Higher Security

I'm having some trouble. I have this one members who I continually ban, through IP ban and email ban. Yet he keeps coming back.

I increased the security a little, through the use of user groups, so now he can only spam in the General Discussion forum or New Membership Request forum, but it still doesn't cut it.

He uses a program to generate a new hotmail account (Considered blocking *hotmail.com ect. accounts, but this would limit a ton of users from using my forums, which is something I don't want.)

And some sort of program (I'm assuming) to change his IP address. He is very cooperative in telling me how he gets around the security at least

What I'm wondering is if there is a solution to all this?

Is there a way I can tag his computer (cookies wouldn't work too well because he could just delete them) or obtain his unique computer footprint and ban that?

Anyone have any possible solutions?

Many customers who access the internet have dynamic IP addresses, meaning that when they connect again, they are likely to have a different IP address.  And certain ISP's like AOL, which use tons of proxy servers, cause a user to potentially have several different IP addresses while they are logged in.

In these situations banning an IP address by itself won't work, and banning an entire IP range would ban everyone coming from that ISP.

If you ban an entire range that covers an ISP, for example, you would probably want to lift it at some point.  After a few months of being banned, the offender may find some other forum to bother.  You then lift the ban, which allows everyone else from that ISP access your forum.

You could try the cookie thing and then show the same message as a banned IP Range.  It would make him think you banned his IP address instead of placing a cookie, throwing him off.  If he thinks his IP is banned, he won't bother deleting the cookies to try to restore access.

It's worth a try anyway.

Adrael wrote: wistex wrote: You could try the cookie thing and then show the same message as a banned IP Range.  It would make him think you banned his IP address instead of placing a cookie, throwing him off.  If he thinks his IP is banned, he won't bother deleting the cookies to try to restore access. It's worth a try anyway. I don't think that would work. He changes his IP manually, so he would know that it wasn't IP banning that was keeping him from the forums.

Not necessarily.  A lot of banning (eg Spam Email databases) sometimes work on entire ranges ... so if you word your Message ... he may get the idea.

At least it is making me think more about security in all the websites I'm planning on making soon. Anyone else have any thoughts on this topic?

This isn't a security issue per se.  You have a forum which allows member posting based on registration details.  Sure, he is abusing that privilege, but you have "invited him" ... in a way .. by having a forum online. 

A sure fire way around is to require approvla of al members joining.