| Author |
Message |
Dawg
RavenNuke(tm) Development Team
Joined: Nov 07, 2003
Posts: 928
|
 Posted:
Tue Feb 17, 2009 9:52 am |
|
Greetings All,
I am having a problem with 1 computer and several accounts. Here is what they are doing. They log in as User A and bring up service X....and then log off....log in as user B say how wonderful Service X is and then log off....log in as user C and say how wonderful Service X is and so on.
Is it possible to set a couple of "Cookies". One normal cookie that handles log in and log off....and another cookie that is more or less there forever that would flag User A, User B and User C as the same user with a display for Admins Only?
I do not know how many other sites have this same kind of issue....but it is a problem on more that one site I run. Any ideas on how to stop it?
Dawg |
| |
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Tue Feb 17, 2009 8:33 pm |
|
Does sound like a bot. Maybe a good addition to RNYA |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
Dawg
|
| Posted:
Tue Feb 17, 2009 11:44 pm |
|
No they are not Bots. They are real people. (They are not smart enough to write a bot to do it) They are just tring to sell service X is all. IS the cookie idea a good one? Would that work?
Dawg |
| |
|
|
|
|
evaders99
|
| Posted:
Wed Feb 18, 2009 12:52 am |
|
Assuming they're smart enough to clear cookies, no 
If we had some server-side protection (one account = one IP), that would solve your issue. Again, not to be used in all situations, but would be a nice feature of RNYA |
| |
|
|
|
|
Dawg
|
| Posted:
Wed Feb 18, 2009 5:25 am |
|
Evanders I would doubt they are smart enough to clear their cookies.
Something that flagged an account for admins when someone logs out and then right back in on the same Ip would be cool.
No action assocated with the flag....just flag it so the admins could take a look,
Dawg |
| |
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
| Posted:
Wed Feb 18, 2009 7:05 am |
|
It won't flag it up, but NS will show which IP address users are using and therefore you would be able to see if an IP address is using more than one account. Obviously this could be legit, but an admin could then monitor it. |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Wed Feb 18, 2009 7:14 am |
|
I know this problem very well and I believe there is no really solution.
I used the forums ban feature tracked new registrations through Resend Email and several other things but you will have always multi accounts. |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Wed Feb 18, 2009 9:03 am |
|
I don't mean to hijack this thread but I think this discussion fits here. I know it's been hotly debated elsewhere and I think there may have been discussions here from time to time. Do any of you disallow (substitute ban) the yahoo.com, gmail.com, etc. email domains from memberships? I'd like to hear the pros/cons from thise who do/don't. Thanks. |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Wed Feb 18, 2009 7:06 pm |
|
I allow Gmail because I have not had any problems with user using Gmail (yet) but I do block all the others including the whole MSN/Hotmail/Yahoo email accounts.
I work on the principle that anyone who needs access to stuff on my site would naturally have their own domain, ergo, they should use that domains email address.
That wouldn't work for a lot of sites but as my content is geared toward PHP coding/scripts it works for me.
I have had only two complaints in the last year but it's my site so they have to play by my rules, end of argument.
Edited by me to correct yet another typo grr. |
Last edited by Guardian2003 on Thu Feb 19, 2009 5:47 am; edited 1 time in total |
|
|
|
evaders99
|
| Posted:
Wed Feb 18, 2009 8:46 pm |
|
Given the amount of proxies, botnets, etc.. I don't do any banning. Not worth my time really. Granted, I have little lost besides my own time.
If I had the same person posting trash, I would do some temporary bans. I haven't had anyone persistent enough to warrant autobans (are they passing through public proxies or something??). |
| |
|
|
|
|
Susann
|
| Posted:
Thu Feb 19, 2009 6:50 am |
|
I banned them with all features I had also i used the Jail mod a time ago.
End of 2008 I decided its not worth the time anymore to check these multi players every day for around 1-2 hours. Sometimes I deactivet accounts because members informed me about someones behavior.
Many temporary e-mail addresses are not allowed but they still try to register.
Its often like a cat and mouse game because you can create free e-mail addresses on the fly and spammers and normal users use free services, proxies and temporary e-mail addresses in equal measure. |
| |
|
|
|
|
Dawg
|
| Posted:
Thu Feb 19, 2009 6:59 am |
|
Going back to the orgial issue. It would be nice if we could generate a report that flagged Accounts from the smae IP address. I would not think it would to tough to code....you hit the button and any accounts that share the same IP would be listed so you would know what ones to look at a little more closely....if you so desire.
Dawg |
| |
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania
|
| Posted:
Thu Feb 19, 2009 8:29 am |
|
You could easily do it if you just want to use the ip they last logged in with. I believe that is already stored in the user table. |
_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. |
|
|
|
|
Guardian2003
|
| Posted:
Thu Feb 19, 2009 8:49 am |
|
Hmm, interesting.....
If there was a way to detect when a user IP changed and then have a function to 'reset' their account with a new password that then requires mail authentication it wouldn't help with Dawg's problem but it would certainly help to stop multiple users using the same account. |
| |
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA
|
| Posted:
Thu Feb 19, 2009 11:43 am |
|
that would cause issues with users checking the site from more than one pc (work, home, etc) wouldn't it? |
| |
|
|
|
|
jakec
|
| Posted:
Thu Feb 19, 2009 11:50 am |
|
You can sort by tracked IP in NS. That would show you all users from the same IP address. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Thu Feb 19, 2009 12:05 pm |
|
Good point jakec, we should try to leverage NS more.
@ spacticdonkey Yes it probably could/would but it shouldn't be too hard to enhance that sort of method by counting the number of different IP's i.e. if more than three different IP's are used, go to reset mode.
I would be tempted myself to do that but I don't really have a need for it. The only time I track IP's like that is in my Shop where if more than 1 IP is used it resets the number of times they are allowed to download a product to nil. |
| |
|
|
|
|
Dawg
|
| Posted:
Thu Feb 19, 2009 12:24 pm |
|
I do not want to reset anything....just flag it for an admin report. There are times that it is legit....aq father and son for example....but other times it is nothing more than one useing trying to sell some crap or bump a thread.
Dawg |
| |
|
|
|
|
Susann
|
| Posted:
Thu Feb 19, 2009 4:01 pm |
|
I know you are looking for an other solution but I´m curious about your rules.
I changed mine several times and such things like trying to sell somthing is against my rules its not allowed.If they don´t follow I´m allowed to charge xx Euros for such entries because its a part of my rules and I find this helps a bit to prevent malpractice. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
