Dear All,

I would much appreciate your advise regarding an obscene former banned member causing me a persistent headache! Over the past few weeks, he used to register himself in dozens of evil usernames, in attempt from his side to cause as much harm as possible to the forum and its members, as a revenge for being banned previously for his bad manners and misconduct.

Even the fake emails he registers with them contain obscene and evil words!

I made every possible effort to make registration to new members difficult (very difficult indeed) including validation of email addresses, image verification, prevention of evil words in new-user names, ... etc but still evil names appear on who is on line, members log on within 24 hours, welcome new member!

Any suggestions to stop him or even to minimize the upset he causes to the forum or to hide Users Awaiting Email Confirmation and Users Awaiting Moderation from getting displayed on forum statistics?

Many thanks

http://www.almatareed.org/vb/showthread.php?p=1244766#post1244766

If he is using the same ip address, you could block his ip address. Otherwise the only thing I can think of is to moderate new members (Under "User Registration Options", set Moderate New Memebrs" to Yes), but then of course legitimate new members will have to wait to be approved.

If he is using the same ip address, you could block his ip address. Otherwise the only thing I can think of is to moderate new members (Under "User Registration Options", set Moderate New Memebrs" to Yes), but then of course legitimate new members will have to wait to be approved.

Thank you for your contribution. I am already moderating all new members since he started to register with evil names! Also his IP is dynamic and NOT static. He has hundreds of IP addresses! ... I have blocked a large number of his IP addresses but he is still able to generate new ones from his provider as well as registering from proxy sites! ... The real problem is that he has a good software background because he is working in the field of IT as far as I know.

talk to your host see if they can help

talk to your host see if they can help

Thank you. Is it possible if I submit his IP addresses to my host to have him blocked altogether even if his IPs are dynamic?

only your host could answer that. You could also talk to his isp and tell them what he is up to they might close his internet

only your host could answer that. You could also talk to his isp and tell them what he is up to they might close his internet

Thank you. I sent email to his service provider about 3 weeks ago but received no reply at all from them!

Know what? Study his user agent string. See if there's a commonality in it. There might be some unique item to block using Ban Spiders By User Agent. (https://vborg.vbsupport.ru/showthread.php?t=264932)

Know what? Study his user agent string. See if there's a commonality in it. There might be some unique item to block using Ban Spiders By User Agent. (https://vborg.vbsupport.ru/showthread.php?t=264932)

Thank you. I know what you mean but how can I apply Ban Spiders Hack on a real user? ... The common user agent thing is the first few digits of his IP address: 41.235.xx.xx. Those in red are changeable. However blocking 41.235 part of the IP will prevent many other innocent users from being able to access my forum!

Thank you. I know what you mean but how can I apply Ban Spiders Hack on a real user? ... The common user agent thing is the first few digits of his IP address: 41.235.xx.xx. Those in red are changeable. However blocking 41.235 part of the IP will prevent many other innocent users from being able to access my forum!USER AGENT, not IP.

Find the user agent in online.php, options at bottom of page, "User Agent" make YES,

You have to do this while he is online to capture this information.

It will look something like this:

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

User Agent tells you what browser, operating system, etc the user or visitor has.

USER AGENT, not IP.

Find the user agent in online.php, options at bottom of page, "User Agent" make YES,

You have to do this while he is online to capture this information.

It will look something like this:

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

User Agent tells you what browser, operating system, etc the user or visitor has.

Thank you for this piece of invaluable information :up: ... I'll try doing that. I guess after getting such information is to include the whole example line in Ban Spiders By User Agent hack. Have I understand it right?

--------------- Added 1351265371 at 1351265371 ---------------

Thank you for this piece of invaluable information :up: ... I'll try doing that. I guess after getting such information is to include the whole example line in Ban Spiders By User Agent hack. Have I understand it right?

sorry, forgot to ask about online.php ... is it in templates or mysql table?

Are you using the AE detector yet ?

Are you using the AE detector yet ?

I have never heard about it and don't know what is it for? ... would appreciate some more information please


--------------- Added 1351266919 at 1351266919 ---------------

Are you using the AE detector yet ?

I use a hack which informs me by a pm if 2 accounts are logging on through the same computer. I don't know if AE detector is an alternative name to this product or a different one?

