Ken73
Starting Member
USA
35 Posts |
Posted - 11 May 2002 : 11:04:51
|
Just wanted to share my experiences with a user that has been "difficult to ban" at times. While he doesn't get on my forum and cause havoc, there are many "secrets" traded (I run a specialized fuel injection forum for vehicles) that he does not need to partake in.
Obviously if the user is causing a problem, it will be much easier to catch him - unlike this person, who never posts.
I have the "Ban by IP mod" installed but I don't use it - here's why:
First, this guy (thinks he) is clever. He not only accesses my forum from home, but also from work. If he can't get to it from either place, he uses an online anonymizer. However, he's dumb enough to use the exact same username each time. I simply go in and look at his IP address (from the ban IP mod) and actually ban him with IIS itself. (This obviously wouldn't apply for those of you using external servers.) Unfortunately, when you ban someone by IP address with IIS, it comes back with a "user IP address rejected" message which tells him he HAS been banned. He will then use one of the anonymizers to get in (because he KNOWS he's been banned.) So I changed the default HTML page for that error (403.6) to instead be the "Server cannot be found" page you typically get when you mis-type a URL or the persons server is actually down. He now thinks the site is just "down" temporarily, and won't bother to attempt to get in. That is, until someone else says that it's up. He then gets in on one of the anonymizers, which of course, presents me with another IP address (range) to ban in IIS. This keeps up until he runs out of anonymizers, unfortunately.
Of course, I could lock his account, but he'd just re-register and with over 500 users, it'd be difficult to find him again. This time I actually just got lucky and he happened to be on, and I recognized the IP address as being from his ISP. I came up with a 100% proof positive when he logged on from work, where he's actually the registrar of that company's domain name! (He works for a construction company, where there are only a few people who have internet access, so I know it's him.)
The "ban by cookie" mod won't work well in this case, as not only does he have several computers to try from, but he also knows to delete his cookies AND the online anonymizers keep the cookies on THEIR machines, not his. They are deleted after each session, also.
Also, my forum is completely hidden until you log in. You MUST register before you can log into it. I'm trying to limit the access to legitimate users, but of course trolls learn how to squeak in.
For those of you wondering, this person USED to be a friend until he decided to be a backstabber, at which point I simply banned him. Everyone warned me about him but I played fair until he decided to pull his move. He's quite determined to access my forum, so I thought I'd throw this out here to give other admins some ideas and to see if anyone else has any ideas on how to stop this guy.
Just another tid-bit, trolls don't always come in the form of a pimple-faced teen with nothing better to do - this man is in his late 50's, and is the CFO for the construction company I mentioned.
I don't know if anyone's interested in starting a black-list for anonymizers (or if there IS one already) but I'd like to hear other people's thoughts on this..
Ken |
|