How to block a malicous user?
-
I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
-
I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
-
Yeah, I was gonna say the same thing too. He can also create a dictionary of offensive words/phrases, and create a utility of some kind that checks user inputs against that list as a pre-approval process. Just a suggestion!
Nila Fridley
-
I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
IMHO, one of the ways is to provide a link, say Report Abuse, so that other members of the site can use to report it to the admin board. Also, to gain more attention from the gurus here, you might consider posting this question in the lounge (as I don't think it's a programming question :-D) where you can get a couple of golden tips from someone like the Lord Chris, code-frog, Andy Brummer ....
-
I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
If your site is running on a Windows server, you could try parsing the output of...
nbtstat -A ipaddress
Jeremy Falcon