Thank you for this piece of invaluable information :up: ... I'll try doing that. I guess after getting such information is to include the whole example line in Ban Spiders By User Agent hack. Have I understand it right?NO. many people have alot of the same stuff in their UA strings. You would be blocking access to 100s of millions of people if for example, you put just "Mozilla" or "Windows" or "Apple" in the ban list. You are looking for something that is unusual or unique in the string, for the one guy who is giving you the problems.sorry, forgot to ask about online.php ... is it in templates or mysql table?It's a page on your forum, online.php. It's accessed via the "quick links" dropdown, and the options are at the bottom of the page after it loads. "Who's Online."

NO. many people have alot of the same stuff in their UA strings. You would be blocking access to 100s of millions of people if for example, you put just "Mozilla" or "Windows" or "Apple" in the ban list. You are looking for something that is unusual or unique in the string, for the one guy who is giving you the problems.It's a page on your forum, online.php. It's accessed via the "quick links" dropdown, and the options are at the bottom of the page after it loads. "Who's Online."

Thanks a lot Max Taxable ... I got your point ... I hope I'll find something unique for him ... May I ask please, if I find something unique for him e.g. BOIE9 or ENXA, should I put the word as it is in Ban Spiders By User Agent or there is a special format?

Thanks a lot Max Taxable ... I got your point ... I hope I'll find something unique for him ... May I ask please, if I find something unique for him e.g. BOIE9 or ENXA, should I put the word as it is in Ban Spiders By User Agent or there is a special format?Yes, put just the unique part of the string in as a separate line in BSBUA.

Yes, put just the unique part of the string in as a separate line in BSBUA.

Many thanks, I hope it will work with that evil guy!

Many thanks, I hope it will work with that evil guy!He's lucky it's not my board he keeps coming back to.

He's lucky it's not my board he keeps coming back to.

I am pretty sure you will change your mind :D ... Is it possible to use the following in Ban Spiders By User Agent:

(Windows NT 6.0; rv:16.0)

I mean to paste it exactly like that or I have to do some modification? ... Also can it blocks other innocent users?

Many thanks

Is it possible to use the following in Ban Spiders By User Agent:

(Windows NT 6.0; rv:16.0)

I mean to paste it exactly like that or I have to do some modification? ... Also can it blocks other innocent users?

Many thanksThat would block hundreds of millions of innocent people. Don't do it.

If you have his user agent string, paste it here for me to look at if you don't mind?

And no, I would not change my mind. HE would be getting a new computer after he put the fire out.

That would block hundreds of millions of innocent people. Don't do it.

If you have his user agent string, paste it here for me to look at if you don't mind?

And no, I would not change my mind. HE would be getting a new computer after he put the fire out.

I will definitely do, I am keep watching now. Thanks a lot for your continuous advise and support :up: ... Is there any way to redirect him once he registers again to a malicious site to infect his PC? :D ... The idea jumped to my mind when you wrote this phrase:

HE would be getting a new computer after he put the fire out.

I have never heard about it and don't know what is it for? ... would appreciate some more information please

I use a hack which informs me by a pm if 2 accounts are logging on through the same computer. I don't know if AE detector is an alternative name to this product or a different one?

That might be it. this is the one actually https://vborg.vbsupport.ru/showthread.php?t=183268

Use it to detect multiple accounts and then put them on global ignore using the "tachy goes coventry" from user banning options. Dont ban them - always put on ignore. If you ban them then they will just keep coming back.

I will definitely do, I am keep watching now. Thanks a lot for your continuous advise and support :up: ... Is there any way to redirect him once he registers again to a malicious site to infect his PC? :D ... The idea jumped to my mind when you wrote this phrase:

HE would be getting a new computer after he put the fire out.I wouldn't recommend any of that. However, back in my botnet fighting days I wasn't above going into the zombie computers through their modem and frying their processor by grossly overclocking it. That's what I was referencing. Those computers were wet paper sacks for security, that's why they were botnet zombies to start with.

--------------- Added 1351355389 at 1351355389 ---------------

That might be it. this is the one actually https://vborg.vbsupport.ru/showthread.php?t=183268

Use it to detect multiple accounts and then put them on global ignore using the "tachy goes coventry" from user banning options. Dont ban them - always put on ignore. If you ban them then they will just keep coming back.The only problem with Tachy is, if they log out they can see their posts aren't posting.

The only problem with Tachy is, if they log out they can see their posts aren't posting.

Yes. If they realise that then they will create another account. So you have to repeat the process again. The thing is that if they have to keep checking it takes the fun out of trolling and ultimately they give up.

