Blocking a malicous user
-
Please don't hate me for cross posting this, but I didn't get many replies in the ASP.NET forum... I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
Barry Etter
-
Please don't hate me for cross posting this, but I didn't get many replies in the ASP.NET forum... I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
Barry Etter
google requires cellfone numbers now before you can get an account the theorey being they arent as easy to change as email addresses
"there is no spoon"
{some projects} {about me} -
Please don't hate me for cross posting this, but I didn't get many replies in the ASP.NET forum... I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
Barry Etter
-
Please don't hate me for cross posting this, but I didn't get many replies in the ASP.NET forum... I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
Barry Etter
Try Ban by MAC address, chances are he is calling from the same computer.
-
Try Ban by MAC address, chances are he is calling from the same computer.
I like that idea! How can you get the MAC address from a web request?
Barry Etter
-
I like that idea! How can you get the MAC address from a web request?
Barry Etter
Wrong forum. ;P
Jeremy Falcon
-
I like that idea! How can you get the MAC address from a web request?
Barry Etter
I don't know much about linux but on windows you can write an IP helper DLL (many samples here on CP). From there you will have access to IP/TCP/MAC, use the info and get to your database using oldb interfaces to accept or reject the connection:).
-
Please don't hate me for cross posting this, but I didn't get many replies in the ASP.NET forum... I have a free website that allows alumni of my high school to sign up and share information. It's like classmates.com, except it's free to alumni of my school (http://www.daviehighalumni.com[^] if you're interested). There is one user who likes to cause problems by posting offensive messages on my message board, annoy other users, etc. I can easily block this user from signing in, but have no restrictions on creating new accounts, so they can easily create a new account and continue their behaviour. I could try requiring e-mail authentication before a new account can be used, but this person could impersonate another alumni who doesn't yet have an account. I can't base it on IP address because they change often. I can't base it on name or e-mail address because a person can easily use a different name or create a new e-mail address. Here's my last attempt to block this person: I put a tag on their profile so that when they logged in, I set a cookie on their computer. From then on, if I see this cookie, I don't let them log on or create new accounts. I thought this would keep them out for sure, but it hasn't worked as they apparently know how to delete cookies or are going to different computers. So, does anyone have any ideas on blocking a user from accessing a web site when the web site is free and allows users to create accounts? Barry Etter
Barry Etter
I'm sure someone more savy than has said this, but log his IP then whip up a table in your database ( blkUserAccounts) and add his dumbarse IP. Then run it against not only any future attempts to register, but against all cuurent logins (just in case a former sweetheart swoons and gives him access through her account). Jerry
"I'm happier than a tornado in a trailer park"--Cars
-
Try Ban by MAC address, chances are he is calling from the same computer.
If I remember correctly, DSL doesn't use MAC addresses and dailup defintitely doesn't. Elaine :rose: