1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EverCookie Ban [Paid] [Deleted]

Discussion in 'Add-on Releases' started by Rigel Kentaurus, Mar 24, 2013.

  1. Rigel Kentaurus

    Rigel Kentaurus Well-Known Member

    Rigel Kentaurus submitted a new resource:

    EverCookie Ban (version 1.0.0) - Auto-ban users that return after banned

    Read more about this resource...
    DeltaHF, Velli and Alfa1 like this.
  2. Rigel Kentaurus

    Rigel Kentaurus Well-Known Member

    If you want to test this after installing I recommend the following

    1. Create a couple of users on your forum, say, John and Paul
    2. Go to your AdminCP and ban John
    3. Login with John. He should be banned and not able to browse
    4. Clear your cookies (forum won't let you logout), either login with Paul or create a new account
    5. After the second or third page you will be banned
    I have a protection in place so you cannot EverBan moderators or the admin, so you cannot ban yourself by mistake when testing this.

    Read more about evercookie on the link provided. Clearing them is extremely annoying.

    The ban is only as good as the ban of the original user, say, if you ban John for 3 days, Paul would be autobanned just for 3 days.
  3. Rigel Kentaurus

    Rigel Kentaurus Well-Known Member

  4. invite

    invite Member

    Thx for this, it works great. One Question, where may i get the further Updates? Do you send it via Email?


    Okay, i have registered an Account on your Forum, but i dont see the Evercookie Thread. My Nickname is "invite".
  5. Slavik

    Slavik XenForo Moderator Staff Member

    Any chance to implement this alongside the features of multiple account detection also? So we can see who is circumventing the bans.
    Allan and Jarod like this.
  6. Rigel Kentaurus

    Rigel Kentaurus Well-Known Member

    If you could go here and support my petition to the XenForo team to support updates on the add-ons, that would awesome:


    I am actually thinking on doing a "Clone" detector based on an evercookie. Only IP address checks are some times not enough, since they are only registered on posting and register.

    There are some issues, though. In my internal testing I have realized that you can only really have one reliable evercookie on the site, because it uses images and some other mechanisms, this means if we tried to use evercookie for 2 o 3 different things that would not work. Even though the cookies have a "name", some of the mechanisms do not support namespacing and end up corrupting other cookies.
  7. Alfa1

    Alfa1 Well-Known Member

    Thanks Rigel!

    Does this addon give everyone an evercookie or only banned members?
    It would indeed be useful to have evercookie work with a duplicate account detector, because a if a banned user will find himself banned instantly, then the user is forced to find the reason / clean the pc.

    Combining it with a detector or other advanced tools gives more options, like for example:
    • first collecting more IP information to allow even more effective banning. If the evercookie only does the detection, so related IPs get added to the IP ban list, then the user will get a message that their IP is banned. Most users will not suspect something like evercookie in this case, but will keep changing IPs if they can.
    • making the new accounts of the user a 'discouraged user'
    • sending the user to a webpage of choice
  8. Andrej

    Andrej Well-Known Member

    From the add-on description:
    So the cookie only is given once a user status is banned... I think... :)
  9. Alfa1

    Alfa1 Well-Known Member

    Yes, it seems that way. But since evercookie is a very delicate privacy concern and it would cause major problems to give evercookie to all users, its important to be very sure about this.
  10. Zephyr

    Zephyr Well-Known Member

    Hello, functionality to unban is planned please ? Else thank you for this addon.
  11. Rigel Kentaurus

    Rigel Kentaurus Well-Known Member

    Just the banned members get the cookie
  12. Rigel Kentaurus

    Rigel Kentaurus Well-Known Member

    If you remove the ban from the member, it will continue to be able to use the forum as before.

    Just, be careful because (example) ...
    You ban user A
    user B gets auto-banned by evercookie
    user C gets auto-banned by evercookie

    If you "unban" user A, but don't restore user B and C, then the next time that "A" logins to the forum (not banned anymore), it detects the evercookie for the still banned user C and ends up banning A again. So to effectively manually unban someone you need to do all the chain.

    Or, just let the ban expire, if it is, say, 1 day, the ban for everyone related to that expires at the same time.
  13. Zephyr

    Zephyr Well-Known Member

    Ok thanks :)
  14. lasertits

    lasertits Active Member

    Been using this for a few days now and I've noticed it creates a lot of get requests for logged in users (4 every couple seconds).

    Here's my nginx requests graph since installing:


    I noticed the evercookie website also does 4 gets every few seconds, but it won't do those get requests once I create an evercookie on their site: http://i.imgur.com/dDQZ6fG.png

    After I made the evercookie, I refreshed their site and it was no longer doing 4 get's every couple seconds.

    Does this mean the only users on my forum that won't get these 4 get requests are visitors that aren't logged in, and banned users who have an evercookie?
  15. silence

    silence Well-Known Member

    This error is spamming my error logs indefinitely!

    2013/05/22 10:03:59 [error] 4863#0: *10612 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: evercookie_png in xxxxxx/evercookie/evercookie_png.php on line 22" while reading response header from upstream, client:, server: xenogamers.org, request: "GET /everc$
    2013/05/22 10:03:59 [error] 4863#0: *9965 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: evercookie_cache in xxxxxx/evercookie/evercookie_cache.php on line 11" while reading response header from upstream, client:, server: xenogamers.org, request: "GET /ev$
  16. |Jordan|

    |Jordan| Active Member

    I get them too!

    PHP Notice:  Undefined index: evercookie_cache in ******\evercookie\evercookie_cache.php on line 11
    PHP Notice:  Undefined index: evercookie_png in ******\evercookie\evercookie_png.php on line 22
  17. silence

    silence Well-Known Member

    Should I be concerned I posted the directory listing of my site lol? If so can you censor that for me :D
  18. |Jordan|

    |Jordan| Active Member

    Generally yes its a bad idea. The less information you make public (this goes for personal information too), the better.

    You can censor it by editing your post and blanking out the directory.
  19. Rigel Kentaurus

    Rigel Kentaurus Well-Known Member

    Most likely this needs to be fixed on the php file. That file is part of the evercookie distribution itself. I'll have to take a look. It's just a warning, though.
  20. Brogan

    Brogan XenForo Moderator Staff Member

    I have edited the quote.

    And can I just say we have an uncanny resemblance.
    silence likes this.

Share This Page