Banning Abusive Users once and for all

If you've been admining a VB or any forum for that matter you know what I mean.

I've been toiling all this time trying to get a way to ban a user but time and time again I come he pops back with new ip address and handle leading me to the conclusion that it's difficult if not impossible to completely ban a user without resorting to a site wide registration ban.

That is why I want to implement a system that used a socket connect to connect to the user's "apparant" ip to send a confirmation address through a sort of Java chat window. This way if the user is using a proxy or spoofing technique he will never get the message since the second server to client request is made on ipaddress and port alone. Apparently though, even through a non-applet program it is only possible to send messages back on a connection made by the client and it is not possible to achieve the existing connection's port number and spawn a different process based on ip address and port, alone. Not to mention if I do manage to get the port number and ip address it just might happen to route the information back to the spoofer's computer since the client is listening on that port. Is there another way to send a "message" to a specific ip address without getting into legal trouble and foil the hacker at the same time???

I thought of a second implementation through Java by trying to determine the user's non spoofed ip address (or through the proxy) by downloading one of the scripts I found online that claimed to be legit . I doubt however it was 100% successful since none of the legit ones are. and of course I'm not going to even try the illegal software though I know there is a plethora out there (ie, programs to find free ports, etc etc)

Thirdly I thought of only allowing certified e-mail addresses from an ISP, such as aol, but collecting such a list would be a nightmare... I've looked already and I've only covered a tiny percentage of possible ISPs out there. It would be good, however since it would effectively block out anyone who didn't want to reveal their ISP.

Lastly I thought of doing something fancy with cookies by not only making them a neccesity but to also make it so that any attempt to delete them would block the registration and force you to contact the administrator. Harsh I know but I know even more people who would do this for a malicious purpose than do it by a mistake. It's still not fail proof unfortunately. And even if used with the the other java method, it still eeks out the REALLY computer savvy individuals. Tripled with the e-mail address ban it's effective but may bar TOO much.

Sigh...I'm willing to try anything at this point to stop an abusive user but right now I feel as though I'm out of real world options and that mycurrent options will be extremely inconvenient and not all that fail proof.

I have nothing against anonymity as long as the sufer is not abusing it. But in so many cases,this is exactly what happens.

how about "Ignore"

Did you try the Ignore User hack?

Since the abuse generally abuse for reactions, if no one sees their crap, they tend to move on.

So, instead of using a strong arm attempt to 'ban' them, you use a psychological ploy (with the help of the hack) to ignore. If the community ignores the loser, the loser tends to get bored and moves on.

It's a slow process, because most users have difficulty ignoring these dopes.

This is how it's done in some newsgroups. Every newsgroup tends to get hit every now and then by the 'Trolls'. They stir up a mess and leave everyone shell shocked. And the most effective tool was ignoring them.

Think back (alright, some of you don't have to think back too far) to when you'd "Ring and Run" on someone's door. If no one came to the door, you wouldn't hit that house again. But when someone came to the door and started screaming at you.... well, 'Hey, that was fun, let's do it again'.

That's a tactic I can encourage and at one point used but to my dismay not everyone can be tolerant enough to ignore other peoples loud opinions.

It ends up being that some forumers get emotional, they contact me, I say to ignore the problem and then they go in an all emotional bout spamming the forum with long emotional tirades (including bouts about their "tyrannical" admin). It spreads until one voice becomes a dozen and eventually even I get sick of it.

For you see, the perfume I'm wearing attracts some real nut-cases and more for me than for the good forum denziens I want to ban some people utterly from my site.

At this point I think a filter to include only isp specific e-mail addys would help narrow down the forumers from any old joe on the net, to someone who paid for net access.

If anyone has a list of any sort, please post it on the forum. Thanks

ANd a hack for ignore is good but could eventually cause problems.

There is no way to to elimanate someone on a phone connection. I use a dial up and my IP address is different every time I connect, but when I connect through the connection at work (not sure what they got - but its a heck of lot faster then my dial up) I am on the same dial up.

Banning email is the same, but more effective. At least you make them go through the work of creating new email accounts. In a few years when dial up goes away it will be easy as everyone has a permanent IP - but then you will always have the problem with people that use one IP masking tool or another.

So the short answer is no - you can not ban a user permanently no matter how hard you try.

I dont know what the igonore hack is, but his is what would work the best. If a hack would let that problem user see his messages, but they would only show up for him - not the rest of the users - than he would effectively get board as he thinks nobody is reacting to his statements and move on.

The problem I see is with the ignore feature is that when he/she would "catch on" they may just re-register. I'll have to put the user on ignore over and over again and it would be a test to see who is driven nuts first. Let alone I have to put in extra coding so that only he can see his own posts.

It's also not a solution but piled on top of the others, it does help. Thanks.

Here's a thought, maybe trying for technical solution is too hard, why not try a little bluff....it has worked for me in the past.

This assumes you have a current and active e-Mail for the weasel that is causing you such a headache, and is suggested in ignorance of what he is actually doing. However try a legal threat, advise him you utilise I.P logging, that you have I.P tracking software e.g Visual Route and that you will advise his ISP of his activities and that they will shut down his account, if they are a decent ISP they will probably do just that if you write to them politely informing them of his activities.

Additionally you could threaten direct legal action if he is breaching published terms and conditions of use of your site.

He/she may be a computer wizz but it is unlikely they are also a legal guru, so it may just work, like I say it has for me.

Anyhow just an idea !!

Best of luck, you have I am sure the symapthy of every self respecting webmaster.

There is one way that will work VERY well... but its a bit out of range. You would have to check credit card numbers for unique accounts. And to futher do it add that the addresses and and last names on the card may not match any other (ie a two Dewies at 123 Nowhere St, Somewhere, NY would not be allowed, but two dewies would, and for apartment sake two of the same addresses would). This would of course present the problem of parents and children wanting seperate accounts (not sure why both would use the same site) but to do that you could simply allow the second person to email the admin and hand set it up. Complicated huh? but tell me it wouldnt work!

SonnetCelestial, does this abuser's ip address fall within a certain range? If it does you can ban that entire subnet for a while and then release the ban after a month or two. Shouldn't affect any of your other users unless you are capturing lots and lots of traffic.

Another way, which might actually piss him off more than anything else, is put in a small if/then statement in the login section. Dont' ban the guy yet. When he logs in, have it open up 10 browser windows and 5 of them full-screen, which he won't be able to close unless he knows about "alt-F4". Yeah I learned that one from all those porno sites I used to visit back when I used to have an xxx website myself.

Btw, the later suggestion is not recommended actually. All it does is add fuel to the fire. I just had to post it because it's fun sometimes to dream about revenge...


Oh... one last thing. Try this one... Don't ban him yet. Capture a significant amount of his ip logins and posts, then report them all to his isp all at once. That will more likely get his account canned than if you simply capture a couple of ip sessions and report only those.

The problem with the 'threat of legal action' and the 'report to ISP' is that you run the risk of escalating the problem.

I've seen it on newsgroups. Some of these idiots get chips on their shoulders and don't realize they are the asses. They then may team up with other trolls and then you have an all out war.

If you get their ISP pulled, it doesn't take much to go and get a free ISP. Several for that matter. And you will know have given them a true cause to destroy your site.

That's why I prefer the passive ignoring. I don't like to give these idiots a mission in life.