This is just an idea that i was thinking of and figured what the hell see if something exists out there. I just migrated from a PHPNuke site to Dragonfly and i use to use Sentinel. Now i could ban users etc but its pretty limited in practical function. They can change their email address, their user name, and alot never stick with the same IPs either. Now to use the site they have to use cookies. So i got to thinking. Is there a way that instead of banning an ip etc, one could simply tag a user and when that happens a cookie is loaded into their cache. With every load of the site it checks for a specific cookie. And disallows based on it. Now ive never heard of such a thing and most people would never think of clearing their cookies to be allowed access. So what do you think? It could have the same checks as before. Ips, usernames, etc. If they manage to clear the cookie then once they come back to the site they get retagged.

I think it sounds like a wonderful idea myself and i dont have to block huge groups of ips to be effective either. I know nothing is sure proof to stopping a persistent user but i think this would be most effective.

Rob

Nobody interested in such an idea?

look at the Sticky in this forum titled "Can i use Sentinell, Fortress, Protector, Admin Secure ?"

Actually i read that already. But i proposed an alternating to banning IPs and such and without a risk to security would probably be the most effective.

The banned logs in and immediately recieves a cookie disallowing access. If they re-register using a different name you simply add the name to the list. Because cookies track most people for all their regular sites this would be a huge annoyance to anyone having to clear them all the time. IF they indeed figured it out. I've never heard of this method of banning, and most people think their IP is the only think stopping them from getting to a site.

Anyone up for some quick coding?

Rob

1. What if there is no cookie?
2. What prevents the user from deleting the cookie and connecting?

Jeruvy wrote:

1. What if there is no cookie? 2. What prevents the user from deleting the cookie and connecting?

Nothin prevents that. However once the user rejoins they will be issued the cookie once again. Since the site cannot be used without cookies then they are trapped. Its far more effective than IP banning as most think its their IP that is banned in the first place and either proxy or change it. Its more of a way to annoy a user since they think they are back in and wham they are 'cookied' again. Instead of banning IPs which can change endlessly and also risk banning legit users in the same IP block. You can simply add a new user name to the list. Even if they re-register you can add a name to the list. Its more frustrating to them and requires alot more time to re-register each time. They would give up. As well you could also make it so that the user simply sees themselves as logged out...when in fact they are banned.

A user in this scenario sees a problem with their browser before they would see a problem with the site. Allow them to log in...sorta...then kick them to the login page again.

Its a frustrating loop. I love it.

Rob

hmm sounds good to me. to get around that i would clear my cookies and use a proxy. since with 8.x people can get around things with proxies. you'd have to build in a proxy stopper of some type. then it might work.

stopping lamers is a huge issue for me and with the system in 8.x it's hopeless. we need a protector, sentinel, type thing built in that will stop proxies if you want, see through proxies like protector did, and has an effective banning system.

i agree with you 100% that something needs to be done. i'm not running dragonfly yet so i dont even know if any of that has been impliemented. it would nice to see the all of the above happen if it hasn't been done yet.

This does sound like a great idea. I was wondering though.

Say you want 'User1' banned for flaming or something.

So you add the name to the list and he can't login. He finds out that he needs to clear his cookies, either from reading a post about the topic such as this one or he just knows to do that.

So he signs up as 'User2'

How do you know that that is the guy who was banned before?

He could re-register and stop flaming and then he'd have full access again, correct?

I guess if that's the case then it is a good way to prevent people from doing that becasue then they do get a second, third chances. They just can't stick with the same user name.

Does that make sense? lol

Ya that makes sense. Thing is they would need a new user name, email addy etc. Now i know email addresses are easy to come buy but people do get sick of re-registering for the site, email etc. Its a bloody process hehe. I have this one guy on the site. I blocked most of the country Korea to keep him off. Which is fine because im in Canada and most of my reader base is this side of the planet.

But i migrated to Dragonfly and i let the blocks drop. He has now re-registered. He has a new name and is basically well behaved. I know its him because i can check his Ip and its still from Korea. Hes learned his lesson.

The cookie idea is great because its a nuisance right back at them. Unaffected by proxies etc. You might have to cookie them a couple times then they'll most likely take a hike.

rob

djdevon3 wrote:

hmm sounds good to me. to get around that i would clear my cookies and use a proxy. since with 8.x people can get around things with proxies. you'd have to build in a proxy stopper of some type. then it might work.

How does a proxy prevent it from working? Cookie must reach your browser or you cant use the site. Unless some a service manages your cookies instead of your browser? Makes no sense.

Rob

A dual-mode ban system would possibly be handy; the present method with additional option to ban the IP address.

Agreed. The two systems working together is a must.

Rob

Well as a webmaster I'm not interested in banning people, even troublemakers from my site. I don't have enough time in the day to worry about these kinds of people. Nor do I care that they have no life

Simple administration works well and is more effective than a cookie blocker in my mind.

I will never be a advocate of a ban system, sorry. The easiest way is to implement authentication or SSL to your web site to ensure 'who' your visitors are.

You obviously don't have the problems with immature users like we do Jeruvy. If you have a gaming site or any site that might interest kids then it becomes inevitable. They will try anything to make your life miserable.

It's a huge necessity to prevent proxy lamers from getting around bans. SOMEONE PLEASE MAKE A PATCH FOR THIS.

Devon i'm still working on it