Board Security Question
-
Kon-Tiki
Board Security Question
At this forum I'm a member of, we've been having quite some problems with this one user. The admins've banned several of his accounts, both IP-ban and email ban, but he still occasionally logs in. Now I know 'bout IP masking proxies to allow people to go 'round IP bans, but how he got 'round the email ban's beyond me. Anybody here know how to prevent this (and preferably the IP proxy workaround as well)? It'd really help alot. Forum uses Invision Power Board 1.3.1 Final, if that helps.
-
AGI1122
Re:Board Security Question
The problem with email banning is, you can get free email address from many places on the net. So it does very little good since he can choose a different email address.
I find the best way to ban someone like that is to cookie ban them. Hopefully he isn't smart enough to delete the cookie set by the site, and it will say he is banned no matter what ip or email he uses.
But I don't know if it's a feature in IPB. I know SMF and YaBBSE cookie ban.
I find the best way to ban someone like that is to cookie ban them. Hopefully he isn't smart enough to delete the cookie set by the site, and it will say he is banned no matter what ip or email he uses.
But I don't know if it's a feature in IPB. I know SMF and YaBBSE cookie ban.
-
Kon-Tiki
Re:Board Security Question
I'll ask 
(He's probably smart enough to remove the cookies, though)
(He's probably smart enough to remove the cookies, though)-
Tora OS
Re:Board Security Question
sounds fimilar....meaning sounds like some guy on my forum.
What i've done is banned like this huge list of proxies and for emails....i never did find a solution.
I would be interested in this solution though.
P.S. The cookie thing usually doesnt work.
What i've done is banned like this huge list of proxies and for emails....i never did find a solution.
I would be interested in this solution though.
P.S. The cookie thing usually doesnt work.
-
TheUnbeliever
Re:Board Security Question
What'd be the legality of dumping a file in some obscure place on his computer - not a cookie, but use one of the great many exploits to put something vaguely system-sounding in the C:\ root (assuming he's using Windows - not a clue how to do this to a *nix machine)?
-
JoeKayzA
Re:Board Security Question
You could drop something in the /var or /etc directory. If the user is not a unix geek (which is unlikely for badly-behaving people), he/she probably won't look there. If he/she _is_ a unix geek, you probably won't find an exploit anyway. ;DTheUnbeliever wrote: ... - not a clue how to do this to a *nix machine)?
cheers Joe
Re:Board Security Question
I think executables are easily noticed in /var and /etc. Try /usr/local/bin, /usr/bin, /usr/local/lib, /lib etc.JoeKayzA wrote:You could drop something in the /var or /etc directory. If the user is not a unix geek (which is unlikely for badly-behaving people), he/she probably won't look there. If he/she _is_ a unix geek, you probably won't find an exploit anyway. ;DTheUnbeliever wrote: ... - not a clue how to do this to a *nix machine)?
-
JoeKayzA
Re:Board Security Question
Indeed, when it really needs to be an executable. I thought of a cookie-replacement, a plain data file. But on a unix-machine, it is highly unlikely to get write-access to persistent areas from within a browser anyway, IMO.Candy wrote: I think executables are easily noticed in /var and /etc. Try /usr/local/bin, /usr/bin, /usr/local/lib, /lib etc.
cheers Joe