I have a popular members only website. I banned one guy a few months ago for various reasons. Now, he keeps signing up with different usernames, different emails and wreeks havoc on the site...is there anything I can do either legally or technically to stop this moron.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
What can I do 2
- Thread starter offdarock
- Start date
- Thread starter
- #3
he always has different ip address...I am using coldfusion for the backend of the site...I wonder if I can capture some unique info from his computer and use that info to block him. like the name of his computer or something along those lines
-
1
- #4
You can get the name of his computer and ban him from that, BUT, he can always change the name of his computer.(if he's smart enough to work that one out)
If he is being seriously insulting- to the point of remarks that could cause serious offense, then I suggest you track down his isp, and get him in trouble via them, most isp's don't like having trouble makers using their service, especially if the trouble maker is hacking, flaming, spoofing etc.
----------------------------------------
Sometimes, when my code just won't behave, I take it outside and make it listen to britney spears music, and when it comes back it's really well behaved. I wonder if it's suffering from post tramatic stress syndrome now..
If he is being seriously insulting- to the point of remarks that could cause serious offense, then I suggest you track down his isp, and get him in trouble via them, most isp's don't like having trouble makers using their service, especially if the trouble maker is hacking, flaming, spoofing etc.
----------------------------------------
Sometimes, when my code just won't behave, I take it outside and make it listen to britney spears music, and when it comes back it's really well behaved. I wonder if it's suffering from post tramatic stress syndrome now..
-
1
- #5
As a last resort you can ban the IP block, but this will obviously mean that you are also going to affect other users.
"I'm making time
"I'm making time
- Thread starter
- #6
- Thread starter
- #8
TheConeHead
Programmer
I would say make the sign-up process more robust - Make it so they need to be approved before being able to post and make them supply some type of check-able information.... hmmm... what could they provide?
![[conehead]](/data/assets/smilies/conehead.gif "[conehead] [conehead]")
That's what I was going to suggest
PHPBB for example has a number of ways to handle registrations.
1. The user registers and they are instantly a member
2. The user registers and an activation email is sent to the specified mail account. They have to authorise their account from an encrypted link in the email. Hence they MUST supply a valid email address. I believe it is also possible to not allow hotmail (etc.) addresses.
3. The user registers and a validation email is sent to the forum owner. The forum owner then has to activate the account. Upon activation a confirmation mail is sent to the user.
If he is spoofing his IP via a proxy then you may find it difficult to stop him, but eventually he will run out of either proxies or patience.
If he is using a dial up account, then you should contact his ISP and tell them what is happening (as has been stated).
"I'm making time
PHPBB for example has a number of ways to handle registrations.
1. The user registers and they are instantly a member
2. The user registers and an activation email is sent to the specified mail account. They have to authorise their account from an encrypted link in the email. Hence they MUST supply a valid email address. I believe it is also possible to not allow hotmail (etc.) addresses.
3. The user registers and a validation email is sent to the forum owner. The forum owner then has to activate the account. Upon activation a confirmation mail is sent to the user.
If he is spoofing his IP via a proxy then you may find it difficult to stop him, but eventually he will run out of either proxies or patience.
If he is using a dial up account, then you should contact his ISP and tell them what is happening (as has been stated).
"I'm making time
It's jerks like that who make all of our lives (jobs) more complicated. Is there anything at all common about his different registrations? Common password recovery? Something...? Something that you could check when a new user is created?
I don't think you can access the computer name (that would be a huge security hole if you could). One thing you could try is writing a cookie to his system the next time you catch him.
So when he logs in set the cookie, and from then on deny service based on the cookie. Of course that would only work if javascript is enabled, he is using the same computer each time, and until he deletes his cookies, but it might be worth a try.
Hope it helps.
I don't think you can access the computer name (that would be a huge security hole if you could). One thing you could try is writing a cookie to his system the next time you catch him.
So when he logs in set the cookie, and from then on deny service based on the cookie. Of course that would only work if javascript is enabled, he is using the same computer each time, and until he deletes his cookies, but it might be worth a try.
Hope it helps.
- Thread starter
- #12
The person who registers has to provide a proper email cause an activation code and a unique hyperlink is mailed to them...they have to recieve the email to activate their account....I temporarly disabled the mailout of the activation until I can review each new member joining but that is now gonna become a pain in the butt.
I have dropped cookies...
One thing I plan on doing is the next time I catch him is to modify my code so that he can go in there and post all he wants but other users will not be able to see his postings. hopefully, he will get board and leave. He will think he has full access to the system but only him and me will be able to see his postings.
I have dropped cookies...
One thing I plan on doing is the next time I catch him is to modify my code so that he can go in there and post all he wants but other users will not be able to see his postings. hopefully, he will get board and leave. He will think he has full access to the system but only him and me will be able to see his postings.
- Thread starter
- #15
TheConeHead
Programmer
you could make some mock users by where you could respond to him thus keeping him totally in the dark...
- Status
Similar threads
- Locked
- Question
- Locked
- Question
