jkm4201

Hmmm.. that looks like it may work, I'll talk to the site owner about reimplementing the mail registration as well as an added annoyance to deter users from being malicious. I appreciate the help on this, I'm not overly good with php, mostly spend my time plugging away in C/C++, Java and Perl heh. Anyhow thanks

I'm not sure that would be the case tho, because I can do a partial ban of his IP address, ie instead of the whole numeric address, I can simply find his provider information at the end of his IP address: 123.123.123.mi.comcast.net And add that to the banned array, thus banning the entire Michigan Comcast service area. Then I would simply need to have users wishing to register on our website from that area contact me via email first with the username they wish to use so I could add it to the $Accepted array. As for the script itself, I don't know what the code is for validating and processing the registration atm, but other than that, does the code look pretty sound? // Written by Jeremy M. 8/10/07 (Riodan@comcast.net) // Purpose: // Check to see if a username is allowed to register then do so. // Else, check to see if the address is in the banned array and send banned message. <?php $banned[0] = "IP Address 1"; $banned[1] = "IP Address 2"; $banned[2] = "IP Address 3"; $banned[3] = "IP Address 4"; $Accepted[0] = "Username 1"; $Accepted[1] = "Username 2"; $Accepted[2] = "Username 3"; $Accepted[3] = "Username 4"; if (in_array($_SERVER['USERNAME'], $Accepted)) // Continue on with the registration process. (not sure what goes here yet) else if (in_array($_SERVER['REMOTE_ADDR'], $banned)) { echo "You have been banned from this website."; echo "If you believe you have received this in error contact us."; echo "admin@blah.net"; } else // Continue on with the registration process. (Not sure what goes here yet.) ?>

Against my better judgement, the owner of the boards wanted registration to be a seamless venture, thus he made it so when you create your account your automatically registered. Honestly though, the email would just be another step this malicious attacker would care less about, he has been attacking us for almost 2 weeks now. There are ways in which you could essentially filter out dynamic users in this situation, you can partial ban by their localization IP address, for example, if you had a user from 123.123.123.mi.comcast.net you could simply ban mi.comcast.net and it would ban him and anyone else from that area of service from connecting. The idea however is to put up a filtration wall that the users must get through before they are allowed to register on the website forums. Ideally, we'd want to do something like: // Written by Jeremy M. 8/10/07 (Riodan@comcast.net) // Purpose: // Check to see if a username is allowed to register then do so. // Else, check to see if the address is in the banned array and send banned message. <?php $banned[0] = "IP Address 1"; $banned[1] = "IP Address 2"; $banned[2] = "IP Address 3"; $banned[3] = "IP Address 4"; $Accepted[0] = "Username 1"; $Accepted[1] = "Username 2"; $Accepted[2] = "Username 3"; $Accepted[3] = "Username 4"; if (in_array($_SERVER['USERNAME'], $Accepted)) // Continue on with the registration process. (not sure what goes here yet) else if (in_array($_SERVER['REMOTE_ADDR'], $banned)) { echo "You have been banned from this website."; echo "If you believe you have received this in error contact us."; echo "admin@blah.net"; } ?> This code is concept only, I'm a dabbler and may have messed things up in it, but it should atleast illustrate what I'm seeking to accomplish. Instead of echoing the warnings, we could even go so far as to redirect them to a url with that message, either way would work fine. I just need a way to stop the user from getting into the site unless we specifically allow him/her to register with a predesignated registration name.

i'm assuming you are probably referring to using the .htaccess method I had mentioned earlier. I'm aware of that method but then again, it doesn't necessarily help me much. The user in question is using a dynamic IP address and is able to get around the standard IP ban. This is what has prompted me to look into alternative methods of dealing with him. I've probably IP banned 30 of his accounts so far in the last 4 days, and while I don't want to block his whole area off from our website, I'm running out of options.

Website Information: Powered by vBadvanced CMPS 3.0 RC1 Forums: vBulletin 3.6.7 PL1 Problem: Recently we had to ban a few users, these users however continue to plague us with repeated account recreations and destructive/abusive posting on our boards. I've researched a few different ways in which we could take care of the situation including creating the .htaccess file and putting in a partial or full IP/dns denial of service variable, but I really don't want to go to that extreme if I can help it. My first thought on this would be to find someone who could write up code that had the following functionality: Upon submitting registration on the website do the following: - Check flat file <path/banned.txt - If results of check for banned.txt return true, check path/allowed.txt - If allowed, continue registration, else redirect to blocked.php Is this even possible or are there any other ways to handle the situation that we find ourselves in at this point? I'm running out of options and the last option on my list is to ban a complete service area of the offending member's ISP(s).