We enhanced the banning system: when using user registration, we ban per IP as before. But we also added banning per username, so banned user cannot reconnect with the same username once banned.
He needs to create a new user and change his username to be able to be back.
Webrtc IP leaking
There is a leak in webrtc that allows (under circumstances) to get the real IP of an user, even if he’s behind a VPN
We used that technique for banning to get the real IP from an user even if he’s using a VPN. This technique may stop working soon since major browsers may correct the IP leaking from webrtc very soon.
thanks for the upgrade.
however, you rarely find yourself banning a registered user, simply because they are not troublemakers.
the real troublemakers are the “guests” users.
so, once they are banned – they dont need to “create” anything new. just change the ip and they are back in.
banning must recognize more than just the IP in order to lock them out: computer ID, BROWSER, user agent, the more ID’s – the better the ban.
Well about more ids like fingerprints, which means browser and operating system, that’s totally inefficient it will affect others. id browsers and operating systems are not the solution.
about the better banning by username and ip thats a good start.
a good start indeed, but barely enough.
I fully agree. Fingerprinting is already a thing of the past. There are guests who use an Ip Changer (with FritzBox) and can change their IP again and again within seconds. Recently they write the spam in the username. It should be possible to limit the length of the username.