Bock a member...

NZ_Kiwis

I'm looking at ways of blocking a person from signing up form my site... I've blocked thier email address as well as hotmail.com and yahoo etc etc... what else can I do?? login details and password is sent to the email address supplied but all they have to do it goto some other free mail service and they are away... and there are hundreds of them around!!

IP: Isn't this a different address each time a user logs onto the net if they have dial up???

Cookie: This will work until they remove cookies?

Any ideas? Any comments on IP and Cookies which could help me???

bradgrafelman

NZ_Kiwis wrote:
IP: Isn't this a different address each time a user logs onto the net if they have dial up???

Probably. Then again, how badly do you want to block them? If you really want to block them, ban their subnet (ex. 10.20.100. or even 10.20..*).

NZ_Kiwis wrote:
Cookie: This will work until they remove cookies?

Yes, but you could try using the cookie as a tracker and/or fool them; you could have it log the different IP's they log on from so that you can block any new ranges they might use (if they have AOL, you might be in for a rough ride - might want to resolve their IP to a domain name and block *.aol.com). In addition (or as an alternative), you could use the cookie to block them, but don't tell him/her that; display an error message saying that the user's IP has been banned. That way, he/she might not even realize to check for a cookie.

NZ_Kiwis

Okay cookies could be used...

What's the "ban their subnet" what is this?

bradgrafelman

As I illustrated with asterisks, it's like using a wildcard in their IP. If your IP is 10.20.100.136, and you ban the 10.20.100.* subnet (subnet mask 255.255.255.0), then it bans your IP as well as any other IP on that subnet (ex. 10.20.100.5, 10.20.100.207, etc. etc.). Obviously, this has the possiblity for false positives, which is why I questioned how determined you were to ban this person.

etully

Blocking by IP and Subnets is great in the short run... but it will always fail in the long run. People move. They set up proxies. They start attending new schools or get new jobs. Oh yeah, and they set up proxies. Anyone who wants to can just go to phpbuilder.com and ask about how to use curl and boom! They've got a proxy and they can register at your site again.

With Botnets, someone could hit your site with a different IP address every minute for the next 50 years.

There are a few solutions and none of them are easy.

You can charge ten bucks to register. After you cancel his account for the ninth time for violating your terms of service, he'll be pretty bored of giving you his money. And you'll have gotten paid ninety bucks for the trouble of deleting his account nine times.
You can build a moderation system like Slashdot has. This way, millions of little votes are cast every day that make the good content float to the top and the idiots get buried where nobody has to listen to them. This works really well when you have hundreds of thousands of active users.
You can make registration by invite only. Make the registration form require a secret, one time use, code. When you want your friend Bob to register, you give him a secret code like 1234567890. Then When you want your friend Mary to register, you give her a different entry code like 8838884885. This way, the unwelcome guy can't ever register.

None of these are simple solutions. If there was a simple solution, you'd know about it by now.