Banning by setting a cookie?

New Member Joined: Oct 25, 2005 Posts: 14

Is there a easy way to ban a user name with a cookie or at the very least block his or her access to a certain module?

I have a problem with one user and ip banning just isnt working since he/she just uses a proxy ip.

Sells PC To Pay For Divorce Joined: Posts: 5661

no....what you can do is block the use of proxies with sentinel...
but if any other has an idea... Smile

Posted: Fri May 05, 2006 9:10 pm

Humm ... well it wouldn't be too much of a hack to keep a specific user name from registering I suppose. But then he/she could just use another. But if he uses the same email address all the time what you could do is delete his username and register one of your own using that email address. Then when he goes to register he'd get a message that that email address is already taken. Yeah ... he could use another email address but given the intelligence level of these folks that might be enough to send him off scratching his head for a while.

Posted: Sat May 06, 2006 6:35 am

hitwalker wrote:

what you can do is block the use of proxies with sentinel...

I have too many AOL users to just outright block proxies unfortunately.

fkelly wrote:

it wouldn't be too much of a hack to keep a specific user name from registering I suppose. But then he/she could just use another.

Been there done that. He is own his 3rd or 4th username.

fkelly wrote:

But if he uses the same email address all the time what you could do is delete his username and register one of your own using that email address. Then when he goes to register he'd get a message that that email address is already taken. Yeah ... he could use another email address but given the intelligence level of these folks that might be enough to send him off scratching his head for a while.

Email addresses are too easy to come by and he knows that so that idea is out also.

He would also figure out the cookie ban fairly quickly I imagine but if there is a way to ban relatively easy by cookie with nuke I would much prefer to ban this guy that way instead of banning entire ranges of ip's.

Posted: Sat May 06, 2006 6:40 am

well you could put his isp in your htaccess with deny from . whatever

Posted: Sat May 06, 2006 6:57 am

hitwalker wrote:

well you could put his isp in your htaccess with deny from . whatever

Again that would lead to banning people that I do not wish to ban since he uses a popular broadband provider.

Posted: Sat May 06, 2006 6:59 am

lol...well basically that means that these were the options...

Posted: Sat May 06, 2006 7:18 am

I'm thinking you may need to turn from the technical to the psychological. Is this some kiddie? Is he posting obscenities in Forums or what is he doing? In many cases you don't want these folks to know you are paying attention to them because that's what their attention starved egos are after. How many users do you have. Do you have the time to just delete his stupid posts when they come in and you see them. I mean without comment, they just disappear. Or anything else he puts on the site just disappears. I bet he'd get tired of that after a while. Don't let him know what a p.i.t.a. it is for you either. Or could you appeal to reason ... probably not but worth considering. Does he have a peer group on the site that could be enlisted to contact him ? I don't know, these are just some considerations. What you want to do is make it "costly" for him to continue the behavior and reduce any psychic rewards he gets.

Posted: Sat May 06, 2006 9:10 am

Quote:

Is this some kiddie?

No he is in his early to mid thirties. By his actions though you would think his is 10.

Quote:

Is he posting obscenities in Forums or what is he doing?

He never posts in the forums, in fact he prefers for people to not even know he visits my site. What he does is come to my site to steal content nothing more nothing less.

Quote:

How many users do you have.

Close to 7000 with an average of 20 to 30 new users a day.

Quote:

Do you have the time to just delete his stupid posts when they come in and you see them.

I wish it was a forum posting problem as that is easy to take care of.

Quote:

Or could you appeal to reason ... probably not but worth considering.

Already tried by the other owner of the site through MSN and email. The guy makes his promises then promptly breaks them.

Quote:

What you want to do is make it "costly" for him to continue the behavior

This is why I would like to be able to do a ban through a cookie also.

I have came up with this code that should work if added to the sites my_header file but doesn’t. It instead just shows up at the top of the page.

Code:

$bad_members = array('USERNAME GOES HERE', 'USERNAME GOES HERE'); 


global $cookie, $admin; 


$username = $cookie[1]; 


foreach($bad_members as $banned_user){ 


if($username == $banned_user && !is_admin($admin)){ 


$comment = "Annoying people are not welcome on this site."; 


$comment = base64_encode($comment); 


setcookie("Jerk", $comment, time()+60*60*24*365); 


} 


} 


if(isset($_COOKIE['Jerk'])){ 


Header("Location: About:Blank"); 


}

Maybe someone can look that over and point me to where I should be adding it since it just doesn’t work in the my_header file.

Hangin' Around Joined: Apr 02, 2006 Posts: 38

With 20-30 new users a day I dont suppose you would want to add a Membership approve mod to the site.

Posted: Sat May 06, 2006 12:41 pm

I already have the ability to approve membership, I do not use it for the reasons you stated.

We wish to keep the site as accessible as possible and this guy is the only real problem member that we have so I would like to just make it hard for him and no one else.

Posted: Sat May 06, 2006 5:06 pm

Even with cookies, all he has to do is clear them.

With the internet, there is very little you can do to stop content theft. As soon as you post it, people can copy it. Google cache and others make it easy to lift too, even if the original site has it locked down, That's just the way it is

Sorry to say the only option you may have is legal - civil lawsuit probably

Posted: Sat May 06, 2006 6:10 pm

evaders99 wrote:

Even with cookies, all he has to do is clear them.

True, however I would like to find every option I can to ruin his day.

Posted: Sat May 06, 2006 11:30 pm

Ruin his day? Err get someone to hack his computer.
If you track his current username and IP, then you could send him to the page using the PC attack script. But as you said, he changes IPs and usernames and goes again. So very much a lot of work for you to fight it such a persistant guy.

Posted: Sun May 07, 2006 8:40 am

Quote:

Err get someone to hack his computer.

Not my style, however if it was I would much rather have someone hack his website.

Quote:

But as you said, he changes IPs and usernames and goes again.

Yes but that is all he does, he changes none of his behaviors on my site once he changes his name and ip. He isn’t very bright about covering up much else I have his full name, phone number, home address and if I was to put a little effort into I could probably get a lot more information on him.

Worker Joined: Nov 22, 2004 Posts: 208 Location: Italy

If you have all these info, why don't you get his ISP cut the line?
Some people should be kept away form the net.
just my 2 cents.
Guido

Posted: Mon May 08, 2006 7:53 am

Quote:

why don't you get his ISP cut the line?

On what grounds? It has been my experience that an ISP will not cut a person off for just visiting a website which is pretty much what he is doing. Other than his theft of content he has made no type of attacks on my website.

Posted: Mon May 08, 2006 9:05 am

DMCA?