I have worn out several determined trolls this way. Trust me - banning doesnt work. Put them on global ignore and wear them out.

Yes. If they realise that then they will create another account. So you have to repeat the process again. The thing is that if they have to keep checking it takes the fun out of trolling and ultimately they give up.

I have worn out several determined trolls this way. Trust me - banning doesnt work. Put them on global ignore and wear them out.That is one of my techniques. I've never banned any account, letting them know they are banned only encourages more of the same, I agree.



To the OP: To REALLY freak your guy out, unban his account, assign it a password only you know, and start posting with it. Have him looking for homosexual hookups, etc.

That might be it. this is the one actually https://vborg.vbsupport.ru/showthread.php?t=183268

Use it to detect multiple accounts and then put them on global ignore using the "tachy goes coventry" from user banning options. Dont ban them - always put on ignore. If you ban them then they will just keep coming back.

I wouldn't recommend any of that. However, back in my botnet fighting days I wasn't above going into the zombie computers through their modem and frying their processor by grossly overclocking it. That's what I was referencing. Those computers were wet paper sacks for security, that's why they were botnet zombies to start with.

--------------- Added 1351355389 at 1351355389 ---------------

The only problem with Tachy is, if they log out they can see their posts aren't posting.

Thanks a lot vijayninel and Max Taxable. I found that I have the same hack recognizing multiple accounts but was installed in a different name in Arabic translation version. However the hack was not effective with that evil guy at all! He registers many times a day and the hack has never caught him even once! :D ... As mentioned before he has a sound background in IT technology and software for my hard luck :( ... Most of his registrations are with fake emails which he is unable to verify of course! ... His main aim is to display dozens of obscene and evil usernames on (who is on line) and other forum statistics! ... I have tried several options including:

* Helding registration to new members, however re-enabled it after a couple of days!
* Made forum statistics invisible to all groups expect group 6 (Admins) which is me :D, However forum members requested re-enabling them again after several days in spite of explaining to them my reasons!

Is there anyway to allow forum statistics and at the same time to Prevent Users awaiting Email confirmation and awaiting Moderation from getting displayed on them! :confused:

Most of his registrations are with fake emails which he is unable to verify of course! ... His main aim is to display dozens of obscene and evil usernames on (who is on line) and other forum statistics! ... I have tried several options including:

* Helding registration to new members, however re-enabled it after a couple of days!
* Made forum statistics invisible to all groups expect group 6 (Admins) which is me :D, However forum members requested re-enabling them again after several days in spite of explaining to them my reasons!

Is there anyway to allow forum statistics and at the same time to Prevent Users awaiting Email confirmation and awaiting Moderation from getting displayed on them! :confused:


I think users awaiting confirmation arent shown on Who's online. Check if the usergroup id is listed in forum.php. Usually the usergroup id of Users Awaiting Email Confirmation is 3 it may be different on your forum. If it is then add that number to the skipgroups array in forum.php like 3,4,5 etc.

$skipgroups = array(3,4);


Also set your usergroup permissions so that Users Awaiting Email Confirmation cant post on the forums.

I think users awaiting confirmation arent shown on Who's online. Check if the usergroup id is listed in forum.php. Usually the usergroup id of Users Awaiting Email Confirmation is 3 it may be different on your forum. If it is then add that number to the skipgroups array in forum.php like 3,4,5 etc.

$skipgroups = array(3,4);


Also set your usergroup permissions so that Users Awaiting Email Confirmation cant post on the forums.

I have tried all those precautions but still users awaiting email confirmation (group ID =3) appear on forum statistics including those on line. However they couldn't post

--------------- Added 1351426823 at 1351426823 ---------------

The evil guy user agent looks like that:

Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20100101 Firefox/16.0

Any suggestions?

--------------- Added 1351428441 at 1351428441 ---------------

This is the full user agent of the evil guy:

"
host-41.235.34.232.tedata.net - - [27/Oct/2012:19:38:43 -0500] "GET /favicon.ico HTTP/1.1" 200 491 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20100101 Firefox/16.0"
host-41.235.34.232.tedata.net - - [27/Oct/2012:19:38:44 -0500] "GET /vb/ HTTP/1.1" 200 25587 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20100101 Firefox/16.0"

Can I use something like that: HTTP/1.1 in ban spiders by user agent?

Just to let you know that the evil obscene guy I am talking about him has registered here today with my real name (mohamed hashesh) to continue his disgraceful and obscene behaviour!