Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Block / Ban user with a Cookie
 New Topic  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 3

KC
Junior Member

USA
152 Posts

Posted - 10 January 2002 :  11:39:53  Show Profile  Visit KC's Homepage
Sometimes you really want a user blocked...

The "stock ban" on Snitz only blocks the users name and they just create a new account.

The IP block works OK for most people, but many know how to easily change their IP number.

This code drops a Ban Cookie on the users system to block a new registration.

In short, if a user tries to logon as a user you ban via the stock Snitz ban, it drops a Ban cookie on their system.
If the registration page sees this cookie, in redirects the user to a "nasty-gram" page.

This code has only been tested on Snitz Forums 2000 Version 3.3.03 using cookie user validation and Access DB.

Insert the code in RED in INC_TOP.ASP
- - - - - - - - - - - - -

select case Request.Form("Method_Type")
case "login"

select case chkUser(strDBNTFUserName, Request.Form("Password"))
case 1, 2, 3, 4
Call DoCookies(Request.Form("SavePassword"))
strLoginStatus = 1
case else

'<!-- *** KC Ban User with Cookie Mod v1.0 *** part 1-1 in inc_functions.asp -->

KCbanx = "No"

'<-- Open Connection -->
set connBan = server.createobject("ADODB.Connection")
connBan.open "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & server.MapPath ("tools/snitz_forums_2000.mdb")

'<-- Fetch the Record -->
SQLBan="SELECT M_STATUS from FORUM_MEMBERS where M_USERNAME = '" & (strDBNTFUserName) & "'"

set banG=connBan.execute(SQLBan)
if banG(0) = "0" then

'<-- set the ban cookie -->
Response.Cookies("StopMe").Expires = Date + 30
Response.Cookies("StopMe") = "1"
end if

'<-- clean up -->
connBan.close
set connBan = nothing

'<!-- *** end KC part 1-1 *** -->

strLoginStatus = 0
end select
case "logout"
Call ClearCookies()
end select

- - - - - - - - - -

Put his code at the very top of REGISTER.ASP

- - - - - - -

<%
'<!-- *** KC Ban User with Cookie Mod v1.0 *** part 1-1 in register.asp -->

if not Request.Cookies("StopMe") = "" then
Response.Redirect "http://(your own nastygram web page)"
end if

'<!-- *** END KC 1-1 *** -->
%>
- - - - - - - - -

Thats it.


** Edited 2/27/2001 ***
I removed my actual nastygram page URL from the code above.
Seems a few people were using mine to redirect their banned people to!

Simply create an .html or .asp or whatever page to redirect the user to yourself.
You could actually get very creative here...
Since the user is expecting to register to bypass your ban, keep him occupied or trick him.

How about a "moc" forum that displays his IP address with a wanted poster and won't let him post.

Maybe a "Congratulations! You are the 5000th new Forum member and have just won a FREE Palm Pilot!"
Then have a form to get his name and address for shipping info, etc, and you got him.

I don't do that, but you get the idea.
If you get creative enough, you could send him on a heck of a wild goose chase ;-}

KC


Edited by - KC on 27 February 2002 10:43:51

davemaxwell
Access 2000 Support Moderator

USA
3020 Posts

Posted - 10 January 2002 :  12:35:16  Show Profile  Visit davemaxwell's Homepage  Send davemaxwell an AOL message  Send davemaxwell an ICQ Message  Send davemaxwell a Yahoo! Message
That's not a bad idea. It wouldn't stop the determined people, but for most it might deter them.

I would use the current connection instead of opening another one, but otherwise good job!

Dave Maxwell
--------------
Proud to be a "World Class" Knucklehead
Go to Top of Page

gor
Retired Admin

Netherlands
5511 Posts

Posted - 10 January 2002 :  12:43:26  Show Profile  Visit gor's Homepage
But what if I just deleted the cookie, how would it stop me then
For me as cable-modem user that is even easier than changing my IP.

Pierre
Join a Snitz Mailinglist
Go to Top of Page

Fuzion
Junior Member

162 Posts

Posted - 10 January 2002 :  13:09:37  Show Profile
I asked for this code when the first bann ip mod came out for snitz. I suggested that it would be much easier to bann an ip by a cookie, instead of using the current method because some people have ip's that change everytime they logon to the internet and this lets a banned user from your forum get back in and sign up again. I mean banning by cookies isnt fool proof but most people on the net are computer illiterate and wont ever think of deleting the cookie. Someone said they were gonna create it but i never heard anything after that. I thank you for this. You da man!

Go to Top of Page

Extra Sports
Average Member

USA
644 Posts

Posted - 10 January 2002 :  16:02:23  Show Profile
is there any way to put it in their registry?LOL. That would sure stop em for sure!

no ads...
Go to Top of Page

KC
Junior Member

USA
152 Posts

Posted - 15 January 2002 :  12:09:19  Show Profile  Visit KC's Homepage
It does not work if they delete all their cookies.
They could then create a new member.

But, since it looks for a ban when a user logs in, the cookie sets again if they try their old name.

For me, the best part is catching them trying to make a new account and directing the offender to a page with the rules.
It lets them know they were caught, and that if they just follow the rules, they can come back.
It's worked very well for me the few times I've had a problem user.

I suppose you could tie the IP checking in with the cookie for new reg check.
A user would have to change IP's AND clear cookies to come in and reg as new.


Go to Top of Page

roXet
Starting Member

14 Posts

Posted - 29 January 2002 :  09:38:58  Show Profile
I did this same mod to the fourm my site was using before I started with Snitz. The only diffrence is, mine would also put that username in a users_banned table in the db. Then when you tried to post it would check if the username you are trying to use is in the table, if so it sets the ban cookie. And if you aren't in the db, but you do have the cookie (registered a new account) then it puts the username you are trying to use this time in the db. I had to use this one and it worked quite well. the only way to get around it is to delete the cookie, register a new account and never use any old ones again.

I'll get the code together and post it later today.

Go to Top of Page

Dynamix
Junior Member

Germany
205 Posts

Posted - 29 January 2002 :  17:12:14  Show Profile
There is a really tricky way to ban Users without a cookie and without knowing their IP! Most people arround are using Windows and also many people have Windows Media-Player installed. Windows Media Player itself sends a kind of cookie which can be read with a simple script. If you use a combination of ip, cookie and Media-Player-cookie over 95% banned users should be permanently blocked. - Especially if you renew the ban for all three kinds during every try to registrate again. (A Logfile would be funny!)

Example:
A user is blocked by Member-Name and IP.
If he tries to Logon a cookie is send (or the forum-cookie on his system is read) and his Media Player-ID is read.
If he is getting a new ip and he is deleting all his cookies, he would normally be able to register again. But not now, because his Media Player is still the same and the ban is growing to his new IP and a new cookie is send. Together with a send-password-with-email-mod itīs hard for him to get in again...

quote:

Technical Details
-----------------

When the Windows Media Player is installed on a computer, a
unique ID number in the form of a GUID is assigned to the player.
This ID number is stored in the Windows registry. The ActiveX
interface to the Windows Media Player allows any JavaScript
Program to retrieve the ID number using the property "ClientID".

The following example HTML and JavaScript code illustrates how
easy it is to retrieve the ID number:

<OBJECT classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95"
ID=WMP WIDTH=1 HEIGHT=1></OBJECT>

<script>
alert(document.WMP.ClientID);
</script>

Once the ID number is available to a JavaScript program, it can
be sent back to a Web site either by appending it to the URL
of a Web bug or storing it in regular Web browser cookie.



Iīm not good enough in programming, but i think this could be a way.

Further informations:
http://www.securityfocus.com/archive/1/250363


Go to Top of Page

roXet
Starting Member

14 Posts

Posted - 30 January 2002 :  09:46:01  Show Profile
actually I did record a log file for the last ban I did. =)

Go to Top of Page

Dynamix
Junior Member

Germany
205 Posts

Posted - 31 January 2002 :  03:59:58  Show Profile
But does the ban with usernames really work for you?

Go to Top of Page

roXet
Starting Member

14 Posts

Posted - 31 January 2002 :  10:35:35  Show Profile
For me? Yeah, it worked quite well. But the forum I work on doesn't have an abundance of overly computer literate people. The guy I banned thought he was, but he could only come back and post after he formatted his computer. =)

Go to Top of Page

Dynamix
Junior Member

Germany
205 Posts

Posted - 31 January 2002 :  15:39:23  Show Profile
Lol!!
Best way to get rid of those cookies: format c:\

Go to Top of Page

Dynamix
Junior Member

Germany
205 Posts

Posted - 01 February 2002 :  18:32:44  Show Profile
Microsoft has released a new Update-Bugfix-Service Release-Service Pack 3 pre Release these days, but there isnīt any fix for the big security hole i described above in the Windows Media Player. Iīve read some days ago, that MS is not able to fix this today because of the Media Player itself.
A good chance for some programmers to make a real ban-user-mod

Go to Top of Page

davemarks
Starting Member

United Kingdom
27 Posts

Posted - 24 February 2002 :  16:15:37  Show Profile
Sorry do i get this right - Media Player has some kind of unique ID that be viewed by anybody on the net

Didn't Real Player have something like this in order to track how many people were using the product or something similar - As i remeber it they were taken to court over the matter, accused of invading privacy

Dave
Go to Top of Page

nirman
Starting Member

1 Posts

Posted - 06 March 2002 :  12:17:04  Show Profile
that cookie ban thingy how do u BAN someone with it (i mean what do u do)???10x


Go to Top of Page

Roland
Advanced Member

Netherlands
9335 Posts

Posted - 06 March 2002 :  13:47:27  Show Profile
Maybe a stupid question but isn't it in some way possible to get for instance the computer name (like in a network) and that kind of info?
If you combine cookie, member, IP and computer name banning it'd be perfect unless the user would change computers (how often do you get a new computer or change your computer's name? )

I don't know if it's possible, but I think that next to IP banning, which is getting easier by the day because of DSL and cable internet, banning by computer stats would be best.

Just my 2 cents



http://www.frutzle.com

Snitz Exchange | Do's and Dont's
Go to Top of Page
Page: of 3 Previous Topic Topic Next Topic  
Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.24 seconds. Powered By: Snitz Forums 2000 Version 3.4.07