EverCookie Ban [Paid] [Deleted]

Rigel Kentaurus

Rigel Kentaurus

Well-known member
Rigel Kentaurus submitted a new resource:

EverCookie Ban (version 1.0.0) - Auto-ban users that return after banned

If you have members that have trouble with the concept of "Being Banned", you can
use this to make their experience of returning to the forum a little more difficult

EverBan uses an EverCookie, to register users that have been banned.
If the user registers again he is instantly banned, and even if the user clear cookies the EverCookie persists.

Read more about EverCookie here: http://samy.pl/evercookie/

Please note, this will not prevent someone that knows what he is doing from...
Click to expand...

Read more about this resource...
 
If you want to test this after installing I recommend the following

  1. Create a couple of users on your forum, say, John and Paul
  2. Go to your AdminCP and ban John
  3. Login with John. He should be banned and not able to browse
  4. Clear your cookies (forum won't let you logout), either login with Paul or create a new account
  5. After the second or third page you will be banned
I have a protection in place so you cannot EverBan moderators or the admin, so you cannot ban yourself by mistake when testing this.

Read more about evercookie on the link provided. Clearing them is extremely annoying.

The ban is only as good as the ban of the original user, say, if you ban John for 3 days, Paul would be autobanned just for 3 days.
 
Thx for this, it works great. One Question, where may i get the further Updates? Do you send it via Email?

//

Okay, i have registered an Account on your Forum, but i dont see the Evercookie Thread. My Nickname is "invite".
 
Any chance to implement this alongside the features of multiple account detection also? So we can see who is circumventing the bans.
 
invite said:
Thx for this, it works great. One Question, where may i get the further Updates? Do you send it via Email?

//

Okay, i have registered an Account on your Forum, but i dont see the Evercookie Thread. My Nickname is "invite".
Click to expand...
If you could go here and support my petition to the XenForo team to support updates on the add-ons, that would awesome:

http://xenforo.com/community/threads/support-paid-add-ons-with-an-editable-list-of-users.46068/

Slavik said:
Any chance to implement this alongside the features of multiple account detection also? So we can see who is circumventing the bans.
Click to expand...
I am actually thinking on doing a "Clone" detector based on an evercookie. Only IP address checks are some times not enough, since they are only registered on posting and register.

There are some issues, though. In my internal testing I have realized that you can only really have one reliable evercookie on the site, because it uses images and some other mechanisms, this means if we tried to use evercookie for 2 o 3 different things that would not work. Even though the cookies have a "name", some of the mechanisms do not support namespacing and end up corrupting other cookies.
 
Thanks Rigel!

Does this addon give everyone an evercookie or only banned members?
It would indeed be useful to have evercookie work with a duplicate account detector, because a if a banned user will find himself banned instantly, then the user is forced to find the reason / clean the pc.

Combining it with a detector or other advanced tools gives more options, like for example:
  • first collecting more IP information to allow even more effective banning. If the evercookie only does the detection, so related IPs get added to the IP ban list, then the user will get a message that their IP is banned. Most users will not suspect something like evercookie in this case, but will keep changing IPs if they can.
  • making the new accounts of the user a 'discouraged user'
  • sending the user to a webpage of choice
 
Andrej said:
So the cookie only is given once a user status is banned... I think... :)
Click to expand...
Yes, it seems that way. But since evercookie is a very delicate privacy concern and it would cause major problems to give evercookie to all users, its important to be very sure about this.
 
Hello, functionality to unban is planned please ? Else thank you for this addon.
 
Alfa1 said:
Thanks Rigel!

Does this addon give everyone an evercookie or only banned members?
It would indeed be useful to have evercookie work with a duplicate account detector, because a if a banned user will find himself banned instantly, then the user is forced to find the reason / clean the pc.

