Taking care of pests

[saeedh]

Hi, did a search on the mods available as well as threads but the search didn't come up with any good results, so hopefully this isn't a repeat and if it is, a nudge in the right direction will help.

The question is pretty simple and pertains to a problem some may have experienced. There's a user that is of concern and banning has resulted in 10 different accounts spawned over time by the individual as he has a dynamic ip address and manages to root his way back.

So I was wondering if there'd be a way of banning by a wildcard hostname filter, or if that would be too server intensive, then the more preferable solution of just having a requirement for manual validation by administration of users that would be listed belonging to some hostname range for example.

Any other ideas are welcome too.

[x9x6]

hate these pplz

when a member register to your forum, shall he/she verify his account by mail ?

if the answer yes I will make the verify account by mail and admin too for temporary like about 1 week or 2.

--------------- Added [DATE]1236021734[/DATE] at [TIME]1236021734[/TIME] ---------------

btw don't forget to enable the human verified actions

[pattycake]

cookies my friend... he will get on once with his new name then..., never again.

No exact code because I am new to VB and havent' examined the code yet but.... here is the "english" version.

in index.php, first check if usergroup is "banned" group.

if usergroup is banned, add the code to place a "non descriptive" cookie on his pc.
don't use words like "banned" in your cookie ... use something non-descriptive - i use a weird number for the cookie name and the cookie value.

also: do not use the vb_setcookie because it gets cleared out when the user logs off - use normal cookie functions.

Ok, at top of index.php, create code to look for that cookie.

if cookie found, you can do several things...
1. redirect to someplace like google or some porn site.
2. have the system send you an email telling you that a banned user just tried to get on with a username of and an ip address of xxxxxx
3. you can also let him on, but set him where he cannot view the forums, or cannot post - this frustrates the crap out of them

here's the scenario.
1. he gets on with new username - he is not yet banned, so index will let him in.

2. you see him (or see his "work", wait for him to log off then set him to banned. You can get the "logoff user mod" that I've seen floating around - it works great.

3. warning: don't set him to banned while he's on or he'll know you found him... wait for him to log off then ban him or, use the loggoff user mod that is floating around and then ban him.

4. not suspecting anything, he will log in again with the newly banned username and thats when your index will see that he is banned, and set the banned cookie, and since he is already banned, the system will not let him in.

5. he'll then know that you spotted him again and he'll again, sign up with a different user name but as soon as index is run, it will see the previously set banned cookie, and then you do what you want with him...

sooner or later, if he's smart, he will clear out his cookies and then you gotta start over but, I've been using this for years at my forum and no one has been the smarter yet

Understand??



-pat-

--------------- Added [DATE]1236054470[/DATE] at [TIME]1236054470[/TIME] ---------------

here is my old code from my old forum... it lets the guy on but writes out his new info to a log file that I can watch. It writes his banned name, and his new name.
You'll need to change the code so it reads VB usergroupid

In my forum a banned group=groupid=5

Code:

// check for cookie - not forum cookies, these are my own
$da_bmgroup = intval($std->my_getcookie('bmgroup'));
$da_bmname = $std->my_getcookie('bmname');
$da_mgroup   = $ibforums->member['mgroup'];
$da_member=$ibforums->member['name'];

// default write to a log = Y
$write_to_log = 1;

// don't log guests
if ($da_member == 'user name' | $da_member == 'Guest') {
	$write_to_log = 0;
}

if ($da_bmname == 'user name' | $da_member == 'Guest') {
	$write_to_log = 0;
}

// heres where I check for a previously banned user
if (($da_bmgroup == '5') && ($write_to_log==1) ){
		$da_member=$ibforums->member['name'];
		$dtime = date('r');

		$logline = $dtime . "|" . $da_member .'|' . $da_mgroup . '|' . $da_bmgroup . "|". $da_bmname . "\n";

		$logfile='/var/www/html/forum/bb.log';

		 if (!$handle = fopen($logfile, 'a+')) {
			 //die('Failed to open log file');
		 }

		 if (fwrite($handle, $logline) === FALSE) {
		 	 //die('Failed to write to log file');
		 }
	 fclose($handle);
	}

// and just to be safe, I set his new username to banned too
if (($da_mgroup == '5') && ($write_to_log==1)) {
	$std->my_setcookie("bmgroup", 5, 1);
	$std->my_setcookie("bmname",$da_member , 1);
	$da_member=$ibforums->member['name'];
	$dtime = date('r');

	$logline = $dtime . "|" . $da_member.'|'.$da_mgroup . '|' . "WROTE NEW"  . "\n";

	$logfile='/var/www/html/forum/bb.log';

	 if (!$handle = fopen($logfile, 'a+')) {
		 //die('Failed to open log file');
	 }

	 if (fwrite($handle, $logline) === FALSE) {
		 //die('Failed to write to log file');
	 }
	 fclose($handle);
}

confused???

.

[saeedh]

Thanks for the replies pattycake & x9x6. I should have been a bit more specific. The forum gets about 20k+ impressions a day and enough user registrations that administration can't keep up with for a sake of tracking. Tracking is still useless for an individual of the sort, and maybe a little history would help:

- He was banned
- He made another account and banned and the process repeated a couple of times
- He understood that people figure out who he is easily so got impatient and opened a new forum of his own and got users to go etc, which I didn't care
- The idea of his didn't work out as the major female user base didn't bother going over
- He's returned and keeps making new accounts.

The guy knows the technical side of matters enough to deal with the aspects like cookies for tracking and so on and I don't care to get in any arms races. Some of the complaints are rather scary so I would like to just be rid of most of the problem by banning a large demographic which I don't care for.

The ban would be ideal (thus depending on hostname) or otherwise a more preferable method of being able to define the register.php to do a hostname lookup of those registering before running table queries and place the user of question in a specific bin. That way I can go ahead and be better off too. This is concerning a freak that I wouldn't be surprised to know is searching google to find ways to keep doing what he's doing. I'd like to take the technical steps before the few abuse departments respond and I'm resorted to take further action in terms of ensuring service providers or where ever he gets access to the service from enforces their TOS clauses concerning online harassment and so on.

I can code but I'd have assumed that there would already be a chunk of code that would not make me read through the vb db structure and code for the registration process to make the hack. (But thanks pattycake for the IB tidbit, it may come in handy)

[Marco van Herwaarden]

If he has a dynamic IP, then he also has a dynamic hostname, so not really usefull. Try putting him in Coventry.

[saeedh]

Quote:

Originally Posted by Marco van Herwaarden

If he has a dynamic IP, then he also has a dynamic hostname, so not really usefull. Try putting him in Coventry.

Coventry?

And as I mentioned, I'm willing to remove the chunk that would be common.

host*******.xyz.domain.com

So basically as the filters for ip bans operate with #.# or #.#* banning anything matching the first 2 octets but in this case *.xyz.domain.com resulting in all hosts for that section removed / placed in a user group bin of choice.

This doesn't have to be a ban process, but if I could just do a reverse checkup of *.xyz.domain.com to see what users are using it, then that could be useful too. Basically the idea in question is having the same capacity as is possible with IP addresses, rather with hostnames in some reasonable way that every other good page impression isn't delayed because of reverse lookups.

[Marco van Herwaarden]

Then why not just block the whole IP-range his provider is using?

[saeedh]

Quote:

Originally Posted by Marco van Herwaarden

Then why not just block the whole IP-range his provider is using?

Because it's one of those providers that subleases a block from a larger ISP but even then, I'm not sure how one can find out the full range without blatantly asking the provider which won't go too far either.