Help
Okay, so I've built a live assistance application for my site and I am in the final few stages of finishing off the edges.
One of these function is a ban user button which will prevent the user from connecting to the live assistance chat again and spamming us.
My question to you is what is the most reliable / effective method of banning a user?
For users that are registered, it is not a problem as I can simply ban them in the database, however the live assistance is available for people who are not registered too.
I'm debating whether to go with banning the IP address... Setting a banned cookie on comp etc? Troubles I have is
1) if I ban the IP address, the end user can unplug and replug in their modem to aquire a new one... furthermore their IP address could potentially be given to another web surfer at a later date and this could result in us banning an innocent viewer.
2) If I use cookies the user can simply clear cookies and reconnect to the site? This also becomes a particular problem if they use inPrivate browsing?
So, any ideas? I'm wondering if its possible to ban a MAC address, as I believe this is specific to a computer and will not change but Im not sure... only other really viable option I have is to ban the IP address, and remove the ban after a few days incase someone else takes it.
What solution would you guys use in such an instance?
Page 1 of 1
what is the most effective way of banning a user from a service?
Rate Topic:
#2
Renaissance-Design 
- Available for custom WordPress work
-
- Group: Moderators
- Posts: 3,592
- Joined: 12-August 10
- Reputation: 559
- Gender:Male
- Location:South Wales
- Experience:Web Guru
- Area of Expertise:Designer/Coder
Posted 29 January 2012 - 08:25 PM
You can't get a MAC address from a HTTP request.
#4
zed
- Web Guru
-
- Group: Moderators
- Posts: 4,941
- Joined: 25-May 10
- Reputation: 703
- Gender:Male
- Experience:Intermediate
- Area of Expertise:Designer/Coder
Posted 30 January 2012 - 09:19 AM
make a note of the IP address, log the times and what you get. Use an IP lookup service to find who their ISP is and report them for abuse.
#5
Wickham
- Web Guru
-
- Group: Moderators
- Posts: 2,876
- Joined: 11-June 09
- Reputation: 257
- Gender:Male
- Location:Salisbury UK
- Experience:Intermediate
- Area of Expertise:Web Developer
Posted 30 January 2012 - 09:30 AM
With my forum I ended up blocking all China and Russia IP addresses (you can find out the start numbers (the area code) for each country and * the others).
Too bad if someone from UK is living in China.
Too bad if someone from UK is living in China.
#6
webbhost
- Dedicated Member
-
- Group: Members
- Posts: 192
- Joined: 12-May 08
- Reputation: 0
- Experience:Intermediate
- Area of Expertise:Designer/Coder
Posted 30 January 2012 - 03:06 PM
zed, good point..I didn't think about that, but is worth me implementing a logger to keep track of mallicious conversations.. but that said would an internet provider really go to the extent of taking action for someone being an idiot for a few minutes?
Wickham not a bad thought there... with it being a live assistance application aswell I probably wont be able to understand people in china etc very well in the first place.. but if I get alot of crap from 1 particular place then banning a cluster of IP's wouldn't hurt.
Wickham not a bad thought there... with it being a live assistance application aswell I probably wont be able to understand people in china etc very well in the first place.. but if I get alot of crap from 1 particular place then banning a cluster of IP's wouldn't hurt.
#7
FizixRichard
- Advanced Member
-
- Group: Members
- Posts: 325
- Joined: 05-October 07
- Reputation: 47
- Gender:Male
- Location:Market Deeping, England
- Experience:Advanced
- Area of Expertise:Web Designer
Posted 30 January 2012 - 04:04 PM
IP banning isn't a good idea unless you are deliberately banning a specific IP that you are pretty sure is static and is problematic OR you are deliberately banning a range (i.e. the country scenario above).
If someone is being an idiot or spamming your site, the ISP is unlikely to take action, it's only if something more serious happens they will be interested.
I'll list the issues of IP banning, though I suspect your aware of them due to your comments on it in your OP, but I'll run through them anyway.
1. Most users are on a dynamic IP address, so they can reset their IP whenever they want, simply by restarting their router.
2. Due to #1, IP addresses are re-used and they are re-used often, if a user resets their router another user will have that IP address in a very short period of time.
3. IP anonymisation systems are easy to get ahold of, include web based services and simple browser plugins, which can cause IP blocking to become a problem.
Simply put, if you use IP blocking most users will be able to get right back in again within minutes if not seconds.
4. Static IP addresses are the easiest to reliably block as they don't change, but the flip side to that is, static IP addresses are often networks such as workplaces, schools, colleges, universities, public places that have internet access and the likes. Therefore if you block that IP address you may be blocking 10's, 100's or even thousands of people.
This has a drawback of, if Bob, Jane, Sue and John are all on the same network (i.e. a uni) and are all using your service and Bob is being an arse. You block Bob's IP address which blocks him, but Jane, Sue and John are collateral damage as they will be blocked as well. They won't know why they are blocked and that can have a negative impact on you. As in they could think your sites stupid or they could have said something objectionable but allowed, i.e. against you or a criticism, and then think you are unreasonable.
