tags:

views:

40

answers:

2
Q: 

How to definitively ban a user from my website ... or almost ?

On my website I would like to be able to ban some users for good,

  • I could filter IP address, but the user can use another IP address, or more dangerous with some providers like AOL : you can have a user using a floating IP address, so ban an IP could lead to ban wrong users.
  • I could filter email address, but obviously, one can open another very easily,
  • I could use a kind of javascript browser signature, but ... yes user can change the browser or its implied signature.
  • I cannot use credit card identification because my website is free.

So, I guess there is no definitive solution, but could you tell me what works pretty well for you ?

A: 

You are asking for a reliable means of authentication. If you solved this with 100% accuracy you might win the Nobel Prize. Since you cannot use credit cards, I recommend going with email addresses.

(by the way The correct term for "floating" IP addresses is dynamic IP address. The other kind of IP address is static IP address.)

Dynamic IP: IP address changes Static IP: IP address stays the same

IP bans can get pretty long and as you are already aware, you can start banning the wrong people over time. I recommend you go with an email ban with bot protection. This way, people can setup another account, but its time consuming and most people won't bother. Even the rare go-getters who created a second email and account would be far less in # than spammers who most certainly will not use Static IP addresses. I imagine the IP problem will only get worse as IPv6 gains in popularity, thereby creating far more public IP addresses available in the pool for spam bots to cycle through.

P.Brian.Mackey  2010-07-01 15:29:02
If you're worried about dynamic IP users (which would be almost all residential users) you can set an expiration on IP bans, in terms of weeks/months, which is typical of cable. But realistically, what is the likelihood that your demographic would involve different people happening upon the same IP lease? It's something to consider, i suppose if you're actually a large corporation, or if your website targets a local audience.
andyortlieb  2010-07-01 15:32:18
A: 

I'm posting this answer for completeness.

There is a solution that is used by industries to prevent fraud which involves creating a fingerprint for a computer using third party Flash cookies and ActiveX controls. I recently had to integrate a solution onto a client website. Iovation was the provider we used.

I didn't believe it would work (especially if I turned off Javascript etc), but it actually does provide a very effective way of identifying individual computers. These computers are then linked to 'bad' accounts (via this third party). It's pretty powerful tool once the network is built up. It's used by the online gaming industry a lot.

Some people feel this type of product is sneaky and doesn't respects the user's privacy. Perhaps, but that's a whole other discussion.

By the way it's a subscription based product, and expensive I believe.

Ciaran Archer  2010-07-01 15:33:37
Neat product, of course a user could simply swap computers. One can potentially get their friends/family banned too. This seems very similar to the way Microsoft bans hacked Xbox's.
P.Brian.Mackey  2010-07-01 15:38:20
Yep. Well the system allows 'exceptions' which sorts out the family / friend thing. You can also link more than one machine to an account. It's pretty powerful.
Ciaran Archer  2010-07-01 16:16:07

related questions

Combined SVN FTP system?
Looking for ways to automate web site testing
Find coordinates of every link in a page
What is your preferred site for code snippets
Javascript make the web broswer srcoll to the top?
Best Ruby on Rails social networking framework
Twitching Consumption of Web Services from Web Site to Web Application
How to use chrome to login to same site twice with different credentials ?
Looking for a Good Resource for Print Designers that are doing Web Design
How does dedicated webhosting compare to Amazon's Cloud?
What makes a good website for an open source project?
Communicating between websites (using Javascript or ?)
Which CMS or other framework should I use to develop a stackoverflow-like site?
How to store Application Messages for a .NET Website
What to charge for a simple website
What is the best solution for maintaining backup and revision control on live websites?
What is a good Content Management System to deploy for a personal website/blog?
What do most users consider acceptable load times on a website?
Should my website abandon username/password authentication in favor of OpenID?
Shopping Cart
Personal Website Construction
HTTPS in IIS 5.1
Do you think using websites like Elance, to obtain side jobs while still working full time, could help my programming career?
Whatever happened to VB Accelerator?
My website got hacked... What should I do?