Efficient banning system

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
tomcupr
Forum Newbie
Posts: 11
Joined: Mon May 08, 2006 2:26 am
Location: Sheffield
Contact:

Efficient banning system

Post by tomcupr »

Hi all,

I have trouble with one of the ex-users of our site. He is changing IPs, passwords, names and emails and re-registers all the time.

Is there a way how to make banning more efficient? Is there a way how to read e.g. his MAC address and use it in PHP script?

Any hints much appreciated!

Cheers

Tom
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Just ignore it, eventually he gets bored.
tomcupr
Forum Newbie
Posts: 11
Joined: Mon May 08, 2006 2:26 am
Location: Sheffield
Contact:

Post by tomcupr »

Can't ignore it when it's damaging bussines...
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Re: Efficient banning system

Post by JayBird »

tomcupr wrote:He is changing IPs, passwords, names and emails and re-registers all the time.
Not a lot you can do
tomcupr wrote:Is there a way how to make banning more efficient? Is there a way how to read e.g. his MAC address and use it in PHP script?
Simple answer...No Image

If it is a phpBB forum, you could google for "phpbb coventry mod". vBulletin has a similar thing. It basically lets the user make posts, but noone else can see them
tomcupr
Forum Newbie
Posts: 11
Joined: Mon May 08, 2006 2:26 am
Location: Sheffield
Contact:

Post by tomcupr »

Thanks...

I use 'in house' built forum... It's no problem messing around with the user - problem is to identify him quickly enough...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Pimptastic wrote:If it is a phpBB forum, you could google for "phpbb coventry mod". vBulletin has a similar thing. It basically lets the user make posts, but noone else can see them
tying up to this, is it necessary that a new user can post ...freely right after registration?
I don't know how much work it would generate for you but maybe it's possible to have new users under "supervision" for some time, i.e. posts are invisble to other users until a moderator clears them.
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

You could ban an IP range, and/or ban the ip's of common proxy services. (such as proxify.com)
Or, require users to know a password to sign-up.
Last edited by toasty2 on Fri Aug 11, 2006 1:46 pm, edited 1 time in total.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

I recently changed my forums due to similar issues. I implemented a 2 day wait after signup to be able to post. Although, my forums are supplementary to the site and not an important part of "business". If your forums are important to your site/business, then you may not be able to go this route.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
matt1019
Forum Contributor
Posts: 172
Joined: Thu Jul 06, 2006 6:41 pm

Post by matt1019 »

one way to go about this is....

screen the newly registered users.

i.e., require admin approval of the users before they are actually registered.

this way, if you find anything fishy in the signup details that the user provided, you can "dis-approve" him/her

-Matt
Post Reply