Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking Destructive Users from Websites?

Posted by Cliff on from the eliminating-those-who-spoil-it-for-others dept.

billmarrs asks: "I occasionally need to block a user from using my website because they are abusing the system in some way, but the tools I have to work with for blocking them are easily circumvented. Once I identify them, I can block their IP; but they can just hang-up their modem and dial-in again to get a new IP. I can also stick cookies in their browser to identify them, but they can delete the cookies (or turn them off altogether). Are there other ways to block unwanted users from one's website?"

6 of 38 comments (clear)

  1. You could try ... by VA+Software · · Score: 4, Funny

    ... moderation, meta-moderation, lameness filters, blocking ip-subnets, bitchslaps and putting [] around questionable material.

    I've heard these can be quite effective.

    (Just watch the moderation on this post for proof!)

    --

    ---
    http://slashdot.org/moderation.shtml
  2. e-mail address-authenticated logins by Tumbleweed · · Score: 5, Insightful

    E-mail address-authenticated logins are probably the only real answer. Create logins that have to be activated via e-mail address. Shutdown accounts of abusers, and don't allow them to create an account with an e-mail address already in the system. Depending on what's happening with this 'abuse', you might consider creating a 'bozo' class for your logins, wherein the person _thinks_ they're still able to do things, but actually aren't. Let's say the problem is people leaving abusive or stupid messages on a webboard - well, make it so bozo'd users can still read and post messages, but noone else can see their messages but them. Just a thought...

    1. Re:e-mail address-authenticated logins by Rick+the+Red · · Score: 3, Funny
      you might consider creating a 'bozo' class for your logins, wherein the person _thinks_ they're still able to do things, but actually aren't.

      Excellent suggestion! Instead of kicking them off, put them in the "safe" room. You should be able to fool them with a well-planned trap -- just don't change the look of one page without changing the other!

      This reminds me of a bit of manufacturing equipment I once saw (a plastic injection molding machine, IIRC). There was a control panel with knobs and switches and dials, which the production workers would adjust throughout their shift to maintain certain limits (temperature, pressure, etc.). Every evening the night shift folks would state that the day shifters had it all screwed up, and would set the knobs where they liked them. Every morning the day shifters would say the same about the night shifters and set the knobs back. Neither group knew that the controls on the panel did nothing except make the dials move a bit; the real controls were all hidden inside the panel, where only the production engineers could get at them. Everyone was happy!

      --
      If all this should have a reason, we would be the last to know.
  3. block the hostmask by DragonPup · · Score: 4, Insightful

    resolve the domain name to the hostmask if possible, and ban a range of them, for example, *.ma.pool.crapnet.net

    Yes, it's broad, but works. Or you can call the ISP and complain to them

    -Henry

    --
    "Useless organic meatbag" -HK-47
  4. User accounts by Boba001 · · Score: 3, Interesting

    Sometimes you can get away with a massive ban of a group of IPs.. but if your site gets a lot of hits you end up pissing off normal visitors.

    If your problems stem from some kind of forum where the person is posting crap, spamming, etc. you might try requiring people to create a simple account where they need to supply a valid e-mail address.

    The disadvantage to that is that having to register for an account is pretty annoying and many users won't sign up for them if they don't visit the site all the time... Other (non-registering) solutions would require you to program some advanced filters on forum posts, or having a limit on how many messages a person can post in X amount of time.

  5. Non technical solutions work the best. by Anton+Anatopopov · · Score: 3
    Have you considered a restraining order ? Legal action of any kind ? Abusive use of your computing facility (even a website) is illegal. Plain and simple.

    The thing to do is litigate. Follow the money. The abusive user may not have much to lose financially, but his/her ISP sure does.

    Use tools like traceroute to detect the source of the attacks. Then use the arin whois database to find the service provider. Then SUE LIKE CRAZY.

    A lot of people think the Internet is not part of the real world, so they think laws do not apply.

    They are wrong. There is plenty of case law on this subject.

    The point is to stop looking for technical solutions to social problems. They agree to a terms and conditions when they visit your site. Make sure they fulfil their side of the legally binding contract.

    The website I hate has a 'terms of use' which all posters are legally bound by. It even goes so far as to prohibit the use of the wget client. They seem to have a heavyweight legal team there too. And so far, apart from a minor DDOS attack by a jealous rival website, they have not experienced many problems, despite the highly controversial subject matter they seem to deal with.

    So to conclude: Sue their asses off.