If you've been admining a VB or any forum for that matter you know what I mean.

I've been toiling all this time trying to get a way to ban a user but time and time again I come he pops back with new ip address and handle leading me to the conclusion that it's difficult if not impossible to completely ban a user without resorting to a site wide registration ban.

That is why I want to implement a system that used a socket connect to connect to the user's "apparant" ip to send a confirmation address through a sort of Java chat window. This way if the user is using a proxy or spoofing technique he will never get the message since the second server to client request is made on ipaddress and port alone. Apparently though, even through a non-applet program it is only possible to send messages back on a connection made by the client and it is not possible to achieve the existing connection's port number and spawn a different process based on ip address and port, alone. Not to mention if I do manage to get the port number and ip address it just might happen to route the information back to the spoofer's computer since the client is listening on that port. Is there another way to send a "message" to a specific ip address without getting into legal trouble and foil the hacker at the same time???

I thought of a second implementation through Java by trying to determine the user's non spoofed ip address (or through the proxy) by downloading one of the scripts I found online that claimed to be legit . I doubt however it was 100% successful since none of the legit ones are. and of course I'm not going to even try the illegal software though I know there is a plethora out there (ie, programs to find free ports, etc etc)

Thirdly I thought of only allowing certified e-mail addresses from an ISP, such as aol, but collecting such a list would be a nightmare... I've looked already and I've only covered a tiny percentage of possible ISPs out there. It would be good, however since it would effectively block out anyone who didn't want to reveal their ISP.

Lastly I thought of doing something fancy with cookies by not only making them a neccesity but to also make it so that any attempt to delete them would block the registration and force you to contact the administrator. Harsh I know but I know even more people who would do this for a malicious purpose than do it by a mistake. It's still not fail proof unfortunately. And even if used with the the other java method, it still eeks out the REALLY computer savvy individuals. Tripled with the e-mail address ban it's effective but may bar TOO much.

Sigh...I'm willing to try anything at this point to stop an abusive user but right now I feel as though I'm out of real world options and that mycurrent options will be extremely inconvenient and not all that fail proof.

I have nothing against anonymity as long as the sufer is not abusing it. But in so many cases,this is exactly what happens.

how about "Ignore"

Did you try the Ignore User hack?

Since the abuse generally abuse for reactions, if no one sees their crap, they tend to move on.

So, instead of using a strong arm attempt to 'ban' them, you use a psychological ploy (with the help of the hack) to ignore. If the community ignores the loser, the loser tends to get bored and moves on.

It's a slow process, because most users have difficulty ignoring these dopes.

This is how it's done in some newsgroups. Every newsgroup tends to get hit every now and then by the 'Trolls'. They stir up a mess and leave everyone shell shocked. And the most effective tool was ignoring them.

Think back (alright, some of you don't have to think back too far) :) to when you'd "Ring and Run" on someone's door. If no one came to the door, you wouldn't hit that house again. But when someone came to the door and started screaming at you.... well, 'Hey, that was fun, let's do it again'.

That's a tactic I can encourage and at one point used but to my dismay not everyone can be tolerant enough to ignore other peoples loud opinions.

It ends up being that some forumers get emotional, they contact me, I say to ignore the problem and then they go in an all emotional bout spamming the forum with long emotional tirades (including bouts about their "tyrannical" admin). It spreads until one voice becomes a dozen and eventually even I get sick of it.

For you see, the perfume I'm wearing attracts some real nut-cases and more for me than for the good forum denziens I want to ban some people utterly from my site.

At this point I think a filter to include only isp specific e-mail addys would help narrow down the forumers from any old joe on the net, to someone who paid for net access.

If anyone has a list of any sort, please post it on the forum. Thanks

ANd a hack for ignore is good but could eventually cause problems.

There is no way to to elimanate someone on a phone connection. I use a dial up and my IP address is different every time I connect, but when I connect through the connection at work (not sure what they got - but its a heck of lot faster then my dial up) I am on the same dial up.

Banning email is the same, but more effective. At least you make them go through the work of creating new email accounts. In a few years when dial up goes away it will be easy as everyone has a permanent IP - but then you will always have the problem with people that use one IP masking tool or another.

So the short answer is no - you can not ban a user permanently no matter how hard you try.

I dont know what the igonore hack is, but his is what would work the best. If a hack would let that problem user see his messages, but they would only show up for him - not the rest of the users - than he would effectively get board as he thinks nobody is reacting to his statements and move on.

The problem I see is with the ignore feature is that when he/she would "catch on" they may just re-register. I'll have to put the user on ignore over and over again and it would be a test to see who is driven nuts first. Let alone I have to put in extra coding so that only he can see his own posts.

It's also not a solution but piled on top of the others, it does help. :) Thanks.

Here's a thought, maybe trying for technical solution is too hard, why not try a little bluff....it has worked for me in the past.

