Jump to content

Suggestion about spam and BAD members

Guest Vector Sigma

Recommended Posts

Hello people,

I want to say that IPB is by far the BEST forum platform EVER.

I want to make some suggestions for the new IPB 3.0.0. I don't know if those are exist already but i really want to see them in action.

All of the forums have bad members that really mess up the board and sometimes they make the life of admin and global mods difficult.

One way to eliminate this is to install a mod called Token Of Death that will make some hard work for you but this is not very accurate all the times.

Then i had an idea. How many people in one forum have the exact same password? I mean realy if you could see the password of the users there are no many users with the same password. You even may find only 2 or 3 pair of users having the same password.

What if we used a code to alert us immediately if 2 users uses the same password? That way we could take the apropriate messures. For example a message could inform us IF

1. a members has the same IP AND
2. a members has the same pass

or a password that seems similar to others password...

example. a pass like 123456 is similar to 123456_0

I think it is a very alternate way to check for bad members. I know it is very easy for someone to change its password but think of the sitiuation a bad members would be if he has to change pass with every diferent username he enter.

Please advice if this could be make it or not.

Link to comment
Share on other sites

Well password check will be like an extended part of a defense system. Not the unique part for ban a member. Usually a spammer registers multiple accounts with same password for easy to remember. If we make his life difficult then we will break his nerve and after an amount of time he will quit the trying for messing up the board.

I think it is a nice add-on for our boards.

Link to comment
Share on other sites

The "token of death" mod, while interesting, is not something we would include in a professional software package I'm afraid. ;) It will have to remain a mod.

And there's no way to check the passwords to see if they are the same. While the salts are available in the database, we have no way to determine (except upon login) what the original password was for comparison, thus there's no way to know if any two are the same.

Besides, that's not indicative of a bad member in my eyes. Neither are duplicate IPs if you ask me.

Link to comment
Share on other sites

Well you can salt the password from the input then try to match it in the database.

If you tell them that someone has that password then all they need to do is go down the list of members and try each members login with that password.

It doesn't work that way...

We salt the password during login and confirm the user used the correct password. Now we have that user's password. Tell me....how would we then look up to see if any other user is using that password?

Every single user has a unique salt (at least pseudo-unique) and as such, it's not a matter of seeing if any of the hashes are the same...
Link to comment
Share on other sites

Well thanks everyone for putting their thoughts on this thread. I just wanted to see what people think for this. I just can't think of any new way to protect a board from spammers and members that keep register and register to mess up with the board.

I mean there should be some identicals things that a bad user has so the system can recognise him. There should be a way even if the member delete cookies, or clear cache.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...