How to block bad users
-
Good day We have a asp.net website high traffic website. When a user registers we store the ip address i that user,when the login we store all ip addreses he used and we have a blocking module which blocks a username and all the ip's associated with that username. So that those who want to create other accounts from same location will be blocked. This morning we had few incidents where we needed to block the fake user. Can anyone scrutinise my approach and there is anything to my approach that i can add to make it rock solid i would appreciate. We also have a mobile app which also does the same in terms of Imei and it blocks the phones which is easy.
Vuyiswa Maseko, Spoted in Daniweb-- Sorry to rant. I hate websites. They are just wierd. They don't behave like normal code. C#/VB.NET/ASP.NET/SQL7/2000/2005/2008 http://www.vimalsoft.com vuyiswa[at]vimalsoft.com
-
Good day We have a asp.net website high traffic website. When a user registers we store the ip address i that user,when the login we store all ip addreses he used and we have a blocking module which blocks a username and all the ip's associated with that username. So that those who want to create other accounts from same location will be blocked. This morning we had few incidents where we needed to block the fake user. Can anyone scrutinise my approach and there is anything to my approach that i can add to make it rock solid i would appreciate. We also have a mobile app which also does the same in terms of Imei and it blocks the phones which is easy.
Vuyiswa Maseko, Spoted in Daniweb-- Sorry to rant. I hate websites. They are just wierd. They don't behave like normal code. C#/VB.NET/ASP.NET/SQL7/2000/2005/2008 http://www.vimalsoft.com vuyiswa[at]vimalsoft.com
You can ask Chris how hard it is to block the same user, based on data from some previously banned account... As you may already know IP banning has it disadvantages, but to be honest, there is no really reliable method to block new users based on old data... No IP address, no email, no user-name and nothing other will for sure connect one account to an other, so always will miss someone bad, why probably block someone innocent... So with all the sorrow - there is no 'rock solid' solution, but bad and worst only...
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
-
Good day We have a asp.net website high traffic website. When a user registers we store the ip address i that user,when the login we store all ip addreses he used and we have a blocking module which blocks a username and all the ip's associated with that username. So that those who want to create other accounts from same location will be blocked. This morning we had few incidents where we needed to block the fake user. Can anyone scrutinise my approach and there is anything to my approach that i can add to make it rock solid i would appreciate. We also have a mobile app which also does the same in terms of Imei and it blocks the phones which is easy.
Vuyiswa Maseko, Spoted in Daniweb-- Sorry to rant. I hate websites. They are just wierd. They don't behave like normal code. C#/VB.NET/ASP.NET/SQL7/2000/2005/2008 http://www.vimalsoft.com vuyiswa[at]vimalsoft.com
Unfortunately it is very hard to identify the users using IP addresses because for some ISPs all customers might have similar IP address. The only way of doing this is installing small programs in the browser and getting their MAC address which is unique for all users but which is not possible without user permission.
