Banned Members-Can They Still Access?

maggieberry · October 02, 2010, 05:40:36 PM

I just have a quick question. We've had several members banned, and they've since tried accessing our board constantly. When I look to see what they're doing, it's any number of things. Our board is cut off to guests as it's invite only or pre-approval. Can anyone tell me what they're doing or trying to do? I think we've got every security feature mod you can imagine, but I will admit I'm new to all of this. Here's a screenshot of one of the many proxy ips used and what they're doing.

IceXaos · October 02, 2010, 06:02:58 PM

It's just showing they tried to access the forum, and were blocked. I'm pretty sure it shows up int he error log, but there's a MOD to remove it from there. As long as they are name banned, they wont be gettin' far with that account. Since it's approved accounts, the only way they'll be back is if you end up approving one of them again.

maggieberry · October 02, 2010, 06:18:11 PM

So are they trying to access different points in the board by typing the url--like, for say, the pm system in hopes that there's a backdoor in?

IceXaos · October 02, 2010, 06:23:26 PM

They could be accessing it via Google's cache or something, if you allow spiders to view content. I don't know, but I do know that the ban system works perfectly fine if you've not altered it.

Now, it shows he attempts to quote at 9:22, yet it never shows an attempt to send a message. User ID 2 is the admin on my board, but I'm not sure if that was a muck-up when I transferred with a dummy account, or what .. Anyways, if he has accessed it, as long as you don't have a lot of users, ask to see who he's PM'd. If he accessed, someone surely got a PM there, and if not, well he's just got nothin' better to do I guess, it happens.

maggieberry · October 02, 2010, 06:36:16 PM

We don't have a lot of members. Id 2 would indeed be an admin. We do let spiders in, and we've not altered ban settings. If using Google cache, would that allow banned members to see things as well? What can I do to avoid that from happening if that's the case?

YogiBear · October 02, 2010, 06:41:45 PM

Hmm, that IP is from Japan which I think I've seen something very close to that before and could well be a proxy. I've circumvented a ban (a Global Moderator whom I refused to promote became and admin after I left then promptly banned me!) quite easily certainly to read a forum.

To add to what IceXaos has said, which fields did you use for the ban : username, e-mail address, IP, ISP ? Also, was it a full ban or only on posting ?

Not much you can do about prohibiting anyone from reading the Cache pages I don't think.

maggieberry · October 02, 2010, 06:54:03 PM

They're all full bans, and we started off with the ips, hostnames and usernames--then moved on after they started in with proxies doing blocks of proxy numbers. We had the proxy blocker installed, but we had aol members who couldn't access with it on. They're on all day, and I know they have nothing better to do, but it would set everyone at ease if we knew they weren't doing anything. This newest one is something that just came in that's unlike anything I've seen them do before. I'm guessing the knm is me, since that's the first three letters of my username, but what is the rest of that string???

Thanks for helping out, by the way!

YogiBear · October 03, 2010, 10:24:19 AM

Sorry for the delay in answering, maggieberry. I was about to post when that spam message appeared on this thread and when I clicked post my machine here crashed. One hec of a co-incidence.

Anyway, it looks as though someone is trying to guess or use your sign-in name but unless they have your password they won't get far. The error message is good news as it means the software is rejecting this sign-in attempt.

I'm beginning to wonder if this isn't the work of a robot by the number of attempts. Either that or a nutter (sorry, most untechnical terminology) ! I have seen something similar when a banned member tried and tried to get back in so causing a number of entries in the error log.

My gut feeling is the key to this is in IceXaos's post here...

QuoteNow, it shows he attempts to quote at 9:22, yet it never shows an attempt to send a message. User ID 2 is the admin on my board, but I'm not sure if that was a muck-up when I transferred with a dummy account, or what .. Anyways, if he has accessed it, as long as you don't have a lot of users, ask to see who he's PM'd. If he accessed, someone surely got a PM there, and if not, well he's just got nothin' better to do I guess, it happens.

Ask your members if they have received a PM from him.

maggieberry · October 03, 2010, 10:58:08 AM

Not a problem. That spam message got me frozen as well.

I'm inclined to think these are bots too, but we have several banned peeps who do the same things-banned by specific ips they registered with as well as usernames and emails--and they log the same kinds of errors. I know it wouldn't be beneath them to try proxies. And they are indeed nutters.

I will try to see if anybody has had pms from them. I do appreciate your help in the matter!

IceXaos · October 03, 2010, 11:29:00 AM

If you're saying you only banned by IP, then they can come right back. You need to ban username, email, IPs, and hostname. In your case, simply banning the username will be sufficient, but the rest will annoy them a little bit.

Alex' Manson · October 03, 2010, 11:48:56 AM

dont ban them and use: Annoy User Mod.
They Will Never COME Back! it will annoy there asses to death!

News:

Banned Members-Can They Still Access?