1

I have a security problem with a user who we've banned over and over. They continuously re-register to the site and use proxies to get around the IP Ban.

We use Phpmyadmin and sql databases for the user table and already have everyone that registers automatically set to "0" which means they are registered by not an admin.

I was wondering if there is a way to dynamically set this person's user level when they register a new screen name - because they use the same email address every time. We have most of the site protected so that they are required to login and have a set permission level to see things. So if possible, when they register another login name it automatically sets that specific user ONLY to whatever number I designate and identifies it by the email address they are entering.

Anyway to do that, or anyone have any better ideas?

Improve this question

1 Answer 1

Reset to default
3

One idea is to do what craigslist does to people. It is called ghosting. It is a good thing to google. Basically a user thinks they are posting, but no one else ever sees their stuff. When they go to the listing, wow it is there. When they go to the category, it is there.

I realize that CL is quite different than say a chat forum. And the user would be wondering why no one took offense to them calling someone a fatso, live. But for non-interactive, non-realtime environments, they would have no idea they are ghosted. Well, I shouldn't say that. Maybe their friend tells them they can't see it.

If they can pull off the proxy thing, creating a new email address would be a piece of cake. Don't tip them off to the ghosting, let them continue to do their thing, isolate, and ignore (if it is even possible).

good luck

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

This is also known as shadowbanning on places like Reddit.
Then there are cookies.
Well this user is using a proxy website to do it, not the most sophisticated method, but that is what they are using. They are using the same email address to register their account every single time, so I think if I just had a way to set the permission level to keep them off pages that mattered it would be fine. @Drew cookies as in?
I know what a cookie is, I meant in what way do you mean to use it to ban/control the user?
they register as GuySmiley. Too bad. Same cookie sent each time (still maps to EvilGuy666). People rarely individually delete a cookie file. 99.9% of people have no clue where to even look for them. If they go to browser settings and delete all cookies, they know what other problems they just cause for themselves.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.