Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking Destructive Users from Websites?

Posted by Cliff on from the eliminating-those-who-spoil-it-for-others dept.

billmarrs asks: "I occasionally need to block a user from using my website because they are abusing the system in some way, but the tools I have to work with for blocking them are easily circumvented. Once I identify them, I can block their IP; but they can just hang-up their modem and dial-in again to get a new IP. I can also stick cookies in their browser to identify them, but they can delete the cookies (or turn them off altogether). Are there other ways to block unwanted users from one's website?"

17 of 38 comments (clear)

  1. You could try ... by VA+Software · · Score: 4, Funny

    ... moderation, meta-moderation, lameness filters, blocking ip-subnets, bitchslaps and putting [] around questionable material.

    I've heard these can be quite effective.

    (Just watch the moderation on this post for proof!)

    --

    ---
    http://slashdot.org/moderation.shtml
    1. Re:You could try ... by Tumbleweed · · Score: 2

      Unfortunately, Slashdot has proved that moderation and meta-moderation don't work with such problems. They help, but they're hardly a 'solution'. And such nonsense as making people wait x minutes before posting again just irritate (as I just now found out).

  2. e-mail address-authenticated logins by Tumbleweed · · Score: 5, Insightful

    E-mail address-authenticated logins are probably the only real answer. Create logins that have to be activated via e-mail address. Shutdown accounts of abusers, and don't allow them to create an account with an e-mail address already in the system. Depending on what's happening with this 'abuse', you might consider creating a 'bozo' class for your logins, wherein the person _thinks_ they're still able to do things, but actually aren't. Let's say the problem is people leaving abusive or stupid messages on a webboard - well, make it so bozo'd users can still read and post messages, but noone else can see their messages but them. Just a thought...

    1. Re:e-mail address-authenticated logins by Anton+Anatopopov · · Score: 2, Insightful
      Better yet, partition the communities into separate groups of users who all agree with each other. Then there would be no acrimony, and the gates-hating linux users could congratulate each other on their choice of OS all day long, while the real world Microsoft users could try and convince each other that Microsoft innovates really good technologies.

      Nobody need ever be challenged by a contradictory thought or opinion...

    2. Re:e-mail address-authenticated logins by Tumbleweed · · Score: 2

      I'm not sure how much farther you can go, short of having an approval system of moderation - messages don't go online until approved.

      If the problem is people cursing, then an automatic-censoring program could help, if it's smart enough to check for things like f*ck, etc, different characters inbetween, and all that, but it seems more trouble than it's worth.

      If you've got lots of time, money, and ability, then perhaps an intelligent system that combines IP logging, e-mail address domain logging, username similarities, etc, could be made, but that's an insane level to go to, IMO.

    3. Re:e-mail address-authenticated logins by Rick+the+Red · · Score: 3, Funny
      you might consider creating a 'bozo' class for your logins, wherein the person _thinks_ they're still able to do things, but actually aren't.

      Excellent suggestion! Instead of kicking them off, put them in the "safe" room. You should be able to fool them with a well-planned trap -- just don't change the look of one page without changing the other!

      This reminds me of a bit of manufacturing equipment I once saw (a plastic injection molding machine, IIRC). There was a control panel with knobs and switches and dials, which the production workers would adjust throughout their shift to maintain certain limits (temperature, pressure, etc.). Every evening the night shift folks would state that the day shifters had it all screwed up, and would set the knobs where they liked them. Every morning the day shifters would say the same about the night shifters and set the knobs back. Neither group knew that the controls on the panel did nothing except make the dials move a bit; the real controls were all hidden inside the panel, where only the production engineers could get at them. Everyone was happy!

      --
      If all this should have a reason, we would be the last to know.
  3. block the hostmask by DragonPup · · Score: 4, Insightful

    resolve the domain name to the hostmask if possible, and ban a range of them, for example, *.ma.pool.crapnet.net

    Yes, it's broad, but works. Or you can call the ISP and complain to them

    -Henry

    --
    "Useless organic meatbag" -HK-47
    1. Re:block the hostmask by bluGill · · Score: 2

      contact their ISP. Abuse is semi-illegal already, depending on what form it takes. Take legal action if you can.

      The biggest thing you do though is don't ban them directly, just take everyone to a page that says "Do to other uses from your ISP abusing our system you are blocked. Contacting your ISP has not resolved the problem. If you are the abuser go away. If you are an honest user, then switch ISPs, as you are currently paying someone who doesn't care." Some re-wording of that should be done, read it twice and you will get the idea, but my writting skills are not enough to make to readable.

  4. User accounts by Boba001 · · Score: 3, Interesting

    Sometimes you can get away with a massive ban of a group of IPs.. but if your site gets a lot of hits you end up pissing off normal visitors.

    If your problems stem from some kind of forum where the person is posting crap, spamming, etc. you might try requiring people to create a simple account where they need to supply a valid e-mail address.

    The disadvantage to that is that having to register for an account is pretty annoying and many users won't sign up for them if they don't visit the site all the time... Other (non-registering) solutions would require you to program some advanced filters on forum posts, or having a limit on how many messages a person can post in X amount of time.

  5. Auto detection may be an answer... by ayjay29 · · Score: 2, Interesting

    If they are using the same pattern, some URL hack, or a bunch of comments posted, or some kind of DOS.

