Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
DraGoN
New Member
New Member


Joined: Oct 25, 2005
Posts: 14

PostPosted: Fri May 05, 2006 12:18 pm Reply with quote

Is there a easy way to ban a user name with a cookie or at the very least block his or her access to a certain module?

I have a problem with one user and ip banning just isnt working since he/she just uses a proxy ip.
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Fri May 05, 2006 6:09 pm Reply with quote

no....what you can do is block the use of proxies with sentinel...
but if any other has an idea... Smile
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Fri May 05, 2006 9:10 pm Reply with quote

Humm ... well it wouldn't be too much of a hack to keep a specific user name from registering I suppose. But then he/she could just use another. But if he uses the same email address all the time what you could do is delete his username and register one of your own using that email address. Then when he goes to register he'd get a message that that email address is already taken. Yeah ... he could use another email address but given the intelligence level of these folks that might be enough to send him off scratching his head for a while.
 
View user's profile Send private message Visit poster's website
DraGoN
PostPosted: Sat May 06, 2006 6:35 am Reply with quote

hitwalker wrote:
what you can do is block the use of proxies with sentinel...


I have too many AOL users to just outright block proxies unfortunately.

fkelly wrote:
it wouldn't be too much of a hack to keep a specific user name from registering I suppose. But then he/she could just use another.


Been there done that. He is own his 3rd or 4th username.

fkelly wrote:
But if he uses the same email address all the time what you could do is delete his username and register one of your own using that email address. Then when he goes to register he'd get a message that that email address is already taken. Yeah ... he could use another email address but given the intelligence level of these folks that might be enough to send him off scratching his head for a while.


Email addresses are too easy to come by and he knows that so that idea is out also.

He would also figure out the cookie ban fairly quickly I imagine but if there is a way to ban relatively easy by cookie with nuke I would much prefer to ban this guy that way instead of banning entire ranges of ip's.
 
hitwalker
PostPosted: Sat May 06, 2006 6:40 am Reply with quote

well you could put his isp in your htaccess with deny from . whatever
 
DraGoN
PostPosted: Sat May 06, 2006 6:57 am Reply with quote

hitwalker wrote:
well you could put his isp in your htaccess with deny from . whatever


Again that would lead to banning people that I do not wish to ban since he uses a popular broadband provider.
 
hitwalker
PostPosted: Sat May 06, 2006 6:59 am Reply with quote

lol...well basically that means that these were the options...
 
fkelly
PostPosted: Sat May 06, 2006 7:18 am Reply with quote

I'm thinking you may need to turn from the technical to the psychological. Is this some kiddie? Is he posting obscenities in Forums or what is he doing? In many cases you don't want these folks to know you are paying attention to them because that's what their attention starved egos are after. How many users do you have. Do you have the time to just delete his stupid posts when they come in and you see them. I mean without comment, they just disappear. Or anything else he puts on the site just disappears. I bet he'd get tired of that after a while. Don't let him know what a p.i.t.a. it is for you either. Or could you appeal to reason ... probably not but worth considering. Does he have a peer group on the site that could be enlisted to contact him ? I don't know, these are just some considerations. What you want to do is make it "costly" for him to continue the behavior and reduce any psychic rewards he gets.
 
DraGoN
PostPosted: Sat May 06, 2006 9:10 am Reply with quote

Quote:
Is this some kiddie?


No he is in his early to mid thirties. By his actions though you would think his is 10.

Quote:
Is he posting obscenities in Forums or what is he doing?


He never posts in the forums, in fact he prefers for people to not even know he visits my site. What he does is come to my site to steal content nothing more nothing less.

Quote:
How many users do you have.


Close to 7000 with an average of 20 to 30 new users a day.

Quote:
Do you have the time to just delete his stupid posts when they come in and you see them.


I wish it was a forum posting problem as that is easy to take care of.

Quote:
Or could you appeal to reason ... probably not but worth considering.


Already tried by the other owner of the site through MSN and email. The guy makes his promises then promptly breaks them.

Quote:
What you want to do is make it "costly" for him to continue the behavior


This is why I would like to be able to do a ban through a cookie also.

I have came up with this code that should work if added to the sites my_header file but doesn’t. It instead just shows up at the top of the page.

Code:
$bad_members = array('USERNAME GOES HERE', 'USERNAME GOES HERE'); 

global $cookie, $admin;
$username = $cookie[1];
foreach($bad_members as $banned_user){
if($username == $banned_user && !is_admin($admin)){
$comment = "Annoying people are not welcome on this site.";
$comment = base64_encode($comment);
setcookie("Jerk", $comment, time()+60*60*24*365);
}
}
if(isset($_COOKIE['Jerk'])){
Header("Location: About:Blank");
}


Maybe someone can look that over and point me to where I should be adding it since it just doesn’t work in the my_header file.
 
AwwYouDead
Hangin' Around


Joined: Apr 02, 2006
Posts: 38

PostPosted: Sat May 06, 2006 10:06 am Reply with quote

With 20-30 new users a day I dont suppose you would want to add a Membership approve mod to the site.
 
View user's profile Send private message
DraGoN
PostPosted: Sat May 06, 2006 12:41 pm Reply with quote

I already have the ability to approve membership, I do not use it for the reasons you stated.

We wish to keep the site as accessible as possible and this guy is the only real problem member that we have so I would like to just make it hard for him and no one else.
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat May 06, 2006 5:06 pm Reply with quote

Even with cookies, all he has to do is clear them.

With the internet, there is very little you can do to stop content theft. As soon as you post it, people can copy it. Google cache and others make it easy to lift too, even if the original site has it locked down, That's just the way it is

Sorry to say the only option you may have is legal - civil lawsuit probably

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
DraGoN
PostPosted: Sat May 06, 2006 6:10 pm Reply with quote

evaders99 wrote:
Even with cookies, all he has to do is clear them.


True, however I would like to find every option I can to ruin his day.
 
evaders99
PostPosted: Sat May 06, 2006 11:30 pm Reply with quote

Ruin his day? Err get someone to hack his computer.
If you track his current username and IP, then you could send him to the page using the PC attack script. But as you said, he changes IPs and usernames and goes again. So very much a lot of work for you to fight it such a persistant guy.
 
DraGoN
PostPosted: Sun May 07, 2006 8:40 am Reply with quote

Quote:
Err get someone to hack his computer.


Not my style, however if it was I would much rather have someone hack his website.

Quote:
But as you said, he changes IPs and usernames and goes again.


Yes but that is all he does, he changes none of his behaviors on my site once he changes his name and ip. He isn’t very bright about covering up much else I have his full name, phone number, home address and if I was to put a little effort into I could probably get a lot more information on him.
 
guidyy
Worker
Worker


Joined: Nov 22, 2004
Posts: 208
Location: Italy

PostPosted: Sun May 07, 2006 10:00 am Reply with quote

If you have all these info, why don't you get his ISP cut the line?
Some people should be kept away form the net.
just my 2 cents.
Guido
 
View user's profile Send private message Visit poster's website MSN Messenger
DraGoN
PostPosted: Mon May 08, 2006 7:53 am Reply with quote

Quote:
why don't you get his ISP cut the line?


On what grounds? It has been my experience that an ISP will not cut a person off for just visiting a website which is pretty much what he is doing. Other than his theft of content he has made no type of attacks on my website.
 
guidyy
PostPosted: Mon May 08, 2006 9:05 am Reply with quote

DMCA?
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©