Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Member Archives

Reply
 
Thread Tools
Details »»

Version: , by (Guest)
Developer Last Online: Jan 1970 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 10-17-2000 Last Update: Never Installs: 0
 
No support by the author.

If you've been admining a VB or any forum for that matter you know what I mean.

I've been toiling all this time trying to get a way to ban a user but time and time again I come he pops back with new ip address and handle leading me to the conclusion that it's difficult if not impossible to completely ban a user without resorting to a site wide registration ban.

That is why I want to implement a system that used a socket connect to connect to the user's "apparant" ip to send a confirmation address through a sort of Java chat window. This way if the user is using a proxy or spoofing technique he will never get the message since the second server to client request is made on ipaddress and port alone. Apparently though, even through a non-applet program it is only possible to send messages back on a connection made by the client and it is not possible to achieve the existing connection's port number and spawn a different process based on ip address and port, alone. Not to mention if I do manage to get the port number and ip address it just might happen to route the information back to the spoofer's computer since the client is listening on that port. Is there another way to send a "message" to a specific ip address without getting into legal trouble and foil the hacker at the same time???

I thought of a second implementation through Java by trying to determine the user's non spoofed ip address (or through the proxy) by downloading one of the scripts I found online that claimed to be legit . I doubt however it was 100% successful since none of the legit ones are. and of course I'm not going to even try the illegal software though I know there is a plethora out there (ie, programs to find free ports, etc etc)

Thirdly I thought of only allowing certified e-mail addresses from an ISP, such as aol, but collecting such a list would be a nightmare... I've looked already and I've only covered a tiny percentage of possible ISPs out there. It would be good, however since it would effectively block out anyone who didn't want to reveal their ISP.

Lastly I thought of doing something fancy with cookies by not only making them a neccesity but to also make it so that any attempt to delete them would block the registration and force you to contact the administrator. Harsh I know but I know even more people who would do this for a malicious purpose than do it by a mistake. It's still not fail proof unfortunately. And even if used with the the other java method, it still eeks out the REALLY computer savvy individuals. Tripled with the e-mail address ban it's effective but may bar TOO much.

Sigh...I'm willing to try anything at this point to stop an abusive user but right now I feel as though I'm out of real world options and that mycurrent options will be extremely inconvenient and not all that fail proof.

I have nothing against anonymity as long as the sufer is not abusing it. But in so many cases,this is exactly what happens.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 11-05-2000, 11:47 AM
Guest
 
Posts: n/a
Default

Recognize that most trolls do it because they love to see their words on the screen. Many go to great lengths in constructing their posts. Here's what we do:
First time: We ban 'em
Second Time: We mass delete their posts. They get a simple email explaining that, while it may have taken them several hours to generate their 96 posts, it took the system 30 seconds to delete every word they ever typed.
This tends to take the wind out of their sails. As has been pointed out, you can't allow them to believe it's become personal. They need to understand that dealing with Trolls is a simple exercize in your normal admin duties.

YMMV
Rich
Reply With Quote
  #13  
Old 11-10-2000, 09:04 PM
Guest
 
Posts: n/a
Default

Sorry I haven't been online to respond. I do really appreciate all the suggestions since it definately alleviates the task of me banning users (and coding that ban myself)

Here's a bit of background on the types of people I'm dealing with:
a) They're younger than 20
b) They have either a working knowledge or a very good knowledge of bypassing the ip checker. In a sense ip checkers are usually useless because they know how to spoof
c) They have a lot of time on their hands and are not afraid to use that time to look up ways of diggiing up user passwords, guessing at admin passwords, and trying to find out from hacking sites how to reap havoc.
d) They are very childish and will not stop until they have it their way. Reporting them to the isps might cause a little monster unless the parents give them the whack on the butt they deserve.

Psauter: That's a really neat idea although I have tried it before. Doesn't work. These little buggers don't care about bluffs unless mr. ISP tells mommy what naughty tommy has done.

jordantlclive: Yea it is a good idea but like you addressed it is out of range. I would only go so far for those people who ask to commission art and web design graphics from me. It is also unfair to those children who are good and behave themselves more maturely than most coworkers I know!

Skeptical: lol! That's a cute method of pissing someone off. But of course like you said, children have tantrums and script kiddies can cause a lot of mayhem if they are mad, bored and have oodles of time. (all 3 can apply very easily)

TotalBS: That is very very true. I may consider putting forth extra effort to do a site wide ignore and also try to nullify his posts after a certain amount of time. (like maybe a month?)

TheFiringLine.com: LOL! That's a great plan although like TBS said I think it might add a lot of fuel to the fire. I think what I should do is this.

Let the little flamer post and not know all his/her posts are being ignored by the system. After a day or two, inform him/her that his posts were being ignored for a given reason and that they will only be viewable if he/she accepts to behave. A new thread will be created saying he apologizes to the forum with a given reason and hopefully s/he understands what was happening.
Hopefully life will be good after that and if he/she actually does not behave thereafter I will increase the ignoring to one week, and then two weeks both implementing the same e-mail tactic. After that if there is NO improvement then a permanent ignore will take place and the poster will not know whether or not anyone can see his/her threads. All in all a user has to go through a LOT of trouble to annoy the heck out of people. That...my friends is exactly what I want!
Reply With Quote
  #14  
Old 11-14-2000, 03:07 PM
Guest
 
Posts: n/a
Default

Hi Sonnet,

I'm the author of the KillFile hack for vB. I have to deal with trolls and malcontents all the time and my users really dig the KillFile-- not only for the actual ignore process, but for the threat it makes to the trolls' livelihood. If no one is reading their trash, what's the point of posting?