Combining it with a detector or other advanced tools gives more options, like for example:
  • first collecting more IP information to allow even more effective banning. If the evercookie only does the detection, so related IPs get added to the IP ban list, then the user will get a message that their IP is banned. Most users will not suspect something like evercookie in this case, but will keep changing IPs if they can.
  • making the new accounts of the user a 'discouraged user'
  • sending the user to a webpage of choice
Click to expand...
Just the banned members get the cookie
 
Zephyr said:
Hello, functionality to unban is planned please ? Else thank you for this addon.
Click to expand...
If you remove the ban from the member, it will continue to be able to use the forum as before.

Just, be careful because (example) ...
You ban user A
user B gets auto-banned by evercookie
user C gets auto-banned by evercookie

If you "unban" user A, but don't restore user B and C, then the next time that "A" logins to the forum (not banned anymore), it detects the evercookie for the still banned user C and ends up banning A again. So to effectively manually unban someone you need to do all the chain.

Or, just let the ban expire, if it is, say, 1 day, the ban for everyone related to that expires at the same time.
 
Been using this for a few days now and I've noticed it creates a lot of get requests for logged in users (4 every couple seconds).

Here's my nginx requests graph since installing:

EJeDjAz.png


I noticed the evercookie website also does 4 gets every few seconds, but it won't do those get requests once I create an evercookie on their site: http://i.imgur.com/dDQZ6fG.png

After I made the evercookie, I refreshed their site and it was no longer doing 4 get's every couple seconds.

Does this mean the only users on my forum that won't get these 4 get requests are visitors that aren't logged in, and banned users who have an evercookie?
 
This error is spamming my error logs indefinitely!

2013/05/22 10:03:59 [error] 4863#0: *10612 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: evercookie_png in xxxxxx/evercookie/evercookie_png.php on line 22" while reading response header from upstream, client: 206.107.117.6, server: xenogamers.org, request: "GET /everc$
2013/05/22 10:03:59 [error] 4863#0: *9965 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: evercookie_cache in xxxxxx/evercookie/evercookie_cache.php on line 11" while reading response header from upstream, client: 206.107.117.6, server: xenogamers.org, request: "GET /ev$
 
silence said:
This error is spamming my error logs indefinitely!

2013/05/22 10:03:59 [error] 4863#0: *10612 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: evercookie_png in xxxxxx/evercookie/evercookie_png.php on line 22" while reading response header from upstream, client: 206.107.117.6, server: xenogamers.org, request: "GET /everc$
2013/05/22 10:03:59 [error] 4863#0: *9965 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: evercookie_cache in xxxxxx/evercookie/evercookie_cache.php on line 11" while reading response header from upstream, client: 206.107.117.6, server: xenogamers.org, request: "GET /ev$
Click to expand...

I get them too!

Code: 
PHP Notice:  Undefined index: evercookie_cache in ******\evercookie\evercookie_cache.php on line 11
PHP Notice:  Undefined index: evercookie_png in ******\evercookie\evercookie_png.php on line 22
 
|Jordan| said:
I get them too!

Code: 
PHP Notice:  Undefined index: evercookie_cache in ******\evercookie\evercookie_cache.php on line 11
PHP Notice:  Undefined index: evercookie_png in ******\evercookie\evercookie_png.php on line 22
Click to expand...
Should I be concerned I posted the directory listing of my site lol? If so can you censor that for me :D
 
Generally yes its a bad idea. The less information you make public (this goes for personal information too), the better.

You can censor it by editing your post and blanking out the directory.
 
Most likely this needs to be fixed on the php file. That file is part of the evercookie distribution itself. I'll have to take a look. It's just a warning, though.
 
You must log in or register to reply here.

Similar threads

X
Forum reply ban by Xon [Paid]
Replies
2
Views
387
Xon
X
X
Permission Improvements [Paid]
Replies
7
Views
872
Xon
X
tofia
Slots [Paid]
Replies
0
Views
330
tofia
tofia
Ozzy47
[OzzModz] Disable Push Notification Message
Replies
0
Views
159
Ozzy47
Ozzy47
Ozzy47
[OzzModz] User Style Playlist [Paid]
Replies
0
Views
163
Ozzy47
Ozzy47
Top Bottom