How do you stop somone from posting at a forum when they change IP address?

Factual Questions
1

At a forum I go to, we have a problem. A guy was banned, and ever since then, he keeps coming back under a new name every time, with a new IP address each time. He posts VERY strong racial slurs, other horrible things, and does it all of the time. He’s ruining threads almost nightly, and we’re tired of it.

How can we stop someone doing this, when they change their IP address? Is there any way to find out what his ISP is or something. We need to take action, as this has gone on long enough.

Is there a program we need, or what?

Any help would be appriciated, thanks guys!

2

Go to http://arin.net/ and enter in the IP, this will tell you who owns the IP space, then you can contact the ISP.

You may consider blocking the entire /24
(basically block from 0 to 255, if your software allows it, otherwise, you cound do it in your router, or your ISP’s router.

3

Every new user name they sign up as though, is a different IP address. What do we do when they are changing it like that?

4

They’re using proxy servers. You’ll contact the proxy server(s) owners who in turn can trace his original IP back to his ISP for you.

5

How do you determine what proxy server(s) they are using in order to contact them?

I’m sorry if I sound stupid, but I’ve never encountered such a problem before, and I’ve been an Admin at sites before, and still am, heh.

6

Get a traceroute program, such as NeoTrace. That’ll pull whois information for you including contact phone numbers and email addresses

7

You can find out his who his IP belongs to by going to www.arin.net and looking it up there. That will also tell you the range of IPs assigned to that entity. You can ban his whole range, but that may result in legitimate users from that ISP being banned also.

You can start small, though. Look for similarities in his different IP addresses. If his IP is 192.168.1.100 one time, and the next time it’s something like 192.168.1.200 (only the last octet changing), try banning the 192.168.1.XXX range first.

Also, you can ban the numerous free proxy servers out there. Unwanted users can use them to get around IP bans.

8

Good luck with that. Most of the web proxy servers pride themselves on providing anonymity for their users.

9

Is it possible to just block the MAC address rather than the IP or the IP scope?

10

No. Wouldn’t do you much good anyway, the MAC address can be spoofed fairly easily.

11

If a user is determined, there’s no way to stop them. They’ll have access to thousands upon thousands of proxy servers, all operating from compromised home, business, educational, and government systems, often with dynamic IP addresses. This means no abuse departments to complain to, and no accountability. You’ll never be able to get the proxies shut down, much less the abuser dealt with.

Your only defense is an effective e-mail address confirmation registration system. In general, someone will run out of e-mail accounts they have access to long before they run out of IPs. If you ban free e-mail providers, it becomes even more effective. Requiring moderators to manually approve new registrations is even better.

12

I suppose you could get an Anonymous Proxy Server List & ban anything on that.