Banning people with variable IPs

Grandmaster Jogurt · Post by **Grandmaster Jogurt** » 2005-06-09 11:01pm

I help admin the forum for the comic Captain SNES, and I recently had to ban a troll. After a previous punishment for his actions, he threatened the board with this:

I already have alts with different names sitting out there in the dark and I can make more in a second. Guess which ones and ban away, I can do this every day of my life and enjoy it.

Or I could always put it on macro and flood the place with a hundred posts on every thread. But I won't do that. I'm nice. just don't piss me off.

Even if these are empty threats, I would like to make sure he cannot touch this board anymore. However, the last two sections of his IP address change every time he signs online. If I ban the first two digits of his IP address, how likely is it that I will catch someone else in it? The board has 188 registered members (most of these accounts are inactive, though) and presumably many guests, thanks to the fact that it is the forum for a comic. Is there any way to keep him permanently away without resorting to that?

Any help or input would be appreciated.

Darth Yoshi · Post by **Darth Yoshi** » 2005-06-09 11:42pm

I'll be the first to admit I don't know much about this area of expertise, but what about MAC addresses? Those'll never change.

Grandmaster Jogurt · Post by **Grandmaster Jogurt** » 2005-06-09 11:47pm

What's an MAC address? I don't remember seeing anything about that in the admin panel, but of course I wasn't looking for it.

Post by **Beowulf** » 2005-06-09 11:49pm

Darth Yoshi wrote:I'll be the first to admit I don't know much about this area of expertise, but what about MAC addresses? Those'll never change.

Yeah, but those only show up on the local network. Won't work.

Crayz9000 · Post by **Crayz9000** » 2005-06-10 12:01am

You can determine his ISP by running a whois query on his last used IP address. Then you can determine if you want to ban the entire IP range from his ISP.

Dynamic IP addresses are irritating that way.

Raven · Post by **Raven** » 2005-06-10 12:15am

http://ws.arin.net/cgi-bin/whois.pl

Use that to find the IP range his ISP gives him. You may not have to ban the entire first two octets.

Of course you might want to find out if any other members would also be affected. How easily can your board software search and filter IP logs?

You could also set up administration approved registration like we have here, but that requires more work.

Grandmaster Jogurt · Post by **Grandmaster Jogurt** » 2005-06-10 12:33am

Raven wrote:http://ws.arin.net/cgi-bin/whois.pl

Use that to find the IP range his ISP gives him. You may not have to ban the entire first two octets.

Of course you might want to find out if any other members would also be affected. How easily can your board software search and filter IP logs?

You could also set up administration approved registration like we have here, but that requires more work.

The board uses Invisionfree if that helps. I don't know how to check IP logs that way so I'm doing it manually for now. And I just changed registration to admin-approved when I banned him. That should help for now.

Thank you very much, everyone. With any luck I'm just jumping at shadows, but if he does try anything, you have helped me minimize how much damage a ban would do.

Crayz9000 · Post by **Crayz9000** » 2005-06-10 12:59am

To check the ISP dynamic pool, just run a WHOIS query on *any one* IP address that he's used. The WHOIS server will tell you the exact range of IP addresses used by his ISP, and you can then ban only that range of addresses.

Grandmaster Jogurt · Post by **Grandmaster Jogurt** » 2005-06-10 01:08am

This might be a silly question, but how does one run a WHOIS query?

Sharp-kun · Post by **Sharp-kun** » 2005-06-10 08:32am

Requiring all registrations to be approved is a simple way to stop him.

Spyder · Post by **Spyder** » 2005-06-10 09:02am

So he's a script kiddie huh... Is he listing a personal website in his profile? There's a small posibility he may be running a web server on his local network. If that's the case and he's got a dynamic IP then he'll more then likely be running a dynamic ip handler. Banning his registered address would automatically resolve to his ip address, the only way he could get around that would be deregistering his handler which would mean he'd have to change his website url.

That's a real longshot though.

Flakin · Post by **Flakin** » 2005-06-10 09:48am

Grandmaster Jogurt wrote:This might be a silly question, but how does one run a WHOIS query?

There's multiple places and ways you can do this, but to keep things simple, WHOIS can be run from www.netsol.com or www.dnsstuff.com.

Edit: Duh, and of course, Raven's link above, http://ws.arin.net/cgi-bin/whois.pl

Type in the whole IP address and it'll tell you what ISP it comes from.

Guy N. Cognito · Post by **Guy N. Cognito** » 2005-06-10 07:38pm

It's a bitch trying to get people with Dynamic IP addresses. And Banning an IP range isn't good either on the off chance that some one want to sign on in that range. But you cut out some good with the bad. Best of luck

Grandmaster Jogurt · Post by **Grandmaster Jogurt** » 2005-06-11 01:30am

Flakin wrote:Edit: Duh, and of course, Raven's link above, http://ws.arin.net/cgi-bin/whois.pl

I don't know how I missed that.

All he has in his profile is his YahooIM identity. I doubt that helps.

Again, thanks everyone.

Grandmaster Jogurt · Post by **Grandmaster Jogurt** » 2005-06-11 02:16am

The funny news is that the genius tried to sign up again twice with email addresses that use his self-applied nicknames.

The bad news is that his IP range apparently runs through seven numbers in the second part of his IP address, if I read the WHOIS correctly. And that range appears to overlap with a couple other members.

Would I be overreacting to institute a policy like the one here where only non-free emails are accepted, in case he smartens up? Considering that this is the forum for a comic, is that too draconian?