OSDev.org

At this forum I'm a member of, we've been having quite some problems with this one user. The admins've banned several of his accounts, both IP-ban and email ban, but he still occasionally logs in. Now I know 'bout IP masking proxies to allow people to go 'round IP bans, but how he got 'round the email ban's beyond me. Anybody here know how to prevent this (and preferably the IP proxy workaround as well)? It'd really help alot. Forum uses Invision Power Board 1.3.1 Final, if that helps.

The problem with email banning is, you can get free email address from many places on the net. So it does very little good since he can choose a different email address.

I find the best way to ban someone like that is to cookie ban them. Hopefully he isn't smart enough to delete the cookie set by the site, and it will say he is banned no matter what ip or email he uses.

But I don't know if it's a feature in IPB. I know SMF and YaBBSE cookie ban.

I'll ask (He's probably smart enough to remove the cookies, though)

sounds fimilar....meaning sounds like some guy on my forum.

What i've done is banned like this huge list of proxies and for emails....i never did find a solution.

I would be interested in this solution though.


P.S. The cookie thing usually doesnt work.

What'd be the legality of dumping a file in some obscure place on his computer - not a cookie, but use one of the great many exploits to put something vaguely system-sounding in the C:\ root (assuming he's using Windows - not a clue how to do this to a *nix machine)?

TheUnbeliever wrote: ... - not a clue how to do this to a *nix machine)?

You could drop something in the /var or /etc directory. If the user is not a unix geek (which is unlikely for badly-behaving people), he/she probably won't look there. If he/she _is_ a unix geek, you probably won't find an exploit anyway. ;D

cheers Joe

JoeKayzA wrote:

TheUnbeliever wrote: ... - not a clue how to do this to a *nix machine)?

You could drop something in the /var or /etc directory. If the user is not a unix geek (which is unlikely for badly-behaving people), he/she probably won't look there. If he/she _is_ a unix geek, you probably won't find an exploit anyway. ;D

I think executables are easily noticed in /var and /etc. Try /usr/local/bin, /usr/bin, /usr/local/lib, /lib etc.

Candy wrote: I think executables are easily noticed in /var and /etc. Try /usr/local/bin, /usr/bin, /usr/local/lib, /lib etc.

Indeed, when it really needs to be an executable. I thought of a cookie-replacement, a plain data file. But on a unix-machine, it is highly unlikely to get write-access to persistent areas from within a browser anyway, IMO.

cheers Joe