I'm curious if anyone has come up with an innovative way to block
someone from submitting a form. I've tried each of these, with limited
success:

1. Block by IP (ie, 192.168.2.1) - works great unless they're on dial-
up or have a dynamic IP.

2. Block by block of IP addresses (ie, 192.168.xx.xx) - horrible idea,
this blocks anyone using a specific ISP. This is only good to block
anonymous IPs.

3. Log computer components (screen resolution, browser, OS, etc), and
block anyone meeting all of those same variables. Not very effective;
too many people use the same default settings, and you don't want to
block all of them. It does work effectively to block international
users, robots, and hackers, though.

4. Set a - this was the most logical; set a boolean field in
the user database, and make this field "true" when you want to block
that user. Then, write the program to set a permanent if this
field is true. The form then checks for this . Works great until
someone figures out the trick.


Any other ideas?

"Jason" <jwcarlton@gmail.com> wrote in message
news:1190178762.267260.102110@d55g2000hsg.googlegr oups.com...
> I'm curious if anyone has come up with an innovative way to block
> someone from submitting a form. I've tried each of these, with limited
> success:

"Log of computer components..."
If you use this method you have too much of a chance of blocking
legitimate users.

Blocking an entire IP block
For me this would depend... if my primary user base was USA and Canada
and maybe some European countries and I was getting somebody coming in from
Singapore and spamming my site I would have no problem blocking the entire
IP block.
But if, as an example, your user base is primarily USA and the person
you want to boot is a US AOL user then I wouldn't ban the block.
Basically what you have to look at here is: if you ban an entire IP
block, what could this mean to you and your user base?


What I have done is:

Set a
This actually does work most of the time, but it does depend on the
computer/internet knowledge of the person you want to block for how long/if
until they figure it out.

Block IP address
If they have dial up, this won't you.
You can maybe figure out how likely it is they are on dial up or high
speed internet: If they are spamming your boards or something of that
nature its probably likely they are using high speed (faster to get the work
done). But you can also get their IP address and check it against an IP
lookup service like www.arin.net
If they have a dynamic IP I wouldn't worry about that and still block
the IP. Most dynamic IPs are usually used by the same person for a week or
two before they renew the IP (and even then they usually get the same the IP
address)... but even if thats the case you don't have to ban the IP for all
eternity: just block it for 1 or 2 weeks, maybe a month. If the person is
a malicious user then odds are pretty good they will just try a couple of
times and after a few days just move on.


But you might also want to look in things like:
How are they posting? IE: are they actually coming to your website? Or
just running a script on their own site that is submitting to your forums?
If they are making user accounts and then posting to your site is there
something you can do with that? IE: can you set all "new users" so that any
posts or threads started by them are moderated until they have made X number
of posts? (the posts don't show up on the site until approved by a
moderator).
If there anything you can filter out from the posts? IE: are they
always posting links to www.exampleofmakemoneyonlinesite.com that you can
just filter out and block from being posted?

On Sep 19, 7:45 am, "Auggie" <Imperial.Pal...@Rome.It> wrote:
> "Jason" <jwcarl...@gmail.com> wrote in message

> If they have a dynamic IP I wouldn't worry about that and still block
> the IP. Most dynamic IPs are usually used by the same person for a week or
> two before they renew the IP (and even then they usually get the same the IP
> address)... but even if thats the case you don't have to ban the IP for all
> eternity: just block it for 1 or 2 weeks, maybe a month. If the person is
> a malicious user then odds are pretty good they will just try a couple of
> times and after a few days just move on.

I think AOL still do that weird IP proxy thing; while YOU may have one
IP address for a short time, they have 100s of proxies with 1000s of
IP addresses. As an AOL user, requesting one page may result in many
IP addresses (at the same time) being used to fetch the content to
you. For example, the page is requested under one IP, the header
graphic under another, the scripts from another... Makes it very hard
to block some users.

The only semi-reliable way is via ; this is why some large
commercial sites insist on them. No = no tracking = no entry to
our site. We do this on band web sites specifically so we can block
abusive users. It's a shame we need to do it at all, but we tried IP
blocking and it just doesn't work on a busy site.