How to dump unwanted users online.

[tmaximus95]

I am interested in finding out if SMF provides a means of dumping unwanted users that are online.
I have times when there are a number of guests on my forum that will hang there for quite some time.
I suspect that they may be trying to hack into an administrative account, or bring the forum down.

Any ideas?

TMax.

[The Saviour]

I'd love to see a "kick feature", as well, implemented for SMF.

I know vBulletin had a mod for this when I was using their forum software.  Maybe you can put in a Mod Request...not just for this version of SMF, but 1.1.x, too.

[ccbtimewiz]

Seems like a good idea. It would basically just be a "session terminator" button.

[Rumbaar]

Well there is nothing really to stop a guest from accessing your forum in any way, other than at the (if applicable) server level via .htaccess.  But then you'd block more potentional members.

You'll probably find they are spiders trying to index your site for search engines etc.  I wouldn't worry about hackers, also the number of guest required at once to bring down a site (Denial of service) if was in action wouldn't be stopped by a 'kick' feature.  Which in fact it would probably allow for the site to be taken down with less people as the servers resources would be tied up trying to 'kick' them.

[=<|Skary|>=]

what about blocking by IP address, or more drastically, by subnet mask?

[Rumbaar]

Well a guest is just someone that hasn't logged in.  You'd have to be mindful to not block a member who might be accessing from an alternate location and thus looking to log in or just browsing.

[=<|Skary|>=]

i understand, but this is a topic that interests me. for instance, what if i happen to get the IP from the log of someone who was causing problems or something. how would i block them from visiting the site by their IP?

[BellGab.com]

i understand, but this is a topic that interests me. for instance, what if i happen to get the IP from the log of someone who was causing problems or something. how would i block them from visiting the site by their IP?

i'm not the most advanced user in the world, so somebody might have a better solution that this... BUT...

as an example, i was SICK AND TIRED of this dumb Twiceler bot hogging my bandwidth and bogging down my database.  sooooo... i went into the .htaccess file (located in your forum's root folder) and banned all of Twiceler's ip addresses as follows:

order allow,deny
deny from 208.36.144.10
deny from 38.99.13.121
deny from 38.99.44.101
deny from 64.1.215.166
deny from 208.36.144.6
deny from 38.99.13.122
deny from 38.99.44.102
deny from 64.1.215.162
deny from 208.36.144.7
deny from 38.99.13.123
deny from 38.99.44.103
deny from 64.1.215.163
deny from 208.36.144.8
deny from 38.99.13.124
deny from 38.99.44.104
deny from 64.1.215.164
deny from 208.36.144.9
deny from 38.99.13.125
deny from 38.99.44.105
deny from 64.1.215.165
deny from 38.99.13.126
deny from 38.99.44.106
allow from all

it worked like a charm.  i'm sure this is but one of many solutions available, but it's a pretty sure-fire way to keep them off of your site.

[Rumbaar]

Do a Google search of .htaccess and DENY.  Also the robots.txt is the best way to deal with rogue bots and spiders, last resort IP bans.  The robots.txt file should stop them from even trying to access your site after the initial robots.txt check.

[tech447]

Do a Google search of .htaccess and DENY.  Also the robots.txt is the best way to deal with rogue bots and spiders, last resort IP bans.  The robots.txt file should stop them from even trying to access your site after the initial robots.txt check.

Actually, ROGUE bots likely won't adhere to robots.txt rules..  That's why they are ROGUE's..  Honest bots from reputable services will honor the robots.txt but bot's from spammers and other disreputable sources will not even check to see if the robots.txt even exist, let alone honor them.  htaccess is the only sure fire way to stop bots or people, so long as they stay on the same ip address..  Banning by subnets is more hinky as you can block legit users.  That's why you should always do a ip lookup before you start banning subnet ranges.  That way, if you discover that the ip is from Nigeria, then you could probably block the whole country without affecting legit users..

Wayne

[=<|Skary|>=]

thanks guys. i just have this feeling like i'm gonna need this info. Soon i'm gonna start advertising my site pretty heavy to a specific target audience (unreal tournament 2004 players) and i just know that some of them will be people i don't want coming back. there's always at least one.

[BellGab.com]

Do a Google search of .htaccess and DENY.  Also the robots.txt is the best way to deal with rogue bots and spiders, last resort IP bans.  The robots.txt file should stop them from even trying to access your site after the initial robots.txt check.

Actually, ROGUE bots likely won't adhere to robots.txt rules..  That's why they are ROGUE's..  Honest bots from reputable services will honor the robots.txt but bot's from spammers and other disreputable sources will not even check to see if the robots.txt even exist, let alone honor them.  htaccess is the only sure fire way to stop bots or people, so long as they stay on the same ip address..  Banning by subnets is more hinky as you can block legit users.  That's why you should always do a ip lookup before you start banning subnet ranges.  That way, if you discover that the ip is from Nigeria, then you could probably block the whole country without affecting legit users..

Wayne

you are dead-on with everything you said here.  a .htaccess ip ban is NOT a last resort in this situation.  it's the first resort.