Blocking Destructive Users from Websites?

billmarrs asks: "I occasionally need to block a user from using my website because they are abusing the system in some way, but the tools I have to work with for blocking them are easily circumvented. Once I identify them, I can block their IP; but they can just hang-up their modem and dial-in again to get a new IP. I can also stick cookies in their browser to identify them, but they can delete the cookies (or turn them off altogether). Are there other ways to block unwanted users from one's website?"

e-mail address-authenticated logins

[Tumbleweed]

E-mail address-authenticated logins are probably the only real answer. Create logins that have to be activated via e-mail address. Shutdown accounts of abusers, and don't allow them to create an account with an e-mail address already in the system. Depending on what's happening with this 'abuse', you might consider creating a 'bozo' class for your logins, wherein the person _thinks_ they're still able to do things, but actually aren't. Let's say the problem is people leaving abusive or stupid messages on a webboard - well, make it so bozo'd users can still read and post messages, but noone else can see their messages but them. Just a thought...

Re:e-mail address-authenticated logins

[Anton+Anatopopov]

Better yet, partition the communities into separate groups of users who all agree with each other. Then there would be no acrimony, and the gates-hating linux users could congratulate each other on their choice of OS all day long, while the real world Microsoft users could try and convince each other that Microsoft innovates really good technologies.

Nobody need ever be challenged by a contradictory thought or opinion...

block the hostmask

[DragonPup]

resolve the domain name to the hostmask if possible, and ban a range of them, for example, *.ma.pool.crapnet.net

Yes, it's broad, but works. Or you can call the ISP and complain to them

-Henry