1

Topic: Ban by name : case sensitive?

Hello all,

I would like to know if the username I want to ban is case sensitive or not.
I do know it's insensitive for a registered member as mentionned in the description of the first ban page in the admin section, but what about guests in the ?Supplement ban with IP and e-mail# page? ?
(i'm still running 1.1.5)

I have another question/suggestion : you know, it is easy for a guest to change its username, and IP ban can't do all (especially if the invader has non static IP), so I think it would be great to use a special cookie against the banned guest, making more difficult for him to come back.

In my example : I have banned someone. Of course, he comes back (yes, he's stupid but he is French smile ) ; so, I banned him one more time. I'm patient smile But a cookie would be nice, no ? once he is banned a first time, no matter what IP/username he uses : the cookie is another protection.
Ideas ?

(I hope you can understand me smile )
Thanks,
abclf.

2 (edited by Smartys 2005-06-10 19:26)

Re: Ban by name : case sensitive?

abclf wrote:

so I think it would be great to use a special cookie against the banned guest, making more difficult for him to come back.

That already happens if you ban them by username wink
When they try to login the cookie gets set with their info: they have to delete the cookie to do anything.
Plus, cookies don't help if people know they're there and delete them wink

3 (edited by abclf 2005-06-10 19:46)

Re: Ban by name : case sensitive?

Are you sure about the guest and the cookie ? If I ban a guest (by his common username), do you think a cookie is made, when he comes back, to protect the forum from his future attacks, if using other usernames ?

Plus, cookies don't help if people know they're there and delete them wink

Of course smile But if they don't, it helps ; you know, you can't protect your house, but you can make more difficult and time consuming to enter. So, more protections = more time to bypass them (amha). Search in the cookie and delete them, it's easy, but it's boring smile

Thank you for replying so quickly.
abclf.

Re: Ban by name : case sensitive?

abclf: Banning by itself won't set a cookie. However, if you user logs in when they are banned (which can only happen I believe if they're banned by username) they can't logout and they can't register a new account until they delete the cookie

5 (edited by abclf 2005-06-10 20:11)

Re: Ban by name : case sensitive?

hum : but do a guest log in ?

Here it is what I understand :
Case 1 : it's a member : as soon as he logs in, a cookie is done to avoid his future coming back (right ?)
Case 2 : but for for a guest ? A guest doesn't log in, so ?

abclf.

Re: Ban by name : case sensitive?

You have both cases right smile

7

Re: Ban by name : case sensitive?

arf ;

so, if a guest doesn't log in -because it's a guest and a guest doesn't log in-, the script won't sent him a «ban-cookie» ?
Here it is the main subject of my post : I have banned mister Aaa Bb Cccc ; he will surely come back and first, he will test posting with his usual name (Aaa Bb Cccc) ; if he can't he will try with (aAa bb cCC for example), and so on.
What I suggest/ask : at the first step, the script sets a generic «ban-cookie» = this computer banned.

I'm too long ? smile
abclf.

Re: Ban by name : case sensitive?

PunBB never sends a "ban cookie"
What happens is if you're logged in as a banned user, you're "stuck" banned because all your user data is in the cookie and it's checked every time you load the page

9 (edited by abclf 2005-06-10 21:05)

Re: Ban by name : case sensitive?

And guests never have cookie ?

Re: Ban by name : case sensitive?

cookies are not an effective way of banning, they can just be deleted thats why their IP is also banned

11 (edited by abclf 2005-06-10 21:21)

Re: Ban by name : case sensitive?

Hello Connorhd,

IP is not the "fatal weapon" neither smile
Of course one can delete cookie, but one can also change its ip, (or maybe use proxy, anonymizer) and so on.

What I understand in fact is that the protection is better against banned member :
When I ban a member, he will have to delete his cookie to come back, agree ? No way to avoid this step, ok ?
But, if i ban a guest, I'm limited to the IP/username/email : if he uses non static one, I will have to ban him day after day (each time his IP changes).
With the help of a cookie, he will need to delete this cookie first : it's a one more step. Yes, I agree, it is easy to do but it's annoying.

Thanks for your interest,
abclf.

Re: Ban by name : case sensitive?

I've been in debates such as this many times before. Thing is, there isn't anything more you can do on the server side. IP ban is no fool-proof way of  shutting someone out, but it's the best tool available.

Oh, before anyone asks: No, you can't ban MAC addresses. You can't get a hold of a visitors MAC address. You can get the MAC address of the first node on the route to the visitor, but that will in 99% of the cases be your own ISP's router or something like that.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

13

Re: Ban by name : case sensitive?

Here there is my little problem : I want to ban/exclude one guest.
Ok, first I ban his usual name (hope it is case insentive), second I ban his IP. I'm protected for this day smile
Of course, the day after, when his IP has changed, he comes back.
Reban his new IP smile and so on.

What I suggested in this post is : imagine I ban the IP number xxxx ; the ip owner (guest) comes back and is recognized : he can't do anything that day.
What I suggest is : as soon as he is recognized, first sent a ban-cookie for having another level of protection. I suppose it is not very difficult to do. So, when he comes back, with another IP, he will be identified as banned, whereas is IP has changed.
Do you see what I mean ? I would like the program to be more active in case of banning.

Of course I know cookie are not the ultimate solution, but IP?, but it is annoying to delete them.

What do you think about it ? Really useless ?
I remember I was banned from a forum - not this one, pfff - and I remember I was sent a cookie ; of course I deleted it, but just one time smile

Thanks,
abclf.

Re: Ban by name : case sensitive?

The problem with a "ban cookie" is when/how to remove it when the ban is lifted.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

15

Re: Ban by name : case sensitive?

1/ there is such a cokie
2/ the script identifies the cookie
3/ the script asks the database to see if the ban is effective at this time or if it has been suppressed, deleted...
4/ the ban is effective : banned / the ban is deleted : delete cookie
I'm not a programer smile

Re: Ban by name : case sensitive?

abclf: how would it link the cookie to a specific ban?

17

Re: Ban by name : case sensitive?

No way to make unique cookie and to connect it to the database ?
I don't understand : when the script sent the ban-cookie, say it writes something on to identify his owner ; the next time the cookied guy come back, the script reads the ban-cookie and reads the database t see if the ban is still active. Other simple solution would be to limit the life of the cookie (time validity) : say, ban for a month, a week, or something else. No ?
(I have to go ; be back that night)
abclf.