    You could write code to detectt this, then block the IP, or use a cookie based method to block them for a short time. If they try different tactics, you could modify the blocker code.

    It's hard to tell if this would be a good soultion without knowing the details of what they do.

    --
    Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
  6. Non technical solutions work the best. by Anton+Anatopopov · · Score: 3
    Have you considered a restraining order ? Legal action of any kind ? Abusive use of your computing facility (even a website) is illegal. Plain and simple.

    The thing to do is litigate. Follow the money. The abusive user may not have much to lose financially, but his/her ISP sure does.

    Use tools like traceroute to detect the source of the attacks. Then use the arin whois database to find the service provider. Then SUE LIKE CRAZY.

    A lot of people think the Internet is not part of the real world, so they think laws do not apply.

    They are wrong. There is plenty of case law on this subject.

    The point is to stop looking for technical solutions to social problems. They agree to a terms and conditions when they visit your site. Make sure they fulfil their side of the legally binding contract.

    The website I hate has a 'terms of use' which all posters are legally bound by. It even goes so far as to prohibit the use of the wget client. They seem to have a heavyweight legal team there too. And so far, apart from a minor DDOS attack by a jealous rival website, they have not experienced many problems, despite the highly controversial subject matter they seem to deal with.

    So to conclude: Sue their asses off.

  7. Few details about the abuse make it hard to advise by Jerf · · Score: 2

    You don't give any details of the abuse, so it makes it hard to advise specifics.

    However, I'm assuming you're running some sort of service that involves a server you can program. (If this is an EZBoard being abused, which you use but don't control, you're toast.) The key is to ban the behavior, not the user. Exactly how you do that depends on the exact situation.

    If someone's posting too often, make people wait at least n seconds before posting again. If they abuse that, kick the time up. And if they're posting rapid-fire, keep kicking the time up. Look into "exponential decay", it's what you're looking for. Once they cross a threshold, you may choose to ban the IP for a week and delete whatever messages were posted automatically, thus undoing the abuse automatically, which is kinda the key to this whole idea.

    Think outside the "IP ban" box. What you do for other services depends. Ban behavior, not people. It's a little harder at first, but much more reliable.

  8. easily circumvented by mr.ska · · Score: 2
    I've been using spamgourmet.com for virtually all of my e-mail registration needs. If one of my fake e-mail addresses (that forward to my real e-mail address) gets "tagged", I can simply sign up again using another fake one.

    Nice try, but it won't work for long.

    --

    Mr. Ska

  9. Are you using Apache? by ShaunC · · Score: 2

    Apache allows you to ban a netblock, you don't have to do it on a per-IP basis. For example, if the guy's always coming from 209.14.27.*, you could create a directive for your root directory like:

    (Limit GET POST)
    order deny,allow
    deny from 209.14.27.
    (/Limit)

    (Replace the parentheses with angle brackets, a la HTML.) If you can't tweak httpd.conf, put that in an .htaccess file instead.

    Someone else suggested automating the process, this is a good idea if you can do it. When Nimda first fired up, a friend of mine wrote a Perl script that took the remote IP and added it to the deny directive in .htaccess. He set that script as his 404 error handler for a few days, and anyone who did a Nimda scan was immediately blocked from further access to the site. Of course some legit users who mistyped a link probably wound up blocked, too. I imagine by now he's cleaned out the list, so it was only a temporary inconvenience to real visitors.

    Your solution depends on how aggressive you want to be, and whether or not you care if a few babies get thrown out with the bathwater. Me, I'd just ban the netblock for a couple of weeks. The lusers will find another site to harass, and you can lift the ban.

    Shaun

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  10. MAC address? by Clubber+Lang · · Score: 2, Interesting

    Not much info in your story... but here's the first thought off the top of my head (and consider that I've been up for 30+ hours). Keep track of your pesky guy's MAC address, then block the connection if it matches. No, it's not perfect since it can be changed... but assuming you're dealing with a lame-o script kiddie they might not know better, and you have less of a chance of blocking users who are legit as compared to just blocking a whole chunk of ip addresses.

    Here's what I'd do: Check the MAC when you get a request (probably only for certain key pages, but you could do it for all I guess) and if the address matches your banned list, automatically ban that ip address for say... 24 hours. This way you don't accidentally lock out real users for any length of time, and it should at least slow down your pest. Granted this falls apart if your intruder knows how to change the address on your card, but you didn't say how sophisticated this all is and it's better than nothing.

    Cheers

    --
    Actuaries - making accountants look interesting since 1949
  11. That'd be a great idea by pete-classic · · Score: 2

    if there weren't any routers on the internet.

    That's as far as the MAC goes.

    -Peter

  12. Concentrating on good users by Sir+Runcible+Spoon · · Score: 2, Interesting
    So far everyones contribution is about slapping down the abusers. Another approach is to concertrate on promoting users that add value to your site. People that have had their accounts a long time, made useful posts and haven't consistently got moderated down.


    Giving these guys a quick route through the posting process will allow you to slow down new comers to a crawl. If users have been reading your site for sometime then they probably have something useful to say, and it is probably worth speeding them up. I read slashdot for ages before starting to post (not that what I post is always useful).


    If a newcomer does have something they really want to say, then they would be prepared to go through the hoops. Perhaps going through the password by email cycle for every post, or answering a selection of blindingly obvious but difficult to automate random questions (e.g. What colour is grass? red, green or blue).