xF2 Add-on Signup abuse detection and blocking 1.15.6

Fixes:

• Fix "Duplicate entry 'xx-0' for key 'report'" when a race condition occurs and the record is saved but not reported
• Only delete "User registration log" entry for a deleted user if "Full delete for GDPR" option is set

New features:

• Rework "ignore for future events" option to actively exclude that set of users detected with those detection details rather than passively being ignored
• Run Xenforo's spam checker over user profile fields and custom fields on signup
• Add option "Registration spam phrases" (default empty)
• Add option "Link Spam checker: Registration default action" (default moderate)
• Add option "Request Website on signup" (default disabled)
• "Email domain moderation" ie require explicit approval by domain and moderate unknown email domains
  • Add option "Non-allowed email action" (default none)
  • New permission; "[SignupAbuse] Allow approving email domains" (default not granted)
  • Import/export as CSV or XML
• Allow banning an email domain from the approval queue
  • New permission; "[SignupAbuse] Allow banning email domains" (default not granted)
• Allow banning an ISP/ASN from the approval queue
  • New permission; "[SignupAbuse] Allow banning ASN" (default not granted)
• Work-around for a user approval design flaw in XenForo where a user may not have yet had their email confirmed.
  
  When manual approval is configured, there are two flows which result in the use user ending in the approval queue;
  • register => spam checker says moderate => approval queue. No email confirmation.
  • register => email confirm => approval queue. Has email confirm.
• The only hint on which flow has triggered is the user registration record has a non-approved status.
  The "Require email confirmation (always notifies)" feature is now flagged enabled if it detects the user's email likely has not been confirmed and avoids the email_confirm => moderated => email_confirm loop that could potentially happen

• Fix that disabling "Use RIPE HTTP API for ASN lookup" didn't actually work which could cause unexpected slow downs

• Fix phrase reporting when a report was re-opened due to an unknown multi-account

• Fix filter suppressing previously seen multi-account pairs re-opening a resolved report was checking the wrong id
• Add option to log reason for why a report is bumped (default enabled)

• Be explicit about legacy detection events (ie log a detection method of 'legacy'). Not a retroactive change
• Order per-account multi-account list by most recent event first
• Improve robustness of 'Permit Duplicate Report' to not suppress reporting of new multi-account pairs

• Improve onboarding process by hooking XF's periodic 'keep-alive' beacons, and checking that the tracking cookie is set
• Improve reliability of tracking multiple accounts in some cases
• Fix "Add to group"/"Reject" direct rules not working for multi-account actioning on registration
• Fix "Do not save users rejected on signup" option with XF2.1.6+

• Fix that the email bb-code was not being checked for url domain filtering

• Fix "add to group" option being considered a custom option
• Fix multiple account filtering in admincp's user edit page

• Fix for some phrase/templates associated with this add-on having invalidly high version id's making translating the add-on difficult

• Fix port scanning error when some socket functions are unexpectedly disabled but others are not
• Fix race condition between user being deleted and the approval queue entry being removed
• Enable wildcard support in geoip block country matching rules
• Improve text rules descriptions
• Implement "Add to group" if the score is above some threshold, or if directly triggered. Use "addToGroup" in text rules. Can be applied even if moderation/rejection rules are applied
• Implement https://getipintel.net integration, requires a contact email address to be set