I'm also a fan of mass pruning the messages to make their work worthless when they go on a turbo spree.. recently I've also had to try a site-wide ignore. I ran a query to add this user's handle to everyone's ignore list-- so effectively he got a reverse ban. Only those who chose to take him off ignore would have to read his filth.

Next version of KillFile will integrate with showthread so their messages don't even show up on the list-- unfortunately it will be an option since it will add a query to the process. This update won't be in progress until 2.0 of course, no reason to hack the old code.

I like your other ideas on banning, very innovative.. unfortunately you are right, it is tough to be effective. Luckily my latest troll is not computer savvy at all and doesn't even know about proxies (shhhhh). I had him baffled for a week because he didn't know about cookies and I put an if/exception in the code that prevented him from logging out to create a new handle. Now I get up in the morning with him, prune his posts, ban his username (he has his own accessgroup- Suckers- so I don't have to actually delete his user), and wait for him to catch the bus to school. No harm done, the users hardly know he was around, and soon enough he will get bored of the game.
Reply With Quote
  #15  
Old 05-03-2001, 11:56 AM
rickjansen105
Guest
 
Posts: n/a
Default

what about banning his whole region?

like his ip is:

192.168.0.1 (standard windows, i know, but i hurt no ppl now...)

then ban this: 192.168.0
or ban this: 192.168
Reply With Quote
  #16  
Old 05-03-2001, 03:04 PM
julius julius is offline
 
Join Date: Nov 2001
Posts: 80
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

When you download a shareware program, that ends after x days, and you try to install it again, it doesn't let you do it.
How do they do? Is there a way to make the same with banned users in vB?
Reply With Quote
  #17  
Old 05-03-2001, 05:00 PM
rickjansen105
Guest
 
Posts: n/a
Default

Quote:
Originally posted by julius
When you download a shareware program, that ends after x days, and you try to install it again, it doesn't let you do it.
How do they do? Is there a way to make the same with banned users in vB?
they save the info in the registry mostly...
Reply With Quote
  #18  
Old 01-31-2002, 11:39 PM
ibeblunt's Avatar
ibeblunt ibeblunt is offline
 
Join Date: Oct 2001
Location: Jersey City, NJ
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Instead of banning the user, a query could be written to add the user to everyone IGNORE list. That would be hot....I might have to do that tonight.
Reply With Quote
  #19  
Old 01-31-2002, 11:42 PM
ibeblunt's Avatar
ibeblunt ibeblunt is offline
 
Join Date: Oct 2001
Location: Jersey City, NJ
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would do something like so:

In vb I have a group for idiot users and note the group. My idiot / abusive user group is 27.

Then I'd do a query like so: (NOTE THIS QUERY DOES NOT WORK!)

UPDATE user SET ignorelist= ignorelist + " usertobebannedID" WHERE usergroupid NOT IN ("27", "6", "26")

6 - Administrators
26 - Moderators

add the other groups that need to see them.

I set it up like that because other "ignored users" would say "Hey, I can't see your post." So if you set it up so all the idiots can see each other, they'll never be the wiser.

If someone could fix up the first part of my query, it would be cool.
Reply With Quote
  #20  
Old 02-01-2002, 08:55 AM
alexp alexp is offline
 
Join Date: Jan 2002
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just an idea -

when you ban someone, the next (and hopefully last) time they visit your forum, vB realises they have been put on the banned list and pops up "you have been banned." BUT it also pops a persistant cookie onto their box which is read by your forum every time they attempt to come back - regardless of their new email address or nick.

Sure its not hack-proof but as most people tend to stick primarily to one PC, it would make life annoying for them. Until they found and wiped the cookie obviously...
Reply With Quote
  #21  
Old 02-01-2002, 08:47 PM
mattl mattl is offline
 
Join Date: Jan 2002
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is something that we have had great difficulties with on our forum. A user persisitantly registered under new aliases after he was first banned. He made threats to moderators...which became very serious, registered abusive usernames - all sorts. We spent a very long time trying to think of solutions, but nothing seemed to work. Many of his email addresses were hotmail accounts - we went to hotmail with emails that he had sent out to various people, containing threats etc. - gave them the full headers with times/ip addresses etc - they did nothing. We then moved on to his ISP, BT Internet. Did the same again, gave them all the information they could need....they did nothing. Next stop was for the individual who had been on the receiving end of most of the abuse, and had kept a record of the majority of it, to go to the police. At first they were sympathetic, and said they were treating it very seriously - we were even able to give them the address of this user, and they said they would be in contact with the relevant force elsewhere in the country, and that he would be paid a visit. In the end...you guessed it, they did nothing.

We *seem* now to have persuaded this user to stay away, as he knows that we are watching his every move, but basically, there is nothing that can be done. If someone wants to cause problems, they can. We can only hope things change in the future, but at the moment, that's the way it is!
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:56 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05261 seconds
  • Memory Usage 2,297KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (5)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_imicons
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete