www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: Reliable banning methods?

  1. #1
    Join Date
    Mar 2004
    Posts
    3,056

    Reliable banning methods?

    Hi filks. Been thinking about this for a while now and still haven't come up with any decent ideas yet. I'm trying to think of some reliable methods of banning people from sites and forums. Banning by IP would be useless because it'd only work on those with static IP's and even they could just use a proxy. :/

    Thought about cookies, but that's just a simple case of clearing the cookies. I thought about using a reverse hostname lookup because I figured that's be the closest thing to being able to uniquely identify a user. But there's two problems I can see with that method. Firstly it puts a lot of extra strain on Apache (2) from what I've read and it doesn't always work. Secondly most users won't have even set a hostname when they set up their PC. I should imagine a great deal of them with be called "MICROSOFT PC" or whatever the default is already placed in the text box at setup.

    I only have apache 2 php 5 and mysql 4.1.7 and with these tools I can't think of a reliable method. I get the feeling it isn't possible, but I figured I'd ask anyway. So.... any ideas folks?

  2. #2
    Join Date
    Nov 2003
    Location
    Jerryville, Tejas
    Posts
    11,715
    Cookies will probably be your best bet. IP and hostnames will be useless as they will change and will resolve to the gateway router except for fools you can lock out with cookies anyway. Anything you do will only be effective for inexperienced users.

    The most effective approach is to force them to authenticate and ban them there.
    "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." Brian W. Kernighan

  3. #3
    Join Date
    Jun 2004
    Location
    England
    Posts
    2,972
    Cookies are particualy effective for people that sign up just to swear on your forums or such like, especialy as they tend to be non-tech-savy folks.

    If you want to be really mean you could redirect then to a page saying: "MWA HA HA I've just hacked your computer" with lots of red and blinking text, now that'll keep 'em from trolling.

    Forcing people to authenticiate is kind of putting a barrier between you and legitimate users.

    If you have a lot of time on your hands then you could make them think that they're not banned, but only let them see thier own posts.
    Disclaimer. (1) Whilst I will help you sometimes, if I feel like it, and my advice in relation to your actual question will be of good quality: my posts are to be taken with a pinch of salt. I will be sarcastic, deploy irony and include obscure cultural references for my own amusement without warning.
    (2) You will gain nothing from complaining, and if you try to argue with me then you will not win. No matter how noble your battle seems, I am still better than you, don't be an hero.

  4. #4
    Join Date
    Mar 2004
    Posts
    3,056
    Aye. I thought about banning by email address too but figured hotmail would kill that right away. I suppose I might as well do it. Slap a cookie on 'em that says they've been banned and block signups from the previously given email address. I suppose making it look like the server screwed up when they try to sign up again, rather than telling them I know it's them from their email address would at least be something.

    That was onother one I thought about too. Not actually banning them at all. Just letting them log in and have everything appear as normal to them, but to everytone else the bad user no longer exists. Is never logged in and posts never retrieved etc. I think I'll build both (or more) methods in and then just make an extra section on the admin control panel to select which methods to use and how to do it.
    Last edited by Mr Herer; 01-10-2005 at 11:09 AM.

  5. #5
    Join Date
    Feb 2003
    Posts
    2,745
    As you know, you can't prevent users from logging in via different IPs and Email addresses, but what I'd suggest is to use a combination of cookies and banning by email address. Also, I wouldn't reccomend letting 'em think they logged in but it just doesn't really work. That makes your site look broken when they figure out that their posts aren't going up, and may even invite more trouble.

    Truly, I wouldn't be overly concerned about banned users switching to a new email address and creating a new account. You should log the IP of banned users and document the posts that break the usage agreement. Maybe a user gets banned, gets a new email address, clears their cookies and logs on and behaves responsibly from there on out. Fine. If they are constantly disruptive (especially if they are vulgar or threatening), an email or a phone call to their ISP may put a stop to it. You can't identify users by unique IP because they may be constantly changing, but the major ISPs know who had which IP address at what time. Yahoo is pretty good about canceling free accounts of users who abuse their service too.

  6. #6
    Join Date
    Aug 2004
    Location
    Florianópolis
    Posts
    267
    why you want to ban people?
    Sandro27

  7. #7
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,224
    There is not relibale way you ban a specific user from a website. One thing you can do is when a new account is made it has to get your approval before it can become active. This can be annoying and even impossible on a large site, but you can look at each user's information and everything before they are a member.

  8. #8
    Join Date
    Jul 2003
    Location
    New York City
    Posts
    2,771
    The most reliable method would be to require that your memebers submit to retina scans and provide DNA samples, else they can't be a member.

  9. #9
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,224
    Originally posted by MstrBob
    The most reliable method would be to require that your memebers submit to retina scans and provide DNA samples, else they can't be a member.
    Good point.

  10. #10
    Join Date
    Nov 2003
    Location
    Jerryville, Tejas
    Posts
    11,715
    Eeeewwwwww! Fresh DNA samples in every authentication header would make for a gooey Internet.
    "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." Brian W. Kernighan

  11. #11
    Join Date
    Nov 2002
    Location
    Hermantown, MN
    Posts
    1,777
    Methods I've used before

    IP addresses - 123.123.123.123
    IP Ranges - 123.123.123
    Unique Email addresses
    Visual moderation of new accounts.
    Compguy Pete
    The Benevolent Administrator

    No child should have to deal with a Brain Stem Tumor...
    http://www.OneAna.com

  12. #12
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,224
    The problem with any ip ban is the fact that if you were to do it to anyone who knows how to use a proxy they could just mask their ip with that. Proxies are easy to come by on this vast internet, I can google and get a new proxy ip to drop into my browser.

  13. #13
    Join Date
    Nov 2002
    Location
    Hermantown, MN
    Posts
    1,777
    I guess I should have mentioned that those methods are what I would do in that order.

    Proxy sites have been growning in number in the last year and it's sad to see them being used in that way.
    Compguy Pete
    The Benevolent Administrator

    No child should have to deal with a Brain Stem Tumor...
    http://www.OneAna.com

  14. #14
    Join Date
    Feb 2003
    Posts
    2,745
    MstrBob
    The most reliable method would be to require that your memebers submit to retina scans and provide DNA samples, else they can't be a member.
    Great idea. I also suggest having users submit notarized documentation that the caps lock and shift keys have been physically removed from their keyboards as well as disabled at the CMOS level. Members must swear on penalty of death to never begin a post with "I'm using Windows 95..."

  15. #15
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,224
    Originally posted by Compguy Pete
    I guess I should have mentioned that those methods are what I would do in that order.

    Proxy sites have been growning in number in the last year and it's sad to see them being used in that way.
    well, sadly many things are being abused... *cough* I use remote desktop most often to go around our school's network block *cough*.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles