Author |
Topic |
KC
Junior Member
USA
152 Posts |
Posted - 10 January 2002 : 11:39:53
|
Sometimes you really want a user blocked...
The "stock ban" on Snitz only blocks the users name and they just create a new account.
The IP block works OK for most people, but many know how to easily change their IP number.
This code drops a Ban Cookie on the users system to block a new registration.
In short, if a user tries to logon as a user you ban via the stock Snitz ban, it drops a Ban cookie on their system. If the registration page sees this cookie, in redirects the user to a "nasty-gram" page.
This code has only been tested on Snitz Forums 2000 Version 3.3.03 using cookie user validation and Access DB.
Insert the code in RED in INC_TOP.ASP - - - - - - - - - - - - -
select case Request.Form("Method_Type") case "login"
select case chkUser(strDBNTFUserName, Request.Form("Password")) case 1, 2, 3, 4 Call DoCookies(Request.Form("SavePassword")) strLoginStatus = 1 case else
'<!-- *** KC Ban User with Cookie Mod v1.0 *** part 1-1 in inc_functions.asp -->
KCbanx = "No"
'<-- Open Connection --> set connBan = server.createobject("ADODB.Connection") connBan.open "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & server.MapPath ("tools/snitz_forums_2000.mdb")
'<-- Fetch the Record --> SQLBan="SELECT M_STATUS from FORUM_MEMBERS where M_USERNAME = '" & (strDBNTFUserName) & "'"
set banG=connBan.execute(SQLBan) if banG(0) = "0" then
'<-- set the ban cookie --> Response.Cookies("StopMe").Expires = Date + 30 Response.Cookies("StopMe") = "1" end if
'<-- clean up --> connBan.close set connBan = nothing
'<!-- *** end KC part 1-1 *** -->
strLoginStatus = 0 end select case "logout" Call ClearCookies() end select
- - - - - - - - - -
Put his code at the very top of REGISTER.ASP
- - - - - - -
<% '<!-- *** KC Ban User with Cookie Mod v1.0 *** part 1-1 in register.asp -->
if not Request.Cookies("StopMe") = "" then Response.Redirect "http://(your own nastygram web page)" end if
'<!-- *** END KC 1-1 *** --> %> - - - - - - - - -
Thats it.
** Edited 2/27/2001 *** I removed my actual nastygram page URL from the code above. Seems a few people were using mine to redirect their banned people to!
Simply create an .html or .asp or whatever page to redirect the user to yourself. You could actually get very creative here... Since the user is expecting to register to bypass your ban, keep him occupied or trick him.
How about a "moc" forum that displays his IP address with a wanted poster and won't let him post.
Maybe a "Congratulations! You are the 5000th new Forum member and have just won a FREE Palm Pilot!" Then have a form to get his name and address for shipping info, etc, and you got him.
I don't do that, but you get the idea. If you get creative enough, you could send him on a heck of a wild goose chase ;-}
KC
Edited by - KC on 27 February 2002 10:43:51 |
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 10 January 2002 : 12:35:16
|
That's not a bad idea. It wouldn't stop the determined people, but for most it might deter them.
I would use the current connection instead of opening another one, but otherwise good job!
Dave Maxwell -------------- Proud to be a "World Class" Knucklehead |
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 10 January 2002 : 12:43:26
|
But what if I just deleted the cookie, how would it stop me then For me as cable-modem user that is even easier than changing my IP.
Pierre Join a Snitz Mailinglist |
|
|
Fuzion
Junior Member
162 Posts |
Posted - 10 January 2002 : 13:09:37
|
I asked for this code when the first bann ip mod came out for snitz. I suggested that it would be much easier to bann an ip by a cookie, instead of using the current method because some people have ip's that change everytime they logon to the internet and this lets a banned user from your forum get back in and sign up again. I mean banning by cookies isnt fool proof but most people on the net are computer illiterate and wont ever think of deleting the cookie. Someone said they were gonna create it but i never heard anything after that. I thank you for this. You da man!
|
|
|
Extra Sports
Average Member
USA
644 Posts |
Posted - 10 January 2002 : 16:02:23
|
is there any way to put it in their registry?LOL. That would sure stop em for sure!
no ads... |
|
|
KC
Junior Member
USA
152 Posts |
Posted - 15 January 2002 : 12:09:19
|
It does not work if they delete all their cookies. They could then create a new member.
But, since it looks for a ban when a user logs in, the cookie sets again if they try their old name.
For me, the best part is catching them trying to make a new account and directing the offender to a page with the rules. It lets them know they were caught, and that if they just follow the rules, they can come back. It's worked very well for me the few times I've had a problem user.
