I have a major problem with a user creating many accounts spamming everything, they are traced to the same ip. Does anyone know a simple and easy ip ban script I can put in to stop it? Thanks
As you have found, getting a different IP address is easy and banning them provides no protection.
1) If you are not already doing so, use email opt-in registration, where your registration script sends an email to the email address they entered, and they must click on a link in the email to activate their account. This will require that they have an email address that they have access to. You can than ban that email address when you disable the account of any spammer to prevent them from using it again to create another account. Throw-a-way/free email address are also easy to get, but this might slow them down enough so that they will go elsewhere.
2) Close the loop holes in your code that is providing the benefit to the spammer. If he is posting content/links, add filters to detect that content and prevent those posts... If he is using email header injection to send out spam email, add filters to detect that content and prevent those emails from getting sent...
3) If you believe the content is being automatically posted, add some tricks to your from processing code to detect and prevent automated posts. Typically a good image CAPTCHA or a random set of human only questions/answers...
__________________
If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.
In addition to disabling any accounts he is creating and banning any registration email address he has used, if the abuse is of an email system, you would need to put limits on how often an email can be sent, how many recipients each one can have, and limit the total number in any period of time.
For example, limit emails to no more than one in a 60 second interval, a maximum of one or two TO: recipients and one or two CC: recipients, and a maximum of 10 per hour/30 per 24 hours... Use whatever values would be appropriate for normal usage of your system.
If the email feature is not critical to your application, temporarily disable it while you put safeguards in place. Maybe he will go elsewhere if he thinks the email system does not exist anymore.
Edit: It sounds like the benefit he is receiving by doing this is just a boost to his ego. Takeaway this benefit and he will go elsewhere.
__________________
If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.
Last edited by CFMaBiSmAd; 08-24-2007 at 10:51 PM..
CFMaBiSmAd, that is a excellent idea, about putting a time limit on game mails. I will do that. I think I fixed the problem, I had my host tech support help out. All but his original account starts with 172 and no other users start with that. So I did a 172.* which any IP that starts with 172 will be blocked from the site. I really hope this work and that it won't stop normal people. Thanks to all of you.
Before you post, read our: 
