Implementing MaxMind Device Tracking Add On

[WHMCS John]

Maxmind offers a Device Tracking Add-on as a complimentary part of their minFraud fraud checking service. It works by adding a small javascript code to your website which identifies each unique device accessing it, so even if a fraudster changes their IP address or uses a proxy, the device will still be recognized and can receive a higher fraud score if appropriate.

I've prepared some sample code that uses the ClientAreaFooterOutput hook point to add this code to the footer of all public pages:

<?php
add_hook('ClientAreaFooterOutput', 1, function($vars) {
    return <<<EOF
<script type="text/javascript">
  maxmind_user_id = "ACCOUNT_ID";
  (function() {
    var loadDeviceJs = function() {
      var element = document.createElement('script');
      element.src = 'https://device.maxmind.com/js/device.js';
      document.body.appendChild(element);
    } ;
    if (window.addEventListener) {
      window.addEventListener('load', loadDeviceJs, false);
    } else if (window.attachEvent) {
      window.attachEvent('onload', loadDeviceJs);
    }
  } )();
</script>
EOF;
});

Replace ACCOUNT_ID with your Maxmind Account ID number.

 

To install this, you can simply add the code to a file in your /includes/hooks directory such as /includes/hooks/maxmind_device_tracking.php.

For convenience, I've attached the completed hook file to this post here: maxmind_device_tracking.php

 

To learn more about this feature refer to: https://dev.maxmind.com/minfraud/device/

 

Please note that this is being provided only as an example and is not guaranteed to work with future versions of WHMCS.

Feel free to modify it to suit your needs and I hope it helps! 

 

[brian!]

2 hours ago, WHMCS John said:

Feel free to modify it to suit your needs and I hope it helps! 

I suppose two obvious modifications could be to i) pull the account ID from the database instead of manually editing the hook and b) only run the hook if maxmind is enabled in the fraud settings - now logically you shouldn't even install this hook unless it was enabled - i'm thinking specifically of circumstances were you later disable or use another fraud service instead of maxmind.