Overall, IP banning isn't the way to go in order to block users. Experienced administrators don't tend to use IP banning to simply ban random nuisance people, they tend to use it as a more "last resort" measure in regards to an ongoing issue with a particular IP or range of IP's.
The alternatives are to have things like these to handle the problem:
1. Registration systems that require email verification where you can ban the user. Make them jump through hoops to get back in, hindrance is very effective against random people who are doing things for kicks.
2. Storing a cookie can help, but it can be wiped easily so has its ineffectiveness.
From my experience, the best way to stop spammers, is to make their job difficult. Like so:
1. Capthca/entry question on chat to help block bots.
2. URL blacklist, so certain URL's, site names and other words are ****'d out, if you are clever about it, you can make it difficult for them to reliably get their message across. Of course you need to keep and maintain a blacklist but if you have moderators this isn't too hard to on the fly. Blocking URL's all together and url shortcuts/shorteners is effective too.
3. Flood control mechanisms that boot a user. When a user signs in, store a cookie and register the IP address. Prevent flooding by having a next message time lapse (so they cant post another message before the time has elapsed) and then couple it with a spam guard mechanism that remembers what individual people say, if they repeat the same thing more than say 5 times, auto-kick (but keep store) so if they come back in, that term will auto-kick on the first mention.
This can be done effectively by storing a log and just kicking people who repeat the same term. If someone says the same term over and over and over then they are probably spamming (you'd have certain word exemptions).
4. Prevent unregistered users from posting certain things (like URL's and web addresses)
Basically, instead of relying on banning, look at preventative measures.
Simply put, the more difficult you are to target the less of a target you will be as for most, its not worth the effort. They will choose a service where they are more effective.
If someone is being an idiot or spamming your site, the ISP is unlikely to take action, it's only if something more serious happens they will be interested.
I'll list the issues of IP banning, though I suspect your aware of them due to your comments on it in your OP, but I'll run through them anyway.
1. Most users are on a dynamic IP address, so they can reset their IP whenever they want, simply by restarting their router.
2. Due to #1, IP addresses are re-used and they are re-used often, if a user resets their router another user will have that IP address in a very short period of time.
3. IP anonymisation systems are easy to get ahold of, include web based services and simple browser plugins, which can cause IP blocking to become a problem.
Simply put, if you use IP blocking most users will be able to get right back in again within minutes if not seconds.
4. Static IP addresses are the easiest to reliably block as they don't change, but the flip side to that is, static IP addresses are often networks such as workplaces, schools, colleges, universities, public places that have internet access and the likes. Therefore if you block that IP address you may be blocking 10's, 100's or even thousands of people.
This has a drawback of, if Bob, Jane, Sue and John are all on the same network (i.e. a uni) and are all using your service and Bob is being an arse. You block Bob's IP address which blocks him, but Jane, Sue and John are collateral damage as they will be blocked as well. They won't know why they are blocked and that can have a negative impact on you. As in they could think your sites stupid or they could have said something objectionable but allowed, i.e. against you or a criticism, and then think you are unreasonable.
Overall, IP banning isn't the way to go in order to block users. Experienced administrators don't tend to use IP banning to simply ban random nuisance people, they tend to use it as a more "last resort" measure in regards to an ongoing issue with a particular IP or range of IP's.
The alternatives are to have things like these to handle the problem:
1. Registration systems that require email verification where you can ban the user. Make them jump through hoops to get back in, hindrance is very effective against random people who are doing things for kicks.
2. Storing a cookie can help, but it can be wiped easily so has its ineffectiveness.
From my experience, the best way to stop spammers, is to make their job difficult. Like so:
1. Capthca/entry question on chat to help block bots.
2. URL blacklist, so certain URL's, site names and other words are ****'d out, if you are clever about it, you can make it difficult for them to reliably get their message across. Of course you need to keep and maintain a blacklist but if you have moderators this isn't too hard to on the fly. Blocking URL's all together and url shortcuts/shorteners is effective too.
3. Flood control mechanisms that boot a user. When a user signs in, store a cookie and register the IP address. Prevent flooding by having a next message time lapse (so they cant post another message before the time has elapsed) and then couple it with a spam guard mechanism that remembers what individual people say, if they repeat the same thing more than say 5 times, auto-kick (but keep store) so if they come back in, that term will auto-kick on the first mention.
This can be done effectively by storing a log and just kicking people who repeat the same term. If someone says the same term over and over and over then they are probably spamming (you'd have certain word exemptions).
4. Prevent unregistered users from posting certain things (like URL's and web addresses)
Basically, instead of relying on banning, look at preventative measures.
Simply put, the more difficult you are to target the less of a target you will be as for most, its not worth the effort. They will choose a service where they are more effective.
This post has been edited by FizixRichard: 30 January 2012 - 04:09 PM
Share this topic:
Page 1 of 1