The bane of an Admin's life...

[lazer]

Hey

Here's the scenario...

• A user abuses staff and members via posts and PC's
• User is banned
• User re-registers under a different name and email
• User is banned
• User discovers proxies, registers under a different name, IP and email
• User starts abuse again
• User then shows identity thru posts and PC's and is banned
• Repeat point 5 - 7 (up to 8 times a day)

I'm sure we've all had 'em but how do you make sure (in this scenario), the little bugger gets the message and stays away for good?

Cheers

 

[Biker]

There are various ways to block proxies, the easiest being via .htaccess.

You can try adding this to your .htaccess file.

# block proxy servers from site access
# http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:pROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]

Snagged from this site. http://perishablepress.com/how-to-block-proxy-servers-via-htaccess/

 

[lazer]

Thanks Biker.

Blocking proxies can also have a negative effect for regular members too though (even some ISP's use 'em), it's such a difficult call, to enable it on a big site.

 

[Biker]

You're going to have to decide whether you want to put some effort into this or not. There are ways of blocking anonymous proxies and leaving legitimate ones (such as those used by ISPs) alone. This will also depend on what type of access you have on the server.

 

[Naz]

Jeez, talk about no life

 

[lazer]

Jeez, talk about no life

Tell me about it...

You're going to have to decide whether you want to put some effort into this or not. There are ways of blocking anonymous proxies and leaving legitimate ones (such as those used by ISPs) alone. This will also depend on what type of access you have on the server.

So there are ways to allow ISP's and not proxies, such as Tor?

 

[Biker]

Yes, there are.

Here's a rather good paper from SANS Institute that talks about anonymous proxy detection and blocking.

http://www.sans.org/reading_room/wh...ecting-preventing-anonymous-proxy-usage_32943

 

[AndyB]

Just turn off registration for a few days. The banned user will lose interest and go away.

 

[mauzao9]

This is sadly one routine in large forums where mad users that got banned always want their daily "attacks" to our community.

We are frustrated because the script can't do anything more to defend the site from such behavior but must live with it, and try to react fastest possible when it happens.

 

[lazer]

Just turn off registration for a few days. The banned user will lose interest and go away.

Whilst a good thought, it's entirely not practical for our site...

This is sadly one routine in large forums where mad users that got banned always want their daily "attacks" to our community.

We are frustrated because the script can't do anything more to defend the site from such behavior but must live with it, and try to react fastest possible when it happens.

It seems so. Unless you're prepared to take drastic action that may actually prevent legitimate users from accessing your site.

 

[DBA]

One suggestion, instead of banning him make him a discouraged user and have every pageload be at least 30 seconds (among other "issues"). That's how I finally got rid of someone.

 

[lazer]

One suggestion, instead of banning him make him a discouraged user and have every pageload be at least 30 seconds (among other "issues"). That's how I finally got rid of someone.

I had tried the "discouraged" route but my pageload times were set at 5 - 20 seconds. I will try that in the next round, thanks DBA.

 

[Marcus]

I had a difficult case some years ago, he used an anonymous proxy. The police could stop that proxy and get access to his data.

 

[mauzao9]

I don't know if it would possible Xenforo Detects Proxies under registration and act like the Anti-Spam systems do. Or even put the user waiting manual approval.

 

[AWS]

This same user is hitting my site too. Driving my staff and I crazy.

 

[CTXMedia]

What about putting the first five posts in moderation for brand new users?

We're doing this on CycleChat at the moment to deal with the kitchen spammers, but it also stops other rubbish going "live" until we've had a chance to review it.

You'd be able to check IPs (discover if they are proxies), assess the context and writing style (presumably you've had enough flames to be able to spot them easily?), and it would stop the content of their new accounts hitting your live pages.

Just set Registered to 'Not set' for follow moderation rules, then promote after x posts to a usergroup that has this set to 'Allow'.

It's a bit more work for you and your moderator team and means that new members experience a slight delay in their posts appearing, initially, but just explain it's an anti-spam measure and they'll understand.

Cheers,
Shaun

 

[Paul B]

I have had it set like that on my site since day one and in fact I used that for the example in the manual: http://xenforo.com/help/user-group-promotions/

 

[lazer]

Good ideas guys but most of our members are new posters (technical support site), so a pre-moderation for all new members, whilst great in practice, could cause an inordinate amount of work for me and the rest of my team.

AWS and I are discussing this individual case, in an effort to conclude it.
Other than this idiot, we have had no real issues with this type of thing. I'm loathed to use a hammer to crack a nut.

 

[MikeMpls]

We dealt with one problem user by moving everything he ever posted into a locked "consolidated wisdon" thread & turned off his option to delete or edit his own posts.

What we really need is a "Tachy Goes to Coventry" addon.

 

[Renegade]

It is difficult to control such members while keeping your forum open for regular members and new registrations. We have had such members recently and it was painful.

The most that we could do was

• Put proxy sites on moderated registration using anti spam tools.
• Put the spammers IP/ISP block on moderated registration
• Enable word filters to put posts/PM on moderation queue
• Ban new IDs which pass this filter as they get reported

My community has been really patient and helpful in that regard.

We used to have first 5 posts under moderation earlier when we were on VB. The problem with that was most new-to-forum users would get confused and put off that their posts will take time to appear. Of course it is much easier to notice moderated posts on XF thanks to the moderator bar but we haven't got back to that yet.