Forums - Banning Users

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Forums - Banning Users

Post by Grim... »

Hi all.

I'm in the process of building a forum for anyone to download and use, and I'm thinking about the user banning system.

What do people think is the best way of banning a user?

I know of the following:
  • IP ban - good, but some people have variable IP's and sometimes other users use the same IP, so it can't be used.
    Username ban - well, it tends to give them the message but if they are really sad they'll just keep re-registering.
    Cookie ban - Ban the username and drop a 5 year 'ban' cookie onto their system which is picked up each time they enter the site. Works okay unless they are alerted to the cookie or change computers often.
    Password block - Simply randomise their password each time they try to log in. Might annoy them until they go away.
    Stealth ban (I came up with this at about midnight last night) - Any posts made by the user cannot be seen by anyone except that user - he posts as normal and thinks everything is going fine, but no-one else has to put up with him.
Are there any more that I haven't thought of?
Last edited by Grim... on Tue May 25, 2004 5:51 am, edited 1 time in total.
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Moderation ban - all the users posts are moderated before they get posted.
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

That's an idea, but it could require lots of work on the part of the moderator.

I'll still build it in ;)
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

I think a combination of a few of theose methods wold be the best bet.

Mark
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

That's definitely true, I was wondering if anyone had any new idea's I hadn't thought of.

Of course, you're never going to stop someone who is really determined to screw things up for you, but damnit, you should be able to :)
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

I like that stealth ban idea - hah! sucker!
Findus
Forum Newbie
Posts: 7
Joined: Tue Apr 20, 2004 8:47 am

Post by Findus »

E-mail ban.
Assuming users must have valid email addys to register.
It would be the same as username ban, except that if they now want a new account to keep on annoying you, they have to get another email addy aswell.

Should make it less appealing.

Stealth ban was a nice idea by the way.
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

Stealth ban is a nice idea, but could get trickier the more you think about it.

When he posts, he should see himself as the last poster in that thread, and the thread should jump to the top of the topic list, but only for him. Not so much trouble with one bad guy, but when you have 20 or 30?

Hmm...
dave420
Forum Contributor
Posts: 106
Joined: Tue Feb 17, 2004 8:03 am

Post by dave420 »

For the stealth-banned people, they can have a dynamically-generated thread, whereas everyone else gets a cached copy of the real thread, that is actually accurate. That way, you only have to spend a bit of CPU time for the majority of users, and it gives you more room to process the stealth-banned peoples' views :)

I like the idea a lot :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

host ban - entire domains, or some filtering thereof... could get messy if you ban a tld though :lol:
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

Username wildcard ban - for the really troublesome users who keep on re-registering, lets you ban part of their username. Of course they can pick a new username totally, but then they loose their "status" as a known trouble maker if you see what I mean?

"Muffle" - like your stealth ban, anything they post does actually go live, but has a "hidden" flag set so no-one else can see it.

I had great fun implementing a "frog" ban once.. it basically doesn't do anything to the user other than make the entire forum appear in frog language.. (pretty much replace every single word with "ribbit"). Pointless, but amusing.

IP, IP Mask, Domain, Domain Mask ban - for both permanently and for a temp. period (i.e. it actually tells them "You've been banned until X/X/XXX" - sometimes this helps, you can make a user really "cool off" if they know that you have banned them, but it'll be lifted in say an hour. Then lots of the time they don't bother re-registering.

Also - keep yourself notified. Email yourself every time someone sets a new forum name for example.

Allow your moderators to "rate" users with a trouble-maker level, so they their posts appear in a different colour (only mods can see this) which allows for much faster moderator action.

Also - and this one is VERY tricky to balance correctly - but you could allow your forum users to actually "vote off" another user. If enough people complain about a post/thread (and I mean it has to be enough) then that user can be automatically kicked from the forum. You have to have some criteria though - i.e. only people who have been registered longer than say 120 days can vote a user off, etc.

Just some thoughts anyway!
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

FYI - there is a IP range ban function in the code snipplets

:wink:

which in my opinion, is the best solid way to keep a user out after they've been banned. my .02
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

tim wrote:FYI - there is a IP range ban function in the code snipplets

:wink:

which in my opinion, is the best solid way to keep a user out after they've been banned. my .02
56k?

my idea:
- randomize the password
- insert a cookie into their comp
- allow them to signup again
- when they do, have it check for the cookie, if it's there, send an email to you/any other admins (for faster action), and then you can randomize their password again before they can even activate their account.

The cookie probably wont be noticable to the users since it doesn't say "you have been blocked" or whatever, so they won't be looking for it.
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

You could take certain infomation from the computer. Not just the IP. This could lead to problems of other users having the same equipment accessing your site. To prevent this just insert the IP in the same db column as the equipment. This should work unless they happen to use proxys.
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

yeah but if anyone is serious about hacking the site, they'll see a pattern in the cookies if they delete it once a day like i do. and i'm not even a hacker
Post Reply