SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    $books++ == true matsko's Avatar
    Join Date
    Sep 2004
    Location
    Toronto
    Posts
    795
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Concrete Banning System

    IP banning works however many people across the net share IP Address's. So if you wanted to ban someone off your site (in this case a free membership website) then what would be the best possible way to do so...?

    is there anyway to determine more about the user other then just getting the IP adress and the browser information?

    this may be stupid, but the only way to ban someone 100% would be to block the MAC address. For security reasons I doubt that you can get that address freely from a php script or GET IT AT ALL...

    using cookies is also good however users can clear their cookies, deleting or trapping accounts is good, but then users can register a new account. Email activation works but getting another email address for a malicious user is just a few clicks...

    what tricks do you guys sugest? something that hopefully works?

    thanks
    I can't believe I ate the whole thing

  2. #2
    Wadge! F4nat1c's Avatar
    Join Date
    Oct 2005
    Location
    South Wales, UK
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well just update the database with a Ban field, and If they're banned, then there's a 1 in the Ban field next to thier username. As long as the only thing they can do on your site without logging in is look, then that should work fine.
    OMFG SitePoint ROXORZ TEH BIG ONE111!
    Wish you were invisible?

  3. #3
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by matsko
    this may be stupid, but the only way to ban someone 100% would be to block the MAC address. For security reasons I doubt that you can get that address freely from a php script or GET IT AT ALL...
    Unless I'm mistaken, the MAC address is on another network level, and isn't something that would ever be available.

    The above approaches are all easily overcome -- the only technique I can recommend is to require e-mail verification, and ban common "free e-mail" sites, such as gmail, hotmail, yahoo, etc...

    ... noting that this might restrict some valid users from accessing your resources.
    My name is Steve, and I'm a super-villian.

  4. #4
    $books++ == true matsko's Avatar
    Join Date
    Sep 2004
    Location
    Toronto
    Posts
    795
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    its a free website, they can just register again with a different email. I said that above...

    One smart system would be to have one IP per user, but that is not possible because IP address's are not distinct per computer. Also if you know how to then you can login through a proxy (which will mask your IP address with another one...)
    I can't believe I ate the whole thing

  5. #5
    $books++ == true matsko's Avatar
    Join Date
    Sep 2004
    Location
    Toronto
    Posts
    795
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what you said about having the valid email idea is the best solution yet...

    it will most likely (by over 50%) prevent users from registering, because I doubt that all users have (non-free) email address's
    I can't believe I ate the whole thing

  6. #6
    SitePoint Zealot
    Join Date
    Jan 2006
    Posts
    190
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    From expirience annoying members are not always malicious and capable.

    Try using mis-information. Create a cookie which would stop them from registering new accounts, but when they try give an error message 'Your IP/MAC/email has been banned'

    Or visa versa.

    I know its not a solid technical solution, but it stops all the little kiddies with issues from causing problems.

  7. #7
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by matsko
    what you said about having the valid email idea is the best solution yet...

    it will most likely (by over 50%) prevent users from registering, because I doubt that all users have (non-free) email address's
    Almost everyone has at least one e-mail provided them by their ISP -- this just forces them to use that, or look elsewhere for the resources.
    My name is Steve, and I'm a super-villian.

  8. #8
    SitePoint Member
    Join Date
    Oct 2009
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    banning by ip surely is not the way to go? ISP's frequently assign addresses with dynamic IP's so this is bound to be ineffective

  9. #9
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Instead of banning the user which gives them immediate feedback that it's time to register a new account, make that account annoying.

    Do stuff stuff like make some of their requests error out. Make some take a long time. Do random really annoying things. Make it very unenjoyable. Let your saidstic side come out

  10. #10
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Agree.

    Make some parts of the page disappear for those you have banned, no input boxes etc kinda readonly view. Only works if they weren't smart enough to copy your form postback addresses of course. Devise a special turing test for them.

  11. #11
    John 8:24 JREAM's Avatar
    Join Date
    Sep 2007
    Location
    Florida
    Posts
    1,508
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you require real email accounts to activate make sure to block emails from services like mailinator or it's very easy to make tons of free accounts. There are a few different extensions for those email boxes (3 I think), you could block those off with REGEX.

  12. #12
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I find the best defense to be a psychological one, both on a website, and in real life. Do whatever you can to discourage the behavior. (It's really a question of economics, as you are trying to increase the opportunity cost.) Of course, how feasible that is and the methods that you can use depends on the subject of the website in question.

    Using (only) force tends to be like killing a ton of cockroaches with your feet.

  13. #13
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,521
    Mentioned
    37 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by crmalibu View Post
    Instead of banning the user which gives them immediate feedback that it's time to register a new account, make that account annoying.

    Do stuff stuff like make some of their requests error out. Make some take a long time. Do random really annoying things. Make it very unenjoyable. Let your saidstic side come out
    I like that cunning idea.. a 'stealth' ban in effect

    I've previously created flash games for competitions where there were a lot of attempts at hacking the high scores system, and one of the most effective techniques in reducing this was to allow a false score to appear to be in the table to the guilty party (high score table was only displayed to logged in users), but flag as false in the database and not appear to everyone else, so they think they have succeeded and don't expend effort on digging deeper.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •