vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   former banned member revenge! (https://vborg.vbsupport.ru/showthread.php?t=289646)

Midohash 10-25-2012 06:51 PM
former banned member revenge!
 
Dear All,

I would much appreciate your advise regarding an obscene former banned member causing me a persistent headache! Over the past few weeks, he used to register himself in dozens of evil usernames, in attempt from his side to cause as much harm as possible to the forum and its members, as a revenge for being banned previously for his bad manners and misconduct.

Even the fake emails he registers with them contain obscene and evil words!

I made every possible effort to make registration to new members difficult (very difficult indeed) including validation of email addresses, image verification, prevention of evil words in new-user names, ... etc but still evil names appear on who is on line, members log on within 24 hours, welcome new member!

Any suggestions to stop him or even to minimize the upset he causes to the forum or to hide Users Awaiting Email Confirmation and Users Awaiting Moderation from getting displayed on forum statistics?

Many thanks

http://www.almatareed.org/vb/showthr...66#post1244766

kh99 10-25-2012 07:00 PM
If he is using the same ip address, you could block his ip address. Otherwise the only thing I can think of is to moderate new members (Under "User Registration Options", set Moderate New Memebrs" to Yes), but then of course legitimate new members will have to wait to be approved.

Midohash 10-25-2012 07:12 PM
Quote:
Originally Posted by kh99 (Post 2375973)
If he is using the same ip address, you could block his ip address. Otherwise the only thing I can think of is to moderate new members (Under "User Registration Options", set Moderate New Memebrs" to Yes), but then of course legitimate new members will have to wait to be approved.
Thank you for your contribution. I am already moderating all new members since he started to register with evil names! Also his IP is dynamic and NOT static. He has hundreds of IP addresses! ... I have blocked a large number of his IP addresses but he is still able to generate new ones from his provider as well as registering from proxy sites! ... The real problem is that he has a good software background because he is working in the field of IT as far as I know.

ForceHSS 10-25-2012 07:20 PM
talk to your host see if they can help

Midohash 10-25-2012 07:23 PM
Quote:
Originally Posted by ForceHSS (Post 2375977)
talk to your host see if they can help
Thank you. Is it possible if I submit his IP addresses to my host to have him blocked altogether even if his IPs are dynamic?

ForceHSS 10-25-2012 09:25 PM
only your host could answer that. You could also talk to his isp and tell them what he is up to they might close his internet

Midohash 10-25-2012 11:09 PM
Quote:
Originally Posted by ForceHSS (Post 2375992)
only your host could answer that. You could also talk to his isp and tell them what he is up to they might close his internet
Thank you. I sent email to his service provider about 3 weeks ago but received no reply at all from them!

Max Taxable 10-25-2012 11:42 PM
Know what? Study his user agent string. See if there's a commonality in it. There might be some unique item to block using Ban Spiders By User Agent.

Midohash 10-26-2012 06:55 AM
Quote:
Originally Posted by Max Taxable (Post 2376017)
Know what? Study his user agent string. See if there's a commonality in it. There might be some unique item to block using Ban Spiders By User Agent.
Thank you. I know what you mean but how can I apply Ban Spiders Hack on a real user? ... The common user agent thing is the first few digits of his IP address: 41.235.xx.xx. Those in red are changeable. However blocking 41.235 part of the IP will prevent many other innocent users from being able to access my forum!

Max Taxable 10-26-2012 11:36 AM
Quote:
Originally Posted by Midohash (Post 2376071)
Thank you. I know what you mean but how can I apply Ban Spiders Hack on a real user? ... The common user agent thing is the first few digits of his IP address: 41.235.xx.xx. Those in red are changeable. However blocking 41.235 part of the IP will prevent many other innocent users from being able to access my forum!
USER AGENT, not IP.

Find the user agent in online.php, options at bottom of page, "User Agent" make YES,

You have to do this while he is online to capture this information.

It will look something like this:

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

User Agent tells you what browser, operating system, etc the user or visitor has.

Midohash 10-26-2012 01:17 PM
Quote:
Originally Posted by Max Taxable (Post 2376104)
USER AGENT, not IP.

Find the user agent in online.php, options at bottom of page, "User Agent" make YES,

You have to do this while he is online to capture this information.

