Need help with forum ban script

Davidc316

Hello,

I run an online forum (similar to this one) on one of my websites. I built it myself using PHP and MySQL. On the forum I have a ban script for the rare occassions when people come on causing trouble. The way my ban script works is by recording the offending person's IP address and putting that IP address on a banned table on MySQL. If the banned person goes to a new computer and enters his username then the new computer that he's on get's its IP address added to the banned list and the person is banned again.

I've used this system successfully for about 3 or 4 years. However, recently some guy has came onto my forum and has been conducting himself in a most unpleasant manner. Whenever my moderator bans him he comes back. Not only that, but he has openly declared that he knows how to get past my IP block system and is willing to tell anyone who emails him how to do it.

So, the question is this... does anyone have any suggestions for how to build a good ban script? You don't have to give me precise code but just a few ideas of how the concept could work would be really appreciated.

Many thanks!

gardnc

It's not clear to me why you ban his IP address instead of banning the user via his login.

ragedigital

Davidc316 wrote:
Hello,
Not only that, but he has openly declared that he knows how to get past my IP block system and is willing to tell anyone who emails him how to do it.

I'll declare it here for everyone... "RESTART YOUR ROUTER!!!!"

Unless you have a static IP of course.

+1 for closing his account. Surely it takes longer to create an account than it would to restart the router.

Davidc316

Hello,

Thanks for that.

For the record, I am locking his account AS WELL AS his IP address, but he keeps simply creating a new account and adding a number onto the end of his username (eg, David1, David2, David3 etc).

dougal85

require users to register with a unique email address.

block his email address

rincewind456

Not only that, but he has openly declared that he knows how to get past my IP block system and is willing to tell anyone who emails him how to do it.

So why not email and ask him🙂

ragedigital

Sounds like you're going to have to approve accounts 1 by 1 after people create an account.

Horizon88

Yeah, he's just proxying and creating new accounts, and he'll probably also just make new hotmail accounts, too. Your best bet is to require administrator authorization for each new account for a litle while until he gets bored with it and moves on.

bradgrafelman

You could also do a low-tech tracking system.

He's right, IP's mean nothing these days. If I really felt the need, I could post at least 50 replies to this thread using 50 different IP addresses. And no, I don't mean on the same subnet even (hint: open proxies/anonymizers/etc.).

Instead, you could try to be sneaky about it. Let him register another name... if you know what it's going to be (e.g. David9), add some code to your script that sets a cookie once he registers that account. Make the cookie expire in a date far in the future (add 25 years onto today's date, for example), and give it some inconspicuous-looking name, e.g. forum_post_preference, or something stupid like that.

Then, you can check for this cookie when he is logging in and/or posting.

It's by no means foolproof and easily detectable and blockable if you know what you're looking for, but maybe he won't think of it? shrug

Then again, if you used the same username here at PHPBuilder as you have elsewhere, he might just come across this thread in a Google search and discover your evil plan... :p