I suppose you could tie the IP checking in with the cookie for new reg check. A user would have to change IP's AND clear cookies to come in and reg as new.
|
|
|
roXet
Starting Member
14 Posts |
Posted - 29 January 2002 : 09:38:58
|
I did this same mod to the fourm my site was using before I started with Snitz. The only diffrence is, mine would also put that username in a users_banned table in the db. Then when you tried to post it would check if the username you are trying to use is in the table, if so it sets the ban cookie. And if you aren't in the db, but you do have the cookie (registered a new account) then it puts the username you are trying to use this time in the db. I had to use this one and it worked quite well. the only way to get around it is to delete the cookie, register a new account and never use any old ones again.
I'll get the code together and post it later today.
|
|
|
Dynamix
Junior Member
Germany
205 Posts |
Posted - 29 January 2002 : 17:12:14
|
There is a really tricky way to ban Users without a cookie and without knowing their IP! Most people arround are using Windows and also many people have Windows Media-Player installed. Windows Media Player itself sends a kind of cookie which can be read with a simple script. If you use a combination of ip, cookie and Media-Player-cookie over 95% banned users should be permanently blocked. - Especially if you renew the ban for all three kinds during every try to registrate again. (A Logfile would be funny!)
Example: A user is blocked by Member-Name and IP. If he tries to Logon a cookie is send (or the forum-cookie on his system is read) and his Media Player-ID is read. If he is getting a new ip and he is deleting all his cookies, he would normally be able to register again. But not now, because his Media Player is still the same and the ban is growing to his new IP and a new cookie is send. Together with a send-password-with-email-mod itīs hard for him to get in again...
quote:
Technical Details -----------------
When the Windows Media Player is installed on a computer, a unique ID number in the form of a GUID is assigned to the player. This ID number is stored in the Windows registry. The ActiveX interface to the Windows Media Player allows any JavaScript Program to retrieve the ID number using the property "ClientID".
The following example HTML and JavaScript code illustrates how easy it is to retrieve the ID number:
<OBJECT classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95" ID=WMP WIDTH=1 HEIGHT=1></OBJECT>
<script> alert(document.WMP.ClientID); </script>
Once the ID number is available to a JavaScript program, it can be sent back to a Web site either by appending it to the URL of a Web bug or storing it in regular Web browser cookie.
Iīm not good enough in programming, but i think this could be a way.
Further informations: http://www.securityfocus.com/archive/1/250363
|
|
|
roXet
Starting Member
14 Posts |
Posted - 30 January 2002 : 09:46:01
|
actually I did record a log file for the last ban I did. =)
|
|
|
Dynamix
Junior Member
Germany
205 Posts |
Posted - 31 January 2002 : 03:59:58
|
But does the ban with usernames really work for you?
|
|
|
roXet
Starting Member
14 Posts |
Posted - 31 January 2002 : 10:35:35
|
For me? Yeah, it worked quite well. But the forum I work on doesn't have an abundance of overly computer literate people. The guy I banned thought he was, but he could only come back and post after he formatted his computer. =)
|
|
|
Dynamix
Junior Member
Germany
205 Posts |
Posted - 31 January 2002 : 15:39:23
|
Lol!! Best way to get rid of those cookies: format c:\
|
|
|
Dynamix
Junior Member
Germany
205 Posts |
Posted - 01 February 2002 : 18:32:44
|
Microsoft has released a new Update-Bugfix-Service Release-Service Pack 3 pre Release these days, but there isnīt any fix for the big security hole i described above in the Windows Media Player. Iīve read some days ago, that MS is not able to fix this today because of the Media Player itself. A good chance for some programmers to make a real ban-user-mod
|
|
|
davemarks
Starting Member
United Kingdom
27 Posts |
Posted - 24 February 2002 : 16:15:37
|
Sorry do i get this right - Media Player has some kind of unique ID that be viewed by anybody on the net
Didn't Real Player have something like this in order to track how many people were using the product or something similar - As i remeber it they were taken to court over the matter, accused of invading privacy
Dave |
|
|
nirman
Starting Member
1 Posts |
Posted - 06 March 2002 : 12:17:04
|
that cookie ban thingy how do u BAN someone with it (i mean what do u do)???10x
|
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 06 March 2002 : 13:47:27
|
Maybe a stupid question but isn't it in some way possible to get for instance the computer name (like in a network) and that kind of info? If you combine cookie, member, IP and computer name banning it'd be perfect unless the user would change computers (how often do you get a new computer or change your computer's name? )
I don't know if it's possible, but I think that next to IP banning, which is getting easier by the day because of DSL and cable internet, banning by computer stats would be best.
Just my 2 cents
http://www.frutzle.com
Snitz Exchange | Do's and Dont's |
|
|
Topic |
|