Unauthorized Sharing of User Accounts
Posted: July 26th, 2011, 7:53 pmhi-
i've read a ton of entries on the board and would like to bump this issue to everyone's attention as it definitely affects all subscription based websites.
specifically, we know we can limit the number of unique IPs that are used to access an account. this is great! we can prevent 30 different users from accessing an account they did not pay for. however, from my testing it appears by default a single user account can be used simultaneously by different people, whether they are behind the same IP address or using different IP addresses.
so, if i limit the number of unique IPs to 4/month, then at least a few people using different IPs or (in theory and per my testing) an unlimited number of people behind the same IP (say a company behind a firewall) can all use the same account. this means the potential loss of a lot of revenue.
so the unique IP mechanism is only a partial tool. how do we stop simultaneous/concurrent logins using the same username/password?
questions:
1. is this the expected behavior of s2member (i.e., simultaneous logins are permitted using the same credentials)?
2. if "yes" to question #1, what options are available to prevent multiple people from accessing the same account at the same time (even if it's just two people)?
3. if "no" to question #1, then what scripts/functions/etc. should i look at to find the problem?
there are at least two other threads on this topic:
viewtopic.php?f=4&t=1362
viewtopic.php?f=4&t=396
s2member is unquestionably the best subscription plugin on the market, and i've already begun to recommend it. however, this apparent lack of functionality could seriously undermine my ability to keep account sharing to a minimum.
thanks in advance for any help.
i've read a ton of entries on the board and would like to bump this issue to everyone's attention as it definitely affects all subscription based websites.
specifically, we know we can limit the number of unique IPs that are used to access an account. this is great! we can prevent 30 different users from accessing an account they did not pay for. however, from my testing it appears by default a single user account can be used simultaneously by different people, whether they are behind the same IP address or using different IP addresses.
so, if i limit the number of unique IPs to 4/month, then at least a few people using different IPs or (in theory and per my testing) an unlimited number of people behind the same IP (say a company behind a firewall) can all use the same account. this means the potential loss of a lot of revenue.
so the unique IP mechanism is only a partial tool. how do we stop simultaneous/concurrent logins using the same username/password?
questions:
1. is this the expected behavior of s2member (i.e., simultaneous logins are permitted using the same credentials)?
2. if "yes" to question #1, what options are available to prevent multiple people from accessing the same account at the same time (even if it's just two people)?
3. if "no" to question #1, then what scripts/functions/etc. should i look at to find the problem?
there are at least two other threads on this topic:
viewtopic.php?f=4&t=1362
viewtopic.php?f=4&t=396
s2member is unquestionably the best subscription plugin on the market, and i've already begun to recommend it. however, this apparent lack of functionality could seriously undermine my ability to keep account sharing to a minimum.
thanks in advance for any help.
