Keeping Pesky Varmints Out?

[AussieDave]

Hi all,

Got a bit of a problem and thought I'd run it past you guys (and girls) to ask if anyone can drop me some ideas how to fix this issue.

I have a member based section that is password protected. The user management script is php and it writes the users details to a database.

The issue...I have is a user who had their free membership declined and is now signing up with to multiple accounts.

Not that he can gain access because all applications are manually verified. However it's a pain in butt.

Although I can use a .htaccess file to block IP's or entire IP blocks it's useless in this situation because the user IP is dynamic. If I were to block the entire IP range I'd be block legitimate users too.

I had the idea of dropping a cookie into each peeps PC from the sign-up page. As only one registered user is allowed per PC/household I though this would be an affective way to stop this person abusing the registration form.

However the obvious flaw is if one deletes their cookies.

So if anyone has a better idea or some other suggestion to fix this problem I'd sure appreciate the input.



Cheers

Dave

 

[Casinomeister]

...Not that he can gain access because all applications are manually verified. However it's a pain in butt...

That's life in webmasterland - these people are known as "ass-clowns" or "time-vampires". The best way to deal with this is manual verification.

vBulletin has a number of plugins that can assist, but if this is just a php script, you're going to have to stick with just watching the signups yourself.

The sign ups in Casinomeister are moderated as well - not so much as to keep ass-clowns at bay, but to watch for bots and spammers. They are pretty stupid and easy to nail - but it's all a big hassle and like you said, a pain in the butt.

 

[Simmo!]

The only other thing I can think of is to put in an email verification link, and have the script check to see if the email address is already in the database first and decline to send the link. Most people will only have a few email addresses so after a few attempts he may run out. Its far from perfect...if he has his own domain name he could set up unlimited emails, but then you could ban that domain in the email verification script.

 

[AussieDave]

The only other thing I can think of is to put in an email verification link, and have the script check to see if the email address is already in the database first and decline to send the link. Most people will only have a few email addresses so after a few attempts he may run out. Its far from perfect...if he has his own domain name he could set up unlimited emails, but then you could ban that domain in the email verification script.

Hi Simmo,

Thanks for the imput

The script already has this feature, however, this guy is a persistent "ass clown"...lol

So far he's up to 47 free email accounts. I wondered if it was bot but on checking it's obviously someone who doesn't like being told no.

Until last week the system was sending out notifications via a legit email addy associate to the domain. However on Saturday I received a response from a denied account.

It was aimed at mother it was extremely vile to say the least. I sure hope this is not common practice.

Still I had the last laugh...The clown forgot that live.com.au appendages a persons name and originating IP to outgoing emails.

Responding with that fact and few other PC details seems to have stop that one in his tracks.

Anyway...thanks for the input guys!


Cheers

Dave