It will look something like this:

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

User Agent tells you what browser, operating system, etc the user or visitor has.
Thank you for this piece of invaluable information :up: ... I'll try doing that. I guess after getting such information is to include the whole example line in Ban Spiders By User Agent hack. Have I understand it right?

--------------- Added [DATE]1351265371[/DATE] at [TIME]1351265371[/TIME] ---------------

Quote:
Originally Posted by Midohash (Post 2376113)
Thank you for this piece of invaluable information :up: ... I'll try doing that. I guess after getting such information is to include the whole example line in Ban Spiders By User Agent hack. Have I understand it right?
sorry, forgot to ask about online.php ... is it in templates or mysql table?

vijayninel 10-26-2012 01:31 PM
Are you using the AE detector yet ?

Midohash 10-26-2012 01:41 PM
Quote:
Originally Posted by vijayninel (Post 2376115)
Are you using the AE detector yet ?
I have never heard about it and don't know what is it for? ... would appreciate some more information please


--------------- Added [DATE]1351266919[/DATE] at [TIME]1351266919[/TIME] ---------------

Quote:
Originally Posted by vijayninel (Post 2376115)
Are you using the AE detector yet ?
I use a hack which informs me by a pm if 2 accounts are logging on through the same computer. I don't know if AE detector is an alternative name to this product or a different one?

Max Taxable 10-26-2012 02:08 PM
Quote:
Originally Posted by Midohash (Post 2376113)
Thank you for this piece of invaluable information :up: ... I'll try doing that. I guess after getting such information is to include the whole example line in Ban Spiders By User Agent hack. Have I understand it right?
NO. many people have alot of the same stuff in their UA strings. You would be blocking access to 100s of millions of people if for example, you put just "Mozilla" or "Windows" or "Apple" in the ban list. You are looking for something that is unusual or unique in the string, for the one guy who is giving you the problems.
Quote:
sorry, forgot to ask about online.php ... is it in templates or mysql table?
It's a page on your forum, online.php. It's accessed via the "quick links" dropdown, and the options are at the bottom of the page after it loads. "Who's Online."

Midohash 10-26-2012 03:02 PM
Quote:
Originally Posted by Max Taxable (Post 2376121)
NO. many people have alot of the same stuff in their UA strings. You would be blocking access to 100s of millions of people if for example, you put just "Mozilla" or "Windows" or "Apple" in the ban list. You are looking for something that is unusual or unique in the string, for the one guy who is giving you the problems.It's a page on your forum, online.php. It's accessed via the "quick links" dropdown, and the options are at the bottom of the page after it loads. "Who's Online."
Thanks a lot Max Taxable ... I got your point ... I hope I'll find something unique for him ... May I ask please, if I find something unique for him e.g. BOIE9 or ENXA, should I put the word as it is in Ban Spiders By User Agent or there is a special format?

Max Taxable 10-26-2012 06:18 PM
Quote:
Originally Posted by Midohash (Post 2376125)
Thanks a lot Max Taxable ... I got your point ... I hope I'll find something unique for him ... May I ask please, if I find something unique for him e.g. BOIE9 or ENXA, should I put the word as it is in Ban Spiders By User Agent or there is a special format?
Yes, put just the unique part of the string in as a separate line in BSBUA.

Midohash 10-26-2012 08:11 PM
Quote:
Originally Posted by Max Taxable (Post 2376158)
Yes, put just the unique part of the string in as a separate line in BSBUA.
Many thanks, I hope it will work with that evil guy!

Max Taxable 10-26-2012 08:14 PM
Quote:
Originally Posted by Midohash (Post 2376171)
Many thanks, I hope it will work with that evil guy!
He's lucky it's not my board he keeps coming back to.

Midohash 10-27-2012 01:40 PM
Quote:
Originally Posted by Max Taxable (Post 2376174)
He's lucky it's not my board he keeps coming back to.
I am pretty sure you will change your mind :D ... Is it possible to use the following in Ban Spiders By User Agent:

(Windows NT 6.0; rv:16.0)

I mean to paste it exactly like that or I have to do some modification? ... Also can it blocks other innocent users?

