Browser-side computer identification? - HTML forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

Browser-side computer identification?

I want to BAN a few people i just don't have the tools.

Furiat

1:18 am on May 20, 2008 (gmt 0)

10+ Year Member

We are in Poland. There's a huge telecom company here that offers a huge range of dynamic IPs (through an offer called "Neostrada"). Many people use it. Some of them are malicious users (i call them "Neo-brats").
I want to ban those "Neo-brats". I have access to php scripts serverside (and all that goes with it). But first I need to identify the ones to ban. But how...
- email? Nope. They'll make a new one.
- user account? Same.
- username pattern? Same.
- IP? it's dynamic, so they'll just switch it with a hardware reset.
Those are the options i currently have in my system. And they won't do it.

I can't just ban the whole IP range - I don't want to ban the good users along with the bad ones. Email pattern (some site exclusion) is out of the question for the same reason.

So my question is: is there any cross-browser "javascript or something" method to uniquely identify a given computer?

Php obviously won't do it. And I consider cookies as my last resort (a poor one), since they're easy to delete and don't travel between browsers.

Sorry if i posted in the wrong part of the forum - just didn't seem to find a better place. Also if there was a question like that already answered somewhere - just post the link. I just couldn't think of a way to think up decent keywords for the matter to search for it.

BlobFisk

1:29 pm on May 20, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Hi Furiat and welcome to WebmasterWorld!

AFAIK there is no surefire way of identifying someone using JS. There are too many ways of faking your identity on the client side and security restrictions on browsers only allow you to get so much information using JavaScript.

HTH

mikedee

5:12 pm on May 20, 2008 (gmt 0)

10+ Year Member

Why not try marking all of the good users from that network rather than the bad ones? Anyone who is not marked as good would have their messages delayed or whatever. You can use their email to mark good ones, since it is unlikely a bad user would know or have access to a good users email.

Furiat

9:58 pm on May 20, 2008 (gmt 0)

10+ Year Member

@BlobFisk:
Thanks for the welcome (though i had an account here a few years ago - i just forgot what was it's username).

Can you post some details on identification still? I bet that most of my problem-causers are not bright enough to fake their identities and the ones that are smart enough to do it are also smart enough to ensure they don't get caught in the first place. I want to defend against a plague - not a few smart roaches.
So please assume browser settings based around defaults and if there is something that can help - don't hesitate to post it. Remember it has to be something cross-browser (so that switching to another one of the 3 popular browsers won't fake the identity).

@mikedee:
Interesting idea in general - unfortunately it's no good in this particular case.

More details on the case: The site itself is a browser-based game (no applets) and the biggest issue with the users are multiple accounts which are not permitted. Also there are some other ToC breakers, but "multiples" are the big problem.

There are approximately 10%-20% bad users against 80%-90% good ones. Also identifying a good user isn't "bulletproof". And delaying messages and such ideas is a great solution for forum/community sites of any kind, but won't work in a browser-based game.

StoutFiles

10:22 pm on May 20, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

What are these malicious users doing?