Forums - Banning Users

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

You can't block a cracker.

We're talking normal members - decently computer skilled members. Not computer experts.
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

thats why i said

anyone serious about hacking the site.

I know i'm picky about cookies and I could see a pattern in cookies that would giva-way your method..

n I dont go off hacking web pages =]
dave420
Forum Contributor
Posts: 106
Joined: Tue Feb 17, 2004 8:03 am

Post by dave420 »

Banning on IP is not very effective at all. Anyone with access to a web-proxy, or even anonymizer site, will be able to fool it. If you think you can detect those, someone needs just use an SSH tunnel to change IPs completely.
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

I had another good idea last night - how about if you are banned instead of taking you to a page saying 'you have been banned' it takes you to a fake 404 page?
Findus
Forum Newbie
Posts: 7
Joined: Tue Apr 20, 2004 8:47 am

Post by Findus »

Implent them all and leave it up to the moderator who uses it to choose which type off ban.
User avatar
PrObLeM
Forum Contributor
Posts: 418
Joined: Sun Mar 07, 2004 2:30 pm
Location: Mesa, AZ
Contact:

Re: Forums - Banning Users

Post by PrObLeM »

Grim... wrote:Hi all.
Stealth ban (I came up with this at about midnight last night) - Any posts made by the user cannot be seen by anyone except that user - he posts as normal and thinks everything is going fine, but no-one else has to put up with him.[/list]
I Like the idea but if you start having quite a few banned people and they start finding out about it they can just spam the hell out of your site and it would start to fill up your mysql dbs and that would be a hassle
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It should probably only be limited to those that are griefers, to use an MMO term...
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

How would you implement the stealth ban when the user logs out? or goes to the site on another computer - i.e. one that wouldnt know it was him?

The user requesting the member to be banned could work like the warning thing on AIM - just adds a certain warning level, and maybe have this increase the amount of time a user has to wait to post another thread.

You could just add the stealth ban as a kind of ignore for users themselfs as well....i dont like....jason or whoever...so i, as a member choose not to have any of his posts shown to me. This way the user doesnt get to see posts from people he/she doesnt like, but other people - who may find the info useful - do.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'd always have a warning system of some sort.. whether shown to users or not. Stealth ban would just be an option in the ban list, it'd take immediate effect. Could have a date for when it takes effect be selectable.. This would add the ability to create temporary accounts for people or clients maybe..

An ignore list for users to have is a nice idea, add to that a "friends" list.. which could then be a link "view all friends' new posts" or something...
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

kettle_drum wrote:How would you implement the stealth ban when the user logs out? or goes to the site on another computer - i.e. one that wouldnt know it was him?
One of the main plusses of this ban would be that the user wouldn't know he was banned - he would have no reason to change his login details so the flag would be held against his username.

As far as he is concerned, he has no reason to change it!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'd go against user id over username...
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

o_O

Surely the user id is connected to the username?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I took that suggestion as literally storing the username in the stealth ban list, not a reference to the user account, since you appeared to imply that they could circumvent the ban by changing their name.
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

Apologies for being unclear: when I said changing their name, I meant creating a new login.
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

No what i ment was, the ban would be against the user. So when the user was logged in, he would see his posts - even though other people wouldnt - the stealth ban. But when the user logs out, or visits the forum from another computer, his posts would be missing and he would know he was banned, so it just seems a bit of a waste to store posts that only that person can see - they could even just completly spam the forum to fill up the database, and other people woud be unaware of it.
Post Reply