i am looking for a way to ban pesky users of my site. not just users who break a few rules...users who exploit the site and abuse other users as well. IP banning is useless since they are back with a proxy within minutes any alternatives?
They can clear cookies. Best way is block proxies sitewide in your script. And ban ip ranges, since some ISP give them dynamic, which changes everytime they connect.
Maybe the trick would be to try and identify the bad behaviour automatically rather than identifying it manually and blocking their IP address automatically. You didn't say much about what these attackers are actually doing but I am going to have a couple of guesses. If they are doing automated spam, they probably have strange UserAgents, Referrers and behaviour patterns. They won't request images, javascript or css files and there will only be a 1 or two second gap between requesting the first page and posting the spam. All of these characteristics can be detected and should enable you to block them. If these are real people using real browsers to harass your other users, you might be able to identify their speech patterns. Simple filters looking for certain words they use a lot could help dramatically and training your Bayesian spam filter on their comments could be even more effective. You can also use other identifying hints such as UserAgent and time of day in addition to the Bayesian filtering to help decide whether these are your pesky users or not. Depending on which proxy site they are using you may be able to detect that they are behind a proxy and even what their original IP address is, either of which would be a good clue to identifying the bad people. If they are exploiting security holes in your site then the solution is to fix the security holes, not to ban the users exploiting them.
thanks for the help, but that's not what it is my site is a radio, offering requests and dedications. requests are limited to 1 per IP every 30 minutes, but they use proxies to get around and request many songs, driving my playist up to 150 requests which takes about 2 days to play. sometimes they also write profanity and i'm not always there to moderate. i have been taking out the requests of those who have been putting the same nickname in the requests and requests which come from countries where i am positive none of my visitors live. i guess this is something i have to plan out and deploy on the next version of the site
Hmmm... I kind of assumed you were running a forum or a blog with comments. As far as the profanity is concerned, standard spam identification tricks should work. Just train your spam filter to recognise the profanity as spam and put it all in a moderation queue, not on the public site. If the comment is associated with a request then you should move the song request to another queue as well. As for the fake radio requests... I think whitelisting your regular requesters might be the best solution. If you can identify the people who play by the rules (maybe with an IP address/username combination or username/password combination) then you can let those requests skip to the front of the queue. Maybe you should have two queues, one for confirmed users and one for everybody else. It doesn't filter out the bad ones but at least it doesn't penalise your real listeners. You can still use PHP to identify when people are using some proxies. If $_SERVER['X_FORWARDED_FOR'] is set then they are using a proxy and the value in that variable will be their original IP address. Not all proxies set this value but it should help identify at least some of them. You could also maintain a list of known proxies (Digg security upcoming is a good place for lists of proxies) and identify the IP addresses of the proxies. Someone above mentioned "Cookie banning" which I assume means that you set a unique cookie for every new visitor. If a visitor doesn't have a cookie, they must accept a cookie and wait 30 minutes before requesting their first song. You can then use the unique cookies to keep track of your users instead of IP addresses. By forcing new users to wait 30 minutes, the pesky users can't get around it by just deleting their cookies. Normal users will only ever have to wait once because after that they will have a valid cookie. If a valid user doesn't accept cookies, you can track them by putting the unique value as a query parameter on all of their GET strings. There are a bunch of good ideas and some interesting discussion about proxy detection here: http://www.osix.net/modules/article/?id=765 I quite like the idea of using an embedded rtsp:// URL to avoid their http:// proxy server. That's downright clever. If you do all of these things I think you will be able to identify a lot of the naughty people and also avoid letting them inconvenience the good people. If you only want to do one, I would go for either the spam filter or the cookie tracking - whichever you think is most important to your site. Good luck !
Actually, now that I have Googled "Cookie banning" it seems that this term simply refers to giving your bad users a cookie whenever you identify them and using that cookie to identify them again next time they visit using a different IP address. Of course, they can get around this by deleting your cookie or not accepting it in the first place.