This assumes you have a current and active e-Mail for the weasel that is causing you such a headache, and is suggested in ignorance of what he is actually doing. However try a legal threat, advise him you utilise I.P logging, that you have I.P tracking software e.g Visual Route and that you will advise his ISP of his activities and that they will shut down his account, if they are a decent ISP they will probably do just that if you write to them politely informing them of his activities.

Additionally you could threaten direct legal action if he is breaching published terms and conditions of use of your site.

He/she may be a computer wizz but it is unlikely they are also a legal guru, so it may just work, like I say it has for me.

Anyhow just an idea !!

Best of luck, you have I am sure the symapthy of every self respecting webmaster.

There is one way that will work VERY well... but its a bit out of range. You would have to check credit card numbers for unique accounts. And to futher do it add that the addresses and and last names on the card may not match any other (ie a two Dewies at 123 Nowhere St, Somewhere, NY would not be allowed, but two dewies would, and for apartment sake two of the same addresses would). This would of course present the problem of parents and children wanting seperate accounts (not sure why both would use the same site) but to do that you could simply allow the second person to email the admin and hand set it up. Complicated huh? but tell me it wouldnt work!

SonnetCelestial, does this abuser's ip address fall within a certain range? If it does you can ban that entire subnet for a while and then release the ban after a month or two. Shouldn't affect any of your other users unless you are capturing lots and lots of traffic.

Another way, which might actually piss him off more than anything else, is put in a small if/then statement in the login section. Dont' ban the guy yet. When he logs in, have it open up 10 browser windows and 5 of them full-screen, which he won't be able to close unless he knows about "alt-F4". Yeah I learned that one from all those porno sites I used to visit back when I used to have an xxx website myself.

Btw, the later suggestion is not recommended actually. All it does is add fuel to the fire. I just had to post it because it's fun sometimes to dream about revenge... ;)


Oh... one last thing. Try this one... Don't ban him yet. Capture a significant amount of his ip logins and posts, then report them all to his isp all at once. That will more likely get his account canned than if you simply capture a couple of ip sessions and report only those.

The problem with the 'threat of legal action' and the 'report to ISP' is that you run the risk of escalating the problem.

I've seen it on newsgroups. Some of these idiots get chips on their shoulders and don't realize they are the asses. They then may team up with other trolls and then you have an all out war.

If you get their ISP pulled, it doesn't take much to go and get a free ISP. Several for that matter. And you will know have given them a true cause to destroy your site.

That's why I prefer the passive ignoring. I don't like to give these idiots a mission in life.

Recognize that most trolls do it because they love to see their words on the screen. Many go to great lengths in constructing their posts. Here's what we do:
First time: We ban 'em
Second Time: We mass delete their posts. They get a simple email explaining that, while it may have taken them several hours to generate their 96 posts, it took the system 30 seconds to delete every word they ever typed.
This tends to take the wind out of their sails. As has been pointed out, you can't allow them to believe it's become personal. They need to understand that dealing with Trolls is a simple exercize in your normal admin duties.

YMMV
Rich

Sorry I haven't been online to respond. I do really appreciate all the suggestions since it definately alleviates the task of me banning users (and coding that ban myself)

Here's a bit of background on the types of people I'm dealing with:
a) They're younger than 20
b) They have either a working knowledge or a very good knowledge of bypassing the ip checker. In a sense ip checkers are usually useless because they know how to spoof
c) They have a lot of time on their hands and are not afraid to use that time to look up ways of diggiing up user passwords, guessing at admin passwords, and trying to find out from hacking sites how to reap havoc.
d) They are very childish and will not stop until they have it their way. Reporting them to the isps might cause a little monster unless the parents give them the whack on the butt they deserve.

Psauter: That's a really neat idea although I have tried it before. Doesn't work. These little buggers don't care about bluffs unless mr. ISP tells mommy what naughty tommy has done.

jordantlclive: Yea it is a good idea but like you addressed it is out of range. I would only go so far for those people who ask to commission art and web design graphics from me. It is also unfair to those children who are good and behave themselves more maturely than most coworkers I know!

Skeptical: lol! That's a cute method of pissing someone off. But of course like you said, children have tantrums and script kiddies can cause a lot of mayhem if they are mad, bored and have oodles of time. (all 3 can apply very easily)

TotalBS: That is very very true. I may consider putting forth extra effort to do a site wide ignore and also try to nullify his posts after a certain amount of time. (like maybe a month?)

TheFiringLine.com: LOL! That's a great plan although like TBS said I think it might add a lot of fuel to the fire. I think what I should do is this.

Let the little flamer post and not know all his/her posts are being ignored by the system. After a day or two, inform him/her that his posts were being ignored for a given reason and that they will only be viewable if he/she accepts to behave. A new thread will be created saying he apologizes to the forum with a given reason and hopefully s/he understands what was happening.
Hopefully life will be good after that and if he/she actually does not behave thereafter I will increase the ignoring to one week, and then two weeks both implementing the same e-mail tactic. After that if there is NO improvement then a permanent ignore will take place and the poster will not know whether or not anyone can see his/her threads. All in all a user has to go through a LOT of trouble to annoy the heck out of people. That...my friends is exactly what I want! :)

Hi Sonnet,

I'm the author of the KillFile hack for vB. I have to deal with trolls and malcontents all the time and my users really dig the KillFile-- not only for the actual ignore process, but for the threat it makes to the trolls' livelihood. If no one is reading their trash, what's the point of posting?

I'm also a fan of mass pruning the messages to make their work worthless when they go on a turbo spree.. recently I've also had to try a site-wide ignore. I ran a query to add this user's handle to everyone's ignore list-- so effectively he got a reverse ban. Only those who chose to take him off ignore would have to read his filth.

Next version of KillFile will integrate with showthread so their messages don't even show up on the list-- unfortunately it will be an option since it will add a query to the process. This update won't be in progress until 2.0 of course, no reason to hack the old code.

I like your other ideas on banning, very innovative.. unfortunately you are right, it is tough to be effective. Luckily my latest troll is not computer savvy at all and doesn't even know about proxies (shhhhh). I had him baffled for a week because he didn't know about cookies and I put an if/exception in the code that prevented him from logging out to create a new handle. Now I get up in the morning with him, prune his posts, ban his username (he has his own accessgroup- Suckers- so I don't have to actually delete his user), and wait for him to catch the bus to school. No harm done, the users hardly know he was around, and soon enough he will get bored of the game.

what about banning his whole region?

like his ip is:

192.168.0.1 (standard windows, i know, but i hurt no ppl now...)

then ban this: 192.168.0
or ban this: 192.168

When you download a shareware program, that ends after x days, and you try to install it again, it doesn't let you do it.
How do they do? Is there a way to make the same with banned users in vB?

Originally posted by julius
When you download a shareware program, that ends after x days, and you try to install it again, it doesn't let you do it.
How do they do? Is there a way to make the same with banned users in vB?

they save the info in the registry mostly...

Instead of banning the user, a query could be written to add the user to everyone IGNORE list. That would be hot....I might have to do that tonight.

I would do something like so:

In vb I have a group for idiot users and note the group. My idiot / abusive user group is 27.

Then I'd do a query like so: (NOTE THIS QUERY DOES NOT WORK!)

UPDATE user SET ignorelist= ignorelist + " usertobebannedID" WHERE usergroupid NOT IN ("27", "6", "26")

6 - Administrators
26 - Moderators

add the other groups that need to see them.

I set it up like that because other "ignored users" would say "Hey, I can't see your post." So if you set it up so all the idiots can see each other, they'll never be the wiser.

If someone could fix up the first part of my query, it would be cool.

Just an idea -

when you ban someone, the next (and hopefully last) time they visit your forum, vB realises they have been put on the banned list and pops up "you have been banned." BUT it also pops a persistant cookie onto their box which is read by your forum every time they attempt to come back - regardless of their new email address or nick.

Sure its not hack-proof but as most people tend to stick primarily to one PC, it would make life annoying for them. Until they found and wiped the cookie obviously...

This is something that we have had great difficulties with on our forum. A user persisitantly registered under new aliases after he was first banned. He made threats to moderators...which became very serious, registered abusive usernames - all sorts. We spent a very long time trying to think of solutions, but nothing seemed to work. Many of his email addresses were hotmail accounts - we went to hotmail with emails that he had sent out to various people, containing threats etc. - gave them the full headers with times/ip addresses etc - they did nothing. We then moved on to his ISP, BT Internet. Did the same again, gave them all the information they could need....they did nothing. Next stop was for the individual who had been on the receiving end of most of the abuse, and had kept a record of the majority of it, to go to the police. At first they were sympathetic, and said they were treating it very seriously - we were even able to give them the address of this user, and they said they would be in contact with the relevant force elsewhere in the country, and that he would be paid a visit. In the end...you guessed it, they did nothing.

We *seem* now to have persuaded this user to stay away, as he knows that we are watching his every move, but basically, there is nothing that can be done. If someone wants to cause problems, they can. We can only hope things change in the future, but at the moment, that's the way it is!

I noticed on sites like HardForum.com, they don't allow the users to register with hotmail or yahoo account.

ah can you ban emails like that in vb, I mean I know you can ban specific ones, can you do *.*@hotmail.com etc. I have not tried it, but it could be handy.

Originally posted by Fatty_Bolger
ah can you ban emails like that in vb, I mean I know you can ban specific ones, can you do *.*@hotmail.com etc. I have not tried it, but it could be handy.
Yep you can: admin cp/vb settings/Ban Users and read explanations under the box :)

Just a thought, the best way to do it would probably be to have a secret ignore.

To everyone else, the abuser's posts are invisible, but to the abuser, they appear. That way he thinks his posts are there, to everyone else, they aren't.

He thinks he's being ignored and moves on.

The only draw back is that if he logged out, his posts would dissapear and he might notice.

Still, worth a thought?

There is a hack that allows you to secretly ban a user. Do a search for it.