We are in Poland. There's a huge telecom company here that offers a huge range of dynamic IPs (through an offer called "Neostrada"). Many people use it. Some of them are malicious users (i call them "Neo-brats"). I want to ban those "Neo-brats". I have access to php scripts serverside (and all that goes with it). But first I need to identify the ones to ban. But how... - email? Nope. They'll make a new one. - user account? Same. - username pattern? Same. - IP? it's dynamic, so they'll just switch it with a hardware reset. Those are the options i currently have in my system. And they won't do it.
I can't just ban the whole IP range - I don't want to ban the good users along with the bad ones. Email pattern (some site exclusion) is out of the question for the same reason.
Php obviously won't do it. And I consider cookies as my last resort (a poor one), since they're easy to delete and don't travel between browsers.
Sorry if i posted in the wrong part of the forum - just didn't seem to find a better place. Also if there was a question like that already answered somewhere - just post the link. I just couldn't think of a way to think up decent keywords for the matter to search for it.
Why not try marking all of the good users from that network rather than the bad ones? Anyone who is not marked as good would have their messages delayed or whatever. You can use their email to mark good ones, since it is unlikely a bad user would know or have access to a good users email.
@BlobFisk: Thanks for the welcome (though i had an account here a few years ago - i just forgot what was it's username).
Can you post some details on identification still? I bet that most of my problem-causers are not bright enough to fake their identities and the ones that are smart enough to do it are also smart enough to ensure they don't get caught in the first place. I want to defend against a plague - not a few smart roaches. So please assume browser settings based around defaults and if there is something that can help - don't hesitate to post it. Remember it has to be something cross-browser (so that switching to another one of the 3 popular browsers won't fake the identity).
@mikedee: Interesting idea in general - unfortunately it's no good in this particular case.
More details on the case: The site itself is a browser-based game (no applets) and the biggest issue with the users are multiple accounts which are not permitted. Also there are some other ToC breakers, but "multiples" are the big problem.
There are approximately 10%-20% bad users against 80%-90% good ones. Also identifying a good user isn't "bulletproof". And delaying messages and such ideas is a great solution for forum/community sites of any kind, but won't work in a browser-based game.