Looking for advice...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Looking for advice...

Post by Drachlen »

Okay.. I'm working on a guild website, and i have a join page. I want to prevent spam, so i have it logging IP's. Well I'm not sure how to go about preventing someone from viewing it, if they've already spammed... I was thinking i could make it so they had to log in to the forum first, and if they do something bad i just ban their account and IP.. But would that be the best way to do it?
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

IP isn't 100% effective but it is the best you've got. If a user has a dynamic IP there is no specific IP address to block.

The initial range of the IP will be constant, however: you could maybe ban on this for a short period in the hope that they won't come back after a couple of tries. Of course you're also blocking other, legitimate, users with the same ISP so you couldn't leave the block on for long. The busier your site is, the greater is the chance of another user with the same ISP logging in while the block is on. You wouldn't want to do that at all on a very busy site.

I'm experimenting with login "behaviours" at the moment. For example, if you track login times, that might help to identify the user along with the initial IP sequence - IF they have a regular pattern of behaviour. It's all just probabilities though - not sure how useful that's going to be.

You could also try to set a "permanent" cookie on the users machine and use that to exclude them. It's easy to delete but if they're not too bright they won't realise it's there.
Post Reply