More efficient banning?


#1

Instead of banning a user’s account (in which case they just make another account and its like banning never happened), have you guys ever considered banning the user’s IP Address? That way if they make a new account, theyre stillxbanned.


#2

The only problem I can see this causing is if 2 people from the same household have different accounts. If one gets banned, theyll both get banned…


#3

They do track user’s IP addresses when the situation asks for it. The other issue is that a user can utilize a different computer (be it at work, library, friends, etc;) to create a new account and no one would know the difference if they are smart about it.

That is of course unless the banned user was already associated with those IP addresses before the ban.


#4

There are a lot of ways around an ip ban though. How they ban people now works fine.


#5

It’s too easy to get around the bans.

IP ban: big deal. Do a DHCP release and then a renew. Assuming the provider randomly assigns from the pool, but they often will just re-assign the same address as that’s more compliant with the rules. It would screw people like me who use a static IP because I run services on my connection. Disney tried this on Virtual Magic Kingdom, but with multiple computers behind a NAT box and multiple kids playing, that didn’t fly to well.

Set Cookie:
Clear cookies, issue resolved. Disney tried this on Virtual Magic Kingdom. This was for the “rare” lifetime bans. It was designed to avoid this:

Make a new account. While for Virtual Magic Kingdom, a user with the cookie set couldn’t get on again, but if they cleared cookies and cache(or re-installed their OS and/or wiped their drive), it let them with the ability to come in.

Disable the account. Virtual Family Kingdom merely disables accounts rather than delete them, even at user requests. Deleting an account means it could be re-used. Disabling it prevents that ID from existing again. Most of the online kid games disable the accounts but then move them into a “blocked” database to ensure they are never used again. My kid was signed up for a game without my permission, and I promptly CALLED and had the account nuked. This is clearly in violation of the privacy agreement as they are still retaining my kid’s information. If I had the time and money, I’d sue them.

How YYE does it now is sufficient. It ain’t perfect but it works and is simple and easy.


#6

Depending on the situation we do block IPs, but as noted above DHCP issues make it not foolproof. Besides, if we started blocking ranges of verizon, comcast, centurylink etc addresses, half of you would be gone. :wink:


#7

That reminds me of a conversation I had with Comcast the other day. Apparently there were complaints that people couldn’t email me due to my blocks. While I was on the phone with their administration, I removed the blocks for 1 minute and ended up with 40 pages of error logs on my email server of spam trying to be delivered. I sent that to the admin person and said “and that’s why the blocks are staying in place”. It was hard to counter that kind of proof.

Keep in mind that large ISP’s are often not able to deal with their abuse issues properly. Banning is used as a last resort measure. If people behave, then there’s no need to ban.


(WildCat23) #8

40 pages :o That’s like all my emails from life! Well maybe not quite. I should say non-spam emails.


(Connor) #9

This. I can think of 3 ways around it just off the top of my head. Its really not that hard.