Page 1 of 3

Forums - Banning Users

Posted: Tue May 25, 2004 5:39 am
by Grim...
Hi all.

I'm in the process of building a forum for anyone to download and use, and I'm thinking about the user banning system.

What do people think is the best way of banning a user?

I know of the following:
  • IP ban - good, but some people have variable IP's and sometimes other users use the same IP, so it can't be used.
    Username ban - well, it tends to give them the message but if they are really sad they'll just keep re-registering.
    Cookie ban - Ban the username and drop a 5 year 'ban' cookie onto their system which is picked up each time they enter the site. Works okay unless they are alerted to the cookie or change computers often.
    Password block - Simply randomise their password each time they try to log in. Might annoy them until they go away.
    Stealth ban (I came up with this at about midnight last night) - Any posts made by the user cannot be seen by anyone except that user - he posts as normal and thinks everything is going fine, but no-one else has to put up with him.
Are there any more that I haven't thought of?

Posted: Tue May 25, 2004 5:50 am
by kettle_drum
Moderation ban - all the users posts are moderated before they get posted.

Posted: Tue May 25, 2004 5:54 am
by Grim...
That's an idea, but it could require lots of work on the part of the moderator.

I'll still build it in ;)

Posted: Tue May 25, 2004 5:58 am
by JayBird
I think a combination of a few of theose methods wold be the best bet.

Mark

Posted: Tue May 25, 2004 6:10 am
by Grim...
That's definitely true, I was wondering if anyone had any new idea's I hadn't thought of.

Of course, you're never going to stop someone who is really determined to screw things up for you, but damnit, you should be able to :)

Posted: Tue May 25, 2004 8:04 am
by magicrobotmonkey
I like that stealth ban idea - hah! sucker!

Posted: Tue May 25, 2004 8:05 am
by Findus
E-mail ban.
Assuming users must have valid email addys to register.
It would be the same as username ban, except that if they now want a new account to keep on annoying you, they have to get another email addy aswell.

Should make it less appealing.

Stealth ban was a nice idea by the way.

Posted: Tue May 25, 2004 9:29 am
by Grim...
Stealth ban is a nice idea, but could get trickier the more you think about it.

When he posts, he should see himself as the last poster in that thread, and the thread should jump to the top of the topic list, but only for him. Not so much trouble with one bad guy, but when you have 20 or 30?

Hmm...

Posted: Tue May 25, 2004 9:32 am
by dave420
For the stealth-banned people, they can have a dynamically-generated thread, whereas everyone else gets a cached copy of the real thread, that is actually accurate. That way, you only have to spend a bit of CPU time for the majority of users, and it gives you more room to process the stealth-banned peoples' views :)

I like the idea a lot :)

Posted: Tue May 25, 2004 10:30 am
by feyd
host ban - entire domains, or some filtering thereof... could get messy if you ban a tld though :lol:

Posted: Tue May 25, 2004 11:43 am
by launchcode
Username wildcard ban - for the really troublesome users who keep on re-registering, lets you ban part of their username. Of course they can pick a new username totally, but then they loose their "status" as a known trouble maker if you see what I mean?

"Muffle" - like your stealth ban, anything they post does actually go live, but has a "hidden" flag set so no-one else can see it.

I had great fun implementing a "frog" ban once.. it basically doesn't do anything to the user other than make the entire forum appear in frog language.. (pretty much replace every single word with "ribbit"). Pointless, but amusing.

IP, IP Mask, Domain, Domain Mask ban - for both permanently and for a temp. period (i.e. it actually tells them "You've been banned until X/X/XXX" - sometimes this helps, you can make a user really "cool off" if they know that you have banned them, but it'll be lifted in say an hour. Then lots of the time they don't bother re-registering.

Also - keep yourself notified. Email yourself every time someone sets a new forum name for example.

Allow your moderators to "rate" users with a trouble-maker level, so they their posts appear in a different colour (only mods can see this) which allows for much faster moderator action.

Also - and this one is VERY tricky to balance correctly - but you could allow your forum users to actually "vote off" another user. If enough people complain about a post/thread (and I mean it has to be enough) then that user can be automatically kicked from the forum. You have to have some criteria though - i.e. only people who have been registered longer than say 120 days can vote a user off, etc.

Just some thoughts anyway!

Posted: Tue May 25, 2004 11:47 am
by tim
FYI - there is a IP range ban function in the code snipplets

:wink:

which in my opinion, is the best solid way to keep a user out after they've been banned. my .02

Posted: Tue May 25, 2004 6:18 pm
by d3ad1ysp0rk
tim wrote:FYI - there is a IP range ban function in the code snipplets

:wink:

which in my opinion, is the best solid way to keep a user out after they've been banned. my .02
56k?

my idea:
- randomize the password
- insert a cookie into their comp
- allow them to signup again
- when they do, have it check for the cookie, if it's there, send an email to you/any other admins (for faster action), and then you can randomize their password again before they can even activate their account.

The cookie probably wont be noticable to the users since it doesn't say "you have been blocked" or whatever, so they won't be looking for it.

Posted: Tue May 25, 2004 7:36 pm
by Joe
You could take certain infomation from the computer. Not just the IP. This could lead to problems of other users having the same equipment accessing your site. To prevent this just insert the IP in the same db column as the equipment. This should work unless they happen to use proxys.

Posted: Tue May 25, 2004 9:53 pm
by tim
yeah but if anyone is serious about hacking the site, they'll see a pattern in the cookies if they delete it once a day like i do. and i'm not even a hacker