Many thanks

Max Taxable 10-27-2012 01:43 PM
Quote:
Originally Posted by Midohash (Post 2376288)
Is it possible to use the following in Ban Spiders By User Agent:

(Windows NT 6.0; rv:16.0)

I mean to paste it exactly like that or I have to do some modification? ... Also can it blocks other innocent users?

Many thanks
That would block hundreds of millions of innocent people. Don't do it.

If you have his user agent string, paste it here for me to look at if you don't mind?

And no, I would not change my mind. HE would be getting a new computer after he put the fire out.

Midohash 10-27-2012 02:06 PM
Quote:
Originally Posted by Max Taxable (Post 2376289)
That would block hundreds of millions of innocent people. Don't do it.

If you have his user agent string, paste it here for me to look at if you don't mind?

And no, I would not change my mind. HE would be getting a new computer after he put the fire out.
I will definitely do, I am keep watching now. Thanks a lot for your continuous advise and support :up: ... Is there any way to redirect him once he registers again to a malicious site to infect his PC? :D ... The idea jumped to my mind when you wrote this phrase:

HE would be getting a new computer after he put the fire out.

vijayninel 10-27-2012 02:27 PM
Quote:
Originally Posted by Midohash (Post 2376117)
I have never heard about it and don't know what is it for? ... would appreciate some more information please

I use a hack which informs me by a pm if 2 accounts are logging on through the same computer. I don't know if AE detector is an alternative name to this product or a different one?
That might be it. this is the one actually https://vborg.vbsupport.ru/showthread.php?t=183268

Use it to detect multiple accounts and then put them on global ignore using the "tachy goes coventry" from user banning options. Dont ban them - always put on ignore. If you ban them then they will just keep coming back.

Max Taxable 10-27-2012 02:28 PM
Quote:
Originally Posted by Midohash (Post 2376295)
I will definitely do, I am keep watching now. Thanks a lot for your continuous advise and support :up: ... Is there any way to redirect him once he registers again to a malicious site to infect his PC? :D ... The idea jumped to my mind when you wrote this phrase:

HE would be getting a new computer after he put the fire out.
I wouldn't recommend any of that. However, back in my botnet fighting days I wasn't above going into the zombie computers through their modem and frying their processor by grossly overclocking it. That's what I was referencing. Those computers were wet paper sacks for security, that's why they were botnet zombies to start with.

--------------- Added [DATE]1351355389[/DATE] at [TIME]1351355389[/TIME] ---------------

Quote:
Originally Posted by vijayninel (Post 2376301)
That might be it. this is the one actually https://vborg.vbsupport.ru/showthread.php?t=183268

Use it to detect multiple accounts and then put them on global ignore using the "tachy goes coventry" from user banning options. Dont ban them - always put on ignore. If you ban them then they will just keep coming back.
The only problem with Tachy is, if they log out they can see their posts aren't posting.

vijayninel 10-27-2012 02:35 PM
Quote:
Originally Posted by Max Taxable (Post 2376302)
The only problem with Tachy is, if they log out they can see their posts aren't posting.
Yes. If they realise that then they will create another account. So you have to repeat the process again. The thing is that if they have to keep checking it takes the fun out of trolling and ultimately they give up.

I have worn out several determined trolls this way. Trust me - banning doesnt work. Put them on global ignore and wear them out.

Max Taxable 10-27-2012 02:45 PM
Quote:
Originally Posted by vijayninel (Post 2376304)
Yes. If they realise that then they will create another account. So you have to repeat the process again. The thing is that if they have to keep checking it takes the fun out of trolling and ultimately they give up.

I have worn out several determined trolls this way. Trust me - banning doesnt work. Put them on global ignore and wear them out.
That is one of my techniques. I've never banned any account, letting them know they are banned only encourages more of the same, I agree.



To the OP: To REALLY freak your guy out, unban his account, assign it a password only you know, and start posting with it. Have him looking for homosexual hookups, etc.

Midohash 10-27-2012 03:41 PM
Quote:
Originally Posted by vijayninel (Post 2376301)
That might be it. this is the one actually https://vborg.vbsupport.ru/showthread.php?t=183268

Use it to detect multiple accounts and then put them on global ignore using the "tachy goes coventry" from user banning options. Dont ban them - always put on ignore. If you ban them then they will just keep coming back.
Quote:
Originally Posted by Max Taxable (Post 2376302)
I wouldn't recommend any of that. However, back in my botnet fighting days I wasn't above going into the zombie computers through their modem and frying their processor by grossly overclocking it. That's what I was referencing. Those computers were wet paper sacks for security, that's why they were botnet zombies to start with.

