Track Multiples

I'm in the middle of making this and could use some feedback. this isn't finished so if you aren't able to do some work on your own, skip this one for now.

I've gotten discouraged trying to ban members. ips can be faked, cookies can be cleared, and free email accounts are abundant. How are you suppossed to actually ban people? Ok so, VB has the option to not allow people to register twice. It will take them all of 5 minutes to realize they just need to clear their cookie and boom they are right back in. I can't ban by ip, because I have a bunch of AOL users and they all use the same ips. The only way to ban 1 AOLer is to ban them all and the jerk could still go and fake an ip to get back in. Ban 1 account and they have 3 on standby. If you just go by ip addresses, you might ban the inoccent. It's a huge headache

I have a new plan. I'll make it easy for them to sign up for multiples, then I'll silently keep track of who they are. That's right, instead of guessing who is who, I'll let them identify themsleves. Then when I need to delete an account, I can delete them all without the guesswork.

The way I'm doing it is by making it so you can login without loggin out. Essentually ditching the logout link all together. then changing the logged in templates to the logged out ones (username and password fields are always present instead of your username with the logout link) This way, they might enter their other account info without clearing their cookies first

then when someone goes to register or login, I check to see if they are somebody else. If they are, the userid is quietly listed in their profile.

after people start logging into their multiple accounts, we should start seeing a comma seperated list of userids that that person was before loggin into the current account.

I need a little help testing it out. Once I get this working correctly, I'll use the "search for more users with this ip" feature of VB to build a alias CP so it's easy to search for peoples alias's.


Please send me your ideas and comments. I want to make this as powerful as possible.

[James Cridland]

The way I got round this is by using another hack in here to moderate users.

That way, if somebody signs up, every post is moderated until we're happy with them. Then, they're free to post immediately.

With this, and a realisation that most users, even when signing up yet again, use the same password (dur!), we've completely eradicated those that want to cause trouble. Those that sneak back in again and behave... well, they're no problem any more.

[Mutt]

OK, the trial and error is over and I've written some directions. I went thru and cleaned up the mess I made in this thread.

As far as I can see. this thing works.

there is a new field to the user table and a comma seperated list of alais user ids are stored there. you can add ids that you already know about or you can just let the site find the multiples for you. I edited admin/user.php so you can search for and edit alias'.

when a member registers or logs on, the system will look for an existing cookie to see if this user has an alias. it will then check the sessions table to any other userid with the same ip as this member. (though members may legitimatly post under the same ip over time the odds of a member coming to your site then disconnecting from the web, another member from that area signs on right afterwards and is assigned the same ip, then comes to the site before sessions has cleared the first user are a zillion to one)

shouldn't add much of anything to the system. it only does anything while someone is loggin on.

What I'm not sure about

I'm adding a new cookie that doesn't get cleared when loggin out and then looking for that. that way even if they hit the logout link, I should be ok. someone would have to go into their system and delete the site cookie file and wait for sessions to clear them everytime they change names to never get caught.

I just adding checks to newreply.php and newthread.php

please post any ideas or similar hacks used to ban / keep out +++++++s

[Mutt]

just checked out firefly's hack installer. very cool.

I'll be sure to update this for that once I get some feedback

[Remi]

This is exactly what I need

Do you think it is safe to install it on my main forum without waiting for this cookie issue :nervous:

Thanks

[Mutt]

the cookie issue isn't a problem. I've been running it error free. the only thing I'm not sure about with the bummy cookie, is wether it actually works or not. if it doesn't work, it won't hurt anything. it's just a 3rd way to try and catch them.

[Remi]

I will install it tonight, Please update me if you find any serious problem with this.

I can't wait for the full release of this hack

Thanks

[Remi]

Hi Mutt

I have a small question

Most of my visitors are comming from behind a proxy.

Does this hack differentiate between them?.

Also if someone enter my site from an internet cafee, would he be able to log of.

If he could not log of completely someone else from the same cafee might use his account.

Thank you very much in advance.

[Mutt]

this hack doesn't effect logging on or off. it only watches when people do. they should be able to log off with no problem.

I don't really know anything about proxies so I'm not sure how it would handle it. I'm assuming it wouldn't matter but I gues I shoudl look into it.

This things seems to be working fine. Would love some more feedback or ideas on how to improve it.

[Remi]

OK Mut Finall question I promiss

I realy love this hack but I just want to be clear of one thing.

If someone post a post from an internet cafee and then clicke "log out" button, can't someone else frome the same cafee will be able to use his accout without a password.

Quote:

Originally posted by Mutt

I'm doing it is by making it so you can login without loggin out. Essentually ditching the logout link all together. then changing the logged in templates to the logged out ones (username and password fields are always present instead of your username with the logout link) This way, they might enter their other account info without clearing their cookies first

Thanks