User banning system ideas.

[SaCH]

Hello Friends,

 

Iam in a little bit confused matter. Iam developing a website & it requires a user's banning system too so my question begin here that if i use user's IP to ban but they can easy access the website by using different proxy sites & almost ip address are dynamic not static.

Banning their email is waste thing because they can create a new email within 1min.

 

Anyone have experiences in these things ? How we can ban a user permanently from accessing the website ?

[guinbRo]

What you're wanting to do is extremely complicated.  Now I'm sure someone can get you off on the right foot, but I want to help set down some of the ways I see this being possible.

 

First we have the challenge that the user can create a new email.  This is true, if possible you could try to do account verification by phone (text) since a new phone number requires a level of dedication that most people who are banned will not go to. 

 

The second option, and much more practical, would be one that logs the IP.  Now since an IP is changing you could pull a IP trace, and if the IP is near a certain area that has been banned then consider flagging the account for someone to review it. 

 

Third, and this isn't so much an option as it is an idea would be to simply display a server error.  Don't let the user know they've been banned when they visit the site.  This stops the user from trying to break the ban so to speak. 

 

Otherwise it's dang near impossible from keeping people off your site in my eyes.  Perhaps someone else has a solution to this, but this would be the way I see it. 

[SaCH]

 

The second option, and much more practical, would be one that logs the IP.  Now since an IP is changing you could pull a IP trace, and if the IP is near a certain area that has been banned then consider flagging the account for someone to review it. 

 

 

I think it will not solve the issue.Check out http://proxy4free.com it provides list of proxy sites based on different countries. Then how can we trace the area ?

[guinbRo]

 

The second option, and much more practical, would be one that logs the IP.  Now since an IP is changing you could pull a IP trace, and if the IP is near a certain area that has been banned then consider flagging the account for someone to review it. 

 

 

I think it will not solve the issue.Check out http://proxy4free.com it provides list of proxy sites based on different countries. Then how can we trace the area ?

 

But I think this answers your own question.  It is difficult to ban someone because there is no way to uniquely identify them on the web all the time.  So this means that banned users should have as many loops to jump through.  Ban their IP, ban their email, validate a phone (if possible, text is easiest), make the registration process as long as possible, log IPs in a certain region if it contains a user banned in the past week.  You want to keep banned users away, and honestly it's a gimmick.  How badly do you want the banned user to be kept off?  The more you try to do to keep the banned process automated, the higher amounts of hoops everyone has to jump through. 

 

I worked customer support for eBay for a couple years until just last month.  A banned user could usually get back onto the site with little work.  EBay would flag the account and someone would usually take a look at it.  Truth is bans require a staff or a person (depending on the scale of operation) to enforce.  At least in my eyes. 

[SaCH]

 

The second option, and much more practical, would be one that logs the IP.  Now since an IP is changing you could pull a IP trace, and if the IP is near a certain area that has been banned then consider flagging the account for someone to review it. 

 

 

I think it will not solve the issue.Check out http://proxy4free.com it provides list of proxy sites based on different countries. Then how can we trace the area ?

 

But I think this answers your own question.  It is difficult to ban someone because there is no way to uniquely identify them on the web all the time.  So this means that banned users should have as many loops to jump through.  Ban their IP, ban their email, validate a phone (if possible, text is easiest), make the registration process as long as possible, log IPs in a certain region if it contains a user banned in the past week.  You want to keep banned users away, and honestly it's a gimmick.  How badly do you want the banned user to be kept off?  The more you try to do to keep the banned process automated, the higher amounts of hoops everyone has to jump through. 

 

I worked customer support for eBay for a couple years until just last month.  A banned user could usually get back onto the site with little work.  EBay would flag the account and someone would usually take a look at it.  Truth is bans require a staff or a person (depending on the scale of operation) to enforce.  At least in my eyes.

 

Very sad to hear the sound. I think the verification process (Require the Voter ID Proof / Passport copy) will be safe but its too complicated & our system must be secure to deal with these features. Anyway thank you for sharing your experiences.

[dragon_sa]

Here is a possible way to do it, you are worried about proxy users, it is possible to block 99% of all proxy users with htaccess

 

read here

http://perishablepress.com/how-to-block-proxy-servers-via-htaccess/

 

You could then implement a combination or all of the other features aswell like ip banning, email address banning, sms validation and so on.

Paypal have a good method of depositing small amounts of money in a users bank account and the user has to enter the small amounts deposited. Google places sends out a post card to a business with a code on it, these are just some ideas.

Its not totally 100% but will make life very difficult for the persistent user.