|
-
October 4th, 2005, 02:31 PM
#1
Banning Codes
Out of curiousity started to take a tour to see if there is any new ways to deal with banned members or ways to control bans...
thought this was interesting...a way to ban members from posting in specific forums...
Global Header
<div id="forum">
Global Footer
</div>
<script type="text/javascript">
<!--
function ban(user, board)
{
if(location.href.match('board='+board) && document.cookie.match(new RegExp('user='+user)))
{
document.getElementById('forum').style.display = 'none';
}
}
ban('username','boardID');
//-->
</script>
Edit and repeat the line in purple for more users/boards 
http://support.proboards.com/index.c...7333924&page=1
ProBoardsĀ® Support - Banning Member in ONE Forum Code
Another thing I came across was ' invisible mode '...software that effectively makes the offender invisible to other members...as if he was on everyone's ignore list...effectively the person could post but he'd be talking to himself...no one would see him or even know he's there.
Eg 
-
October 5th, 2005, 02:26 PM
#2
While I'm all for the first, they could have a heyday creating/posting useless and wastefull space on the forums. Go for the first!
-
October 5th, 2005, 02:27 PM
#3
While I'm all for the second, they could have a heyday creating/posting useless and wastefull space on the forums. Go for the first!
-
October 5th, 2005, 04:20 PM
#4
Hi Egaladeist
What you have suggested is a very good idea but I also have another idea of how to stop banned members from coming back although it may sound a bit crap. When I signed up with AOL I had to give them my full name, address, post code and bank details in order to set up a direct debit. As soon as I did that they got me online. Now what if members were only allowed to sign up with their ISP email address? That way, if they get banned and try to sign up again, a code could be implemented which recognises their email, can see that they are banned and therefore stop them from returning and creating yet more havoc?
It's just a thought.
-
October 5th, 2005, 04:47 PM
#5
Don't think it would work, paws...
First of all, some people might have dozens of email addresses or even more. I myself have my own domain name and can create a near-unlimited amount of email addresses for that domain, with a near-unlimited amount of aliases for them too. That would allow me to sign in an infinity number of times, although the mods could decide to just ban a whole domain instead of a single user.
I also have a GMail account which I prefer to use anyways. It has a good spamfilter and is pretty large and thus I prefer it. I also have an email account from my ISP but I barely ever use it anyways.
Requiring people to fill in name, address, postcode just requires you to rely on people to be honest about this information. People are not...
Requiring bank information will make people suspicious, though. Many will refuse out of fear that the information will be used to plunder their bank account. That is, if they even have a creditcard or bank account that this site would be able to validate.
And whatever other way you use to ban people will also be broken by those who just want to break the rules. All that additional security would do is make AO less attractive and less easy to use for the regular members.
The best way is just having users report any suspicious post, with moderators and administrators keeping track of IP numbers from those who abuse AO. If some ass seems to use the same IP number to hack AO, then his IP number could be banned for, say, three months or so. (If he uses the same IP number all the time.)
A fun way would be to use a cookie and set a flag in it. Won't work when they clean their cookies but as long as that cookie is set then the user will not be able to access AO. All you need are users who are required to accept cookies from AO. But again, this trick is easily bypassed. It's fun though since it's so simple... A user logs in and the AO site detects that he's banned. His cookie is set to 'banned' and the user won't be able to do anything. Even if the user logs out, AO would still know he's banned until he cleans the cookie. And then just hope he doesn't think about cleaning his cookies...
Of course, the server should also continue to remember which users are banned but it just helps a bit more to block them and doesn't have much impact for the normal users.
-
October 5th, 2005, 05:10 PM
#6
Well, there is also the fact that the above example code appears to be client side script which is trivial to defeat. Most anything you stick client side is going to be trivial to defeat.
Cookies will never work to solve the problem either. All you have to do is install a different browser and you get an entirely new cookie cache on the hd. Also it's incredibly simple to whip up a client side web proxy in languages like vb or perl in just a short amount of time that will allow you to edit your http requests/responses as you like.
Or you just run a bootable cd, use vmware, etc.
Doing it by ip address doesn't really work if you are trying to keep your services available to everyone. Some ISP's run everyone through a proxy/gateway, most companies do as well. You'd be allowing one knucklehead to do a denial of service for your website on an entire group of people.
The only way you're going to weed out the idiots is with a better authentication system that has decent fraud checking. It would probably cost more to implement something like that for this site than it's worth.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
October 5th, 2005, 09:50 PM
#7
Banned
Not one... not two... but three search bars at the bottom of this page, big banners at the top, thread AP, other features that have sat to rot back when JP was in charge, and for some reason JupM added blue to all this yellow and purple.
How about focusing on running this site in the right direction. In doing this, all of these senior members would have less justifucation to come back and poke fun at the moderators and administration.
-
October 5th, 2005, 09:54 PM
#8
Hi Katja,
I agree with most of what you say. However, with AOL if people abuse the message boards and generally annoy and harass others, or impersonate them, they will have a COS (Conditions of Service) warning sent to their account. Now I think if you recieve up to three of these warnings AOL will close your account. So when you sign back up with them they will see from your personal details that that person was banned from AOL, thus stopping that person(s) from coming back online.
I know there is no way from stopping someone who is so determined to cause trouble from accessing the internet, it just seems a shame that there are those out there who want to spoil it for others. The internet is meant to be fun.......
-
October 5th, 2005, 10:25 PM
#9
Just require new account applications to be digitally signed. This is a security board after all... we should have have our digital certificates right?
Users lacking certs will only be granted access to the newbies forum.
cheers,
catch
-
October 5th, 2005, 10:41 PM
#10
Originally posted here by catch
Just require new account applications to be digitally signed. This is a security board after all... we should have have our digital certificates right?
Users lacking certs will only be granted access to the newbies forum.
cheers,
catch
LMAO, thanks catch, I needed the chuckle. Ah, but were it only so simple...
What each of you has failed to acknowledge is that AO is a FREE site. The only real driving factor JupM has to keep the site running is REVENUE from advertisers. Yes, I am certain they have some philanthropic and neighborly attitudes and factors that make this a good site for them to own/run, but that don't pay the bandwidth bills. If this site in and of itself isn't necessarily profitable, then you can be certain they gain some intrinsic value to their line up of websites, by having AO on the list. Otherwise, this community would not continue for very long under their sponsorship. That's simply a fact of business.
ANY solution that has a reasonable chance for false positives would not be acceptable to them, I'm certain, nor would anything that seriously impacts the page load times or server load, unless it significantly offset increased costs with a direct increase in 'hits per day', which is their proverbial bottom-line.
I think that, like many problems, diligence, common sense, and fixing the holes that exist are going to be the most acceptable solutions. We can dream up all sorts of magic spells to "end" the "problem", but in reality, unless you have to fork out cash to get a login and even VIEW content (let alone POST), the people that create or exploit these issues will NOT go away, until they tire of this place.
I bet we see some changes in how you authenticate to make changes to your account, for sure. I would not hold your breathe for lots of code changes...this site is has enough complex code as it is, without adding per-page-load authorization queries being handled.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
