dcsimg
Results 1 to 3 of 3

Thread: How to protect a website from bad users

  1. #1

    Thread Starter
    Fanatic Member vuyiswamb's Avatar
    Join Date
    Jan 2007
    Location
    South Africa
    Posts
    823

    How to protect a website from bad users

    Good day

    We have a asp.net website high traffic website. When a user registers we store the ip address i that user,when the login we store all ip addreses he used and we have a blocking module which blocks a username and all the ip's associated with that username. So that those who want to create other accounts from same location will be blocked. This morning we had few incidents where we needed to block the fake user. Can anyone scrutinise my approach and there is anything to my approach that i can add to make it rock solid i would appreciate. We also have a mobile app which also does the same in terms of Imei and it blocks the phones which is easy.

  2. #2
    Fanatic Member namrekka's Avatar
    Join Date
    Feb 2005
    Location
    Netherlands
    Posts
    639

    Re: How to protect a website from bad users

    I don't understand the logic with IP-numbers. So if I have an account on my PC and my wife wants an account too what then? And suppose I have a network with more than 1 PC what then? Suppose I have an account and use the IP at home. I move to the airport, using a WIFI spot there....what then?

    Many think that an IP-number is some sort of personal number, but really it is not. Perhaps that fake account wasn't fake.
    Perhaps I will get a lot of comments, but my opinion is IP-numbers will say nothing.

  3. #3
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,523

    Re: How to protect a website from bad users

    Agreed, be very careful about blocking IP Addresses.

    1. It's likely to block people who have nothing to do with your target. You wouldn't want to, for example, accidentally block an internet café or a school just because one bad user happened to access your site form there.
    2. It's likely that it won't block the person you want it to. Bad Users are exactly the type to sign up for a dynamic proxy IP system that changes their IP every time they connect.

    Blocking IPs does tend to be quite effective against spammers because they typically don't care enough to get clever and just batch out a bunch of stuff from a single location. But when you're trying to stop people swearing, getting them to obey the rules etc. it doesn't really help. We block IPs but only if someone is repeatedly recreating an account each time we ban one or for spam.

    Captcha's and the like can help prevent people from automating the enrolment process and I've even come across one forum that requires a captcha for every post but that seems overkill to me (this was a tropical fish forum - honestly - how much hatemail can a tropical fish forum attract)

    Requiring the user to enter an email address can also help as it requires them to offer up something (if not much) of themselves. Psychologically people tend not to want to do that if they have bad intentions.

    The slightly unpalatable truth is that you can't really block truly malicious people. They get through if they want to. You can really just make it more difficult for them. What you really need is a team of moderators willing to work for a very reasonable rate
    You can depend upon the Americans to do the right thing. But only after they have exhausted every other possibility - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width