Blocking Destructive Users from Websites?

billmarrs asks: "I occasionally need to block a user from using my website because they are abusing the system in some way, but the tools I have to work with for blocking them are easily circumvented. Once I identify them, I can block their IP; but they can just hang-up their modem and dial-in again to get a new IP. I can also stick cookies in their browser to identify them, but they can delete the cookies (or turn them off altogether). Are there other ways to block unwanted users from one's website?"

You could try ...

[VA+Software]

... moderation, meta-moderation, lameness filters, blocking ip-subnets, bitchslaps and putting [] around questionable material.

I've heard these can be quite effective.

(Just watch the moderation on this post for proof!)

Re:e-mail address-authenticated logins

[Rick+the+Red]

you might consider creating a 'bozo' class for your logins, wherein the person _thinks_ they're still able to do things, but actually aren't.

Excellent suggestion! Instead of kicking them off, put them in the "safe" room. You should be able to fool them with a well-planned trap -- just don't change the look of one page without changing the other!

This reminds me of a bit of manufacturing equipment I once saw (a plastic injection molding machine, IIRC). There was a control panel with knobs and switches and dials, which the production workers would adjust throughout their shift to maintain certain limits (temperature, pressure, etc.). Every evening the night shift folks would state that the day shifters had it all screwed up, and would set the knobs where they liked them. Every morning the day shifters would say the same about the night shifters and set the knobs back. Neither group knew that the controls on the panel did nothing except make the dials move a bit; the real controls were all hidden inside the panel, where only the production engineers could get at them. Everyone was happy!