feature
New feature or request
 pending: dependency
Blocked by another issue or external dependency
 pending: deployment
Tested and approved, awaiting deployment to production
 pending: design
Needs UI/UX or architecture design before implementation
 pending: documentation
Feature works, needs documentation/wiki update
 pending: feedback
Awaiting feedback or decision from stakeholder
 pending: review
Implementation complete, awaiting code review
 pending: testing
Feature implemented but not yet tested
 priority: critical
Must fix immediately
 priority: high
Should fix soon
 priority: low
Nice to have
 priority: medium
Fix when convenient
 refactor
Code restructuring without behavior change
 roadmap
Planned feature or enhancement tracked on the roadmap
 scope: client
Client-specific work
 scope: dolibarr
Dolibarr modules and customizations
 scope: infrastructure
Server, CI, backups, monitoring
 scope: joomla
Joomla templates and extensions
 scope: waas
MokoWaaS platform
 security
Security vulnerability or hardening
 status: blocked
Waiting on external dependency
 status: duplicate
Duplicate of another issue
 status: in-progress
Being worked on
 status: needs-review
Ready for review
 status: wontfix
Will not be addressed
No labels pending: testing regguard
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoJoomCommunity#23
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?