--------------- Added [DATE]1351355389[/DATE] at [TIME]1351355389[/TIME] ---------------

The only problem with Tachy is, if they log out they can see their posts aren't posting.
Thanks a lot vijayninel and Max Taxable. I found that I have the same hack recognizing multiple accounts but was installed in a different name in Arabic translation version. However the hack was not effective with that evil guy at all! He registers many times a day and the hack has never caught him even once! :D ... As mentioned before he has a sound background in IT technology and software for my hard luck :( ... Most of his registrations are with fake emails which he is unable to verify of course! ... His main aim is to display dozens of obscene and evil usernames on (who is on line) and other forum statistics! ... I have tried several options including:

* Helding registration to new members, however re-enabled it after a couple of days!
* Made forum statistics invisible to all groups expect group 6 (Admins) which is me :D, However forum members requested re-enabling them again after several days in spite of explaining to them my reasons!

Is there anyway to allow forum statistics and at the same time to Prevent Users awaiting Email confirmation and awaiting Moderation from getting displayed on them! :confused:

vijayninel 10-27-2012 04:42 PM
Quote:
Originally Posted by Midohash (Post 2376334)
Most of his registrations are with fake emails which he is unable to verify of course! ... His main aim is to display dozens of obscene and evil usernames on (who is on line) and other forum statistics! ... I have tried several options including:

* Helding registration to new members, however re-enabled it after a couple of days!
* Made forum statistics invisible to all groups expect group 6 (Admins) which is me :D, However forum members requested re-enabling them again after several days in spite of explaining to them my reasons!

Is there anyway to allow forum statistics and at the same time to Prevent Users awaiting Email confirmation and awaiting Moderation from getting displayed on them! :confused:
I think users awaiting confirmation arent shown on Who's online. Check if the usergroup id is listed in forum.php. Usually the usergroup id of Users Awaiting Email Confirmation is 3 it may be different on your forum. If it is then add that number to the skipgroups array in forum.php like 3,4,5 etc.

PHP Code:
$skipgroups = array(3,4); 

Also set your usergroup permissions so that Users Awaiting Email Confirmation cant post on the forums.

Midohash 10-27-2012 05:56 PM
Quote:
Originally Posted by vijayninel (Post 2376353)
I think users awaiting confirmation arent shown on Who's online. Check if the usergroup id is listed in forum.php. Usually the usergroup id of Users Awaiting Email Confirmation is 3 it may be different on your forum. If it is then add that number to the skipgroups array in forum.php like 3,4,5 etc.

PHP Code:
$skipgroups = array(3,4); 

Also set your usergroup permissions so that Users Awaiting Email Confirmation cant post on the forums.
I have tried all those precautions but still users awaiting email confirmation (group ID =3) appear on forum statistics including those on line. However they couldn't post

--------------- Added [DATE]1351426823[/DATE] at [TIME]1351426823[/TIME] ---------------

The evil guy user agent looks like that:

Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20100101 Firefox/16.0

Any suggestions?

--------------- Added [DATE]1351428441[/DATE] at [TIME]1351428441[/TIME] ---------------

This is the full user agent of the evil guy:

Quote:
"
host-41.235.34.232.tedata.net - - [27/Oct/2012:19:38:43 -0500] "GET /favicon.ico HTTP/1.1" 200 491 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20100101 Firefox/16.0"
host-41.235.34.232.tedata.net - - [27/Oct/2012:19:38:44 -0500] "GET /vb/ HTTP/1.1" 200 25587 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/20100101 Firefox/16.0"
Can I use something like that: HTTP/1.1 in ban spiders by user agent?

Midohash 10-28-2012 11:35 PM
Just to let you know that the evil obscene guy I am talking about him has registered here today with my real name (mohamed hashesh) to continue his disgraceful and obscene behaviour!


All times are GMT. The time now is 08:29 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02392 seconds
  • Memory Usage 1,847KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (28)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (29)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete