The Blog That 'isnt': How to ban a user with Drupal

The Blog That Is No More

This Blog has moved to http://www.success.grownupgeek.com

Saturday, December 30, 2006

How to ban a user with Drupal

We recently had the unpleasant task of having to 'ban' a member from the website. Without getting into the drama and details, we'll just say this particular member was less than trustworthy or honest - and in a community like GuG, both of these qualities are necessary.

How to ban a user with Drupal:
With Drupal there are a few different ways to ban a member from the site. But no single one is 100% effective. We used a combination of methods to carry-out the banishment.

BLOCK:
Drupal as the ability to block a member by login name. To block a user using the Drupal BLOCK method just edit the user properties and click the "Blocked" radio-button under the status section. The only problem with this method is that it will prevent that particular user-name from logging in, but it will not keep that person from creating a new member name.

TROLL:
The TROLL module for Drupal is invaluable. Not only does it allow you to do a second level of blocking via IP, it tracks all the IP address of all your visitors. You can then easily do a query of a particular IP to see what members have used it, or you can query a member to see what IP's they have used. The Troll module also allows you to block IP's. All IP's entered into the Troll "block" list are redirected to a customizable "you've been blocked" page. Each time a blocked IP tries to access your site, a message is listed in the logs so you can see how often the user/IP tries to get back to your site.

HTACCESS:
The next level of blocking can be done at the HTACCESS level. The Troll module still let's the user "hit" the site and database. Blocking via HTACCESS will not even allow them to get to the site at all. To block or ban with HTACCESS, you need the IP which is easily obtainable if you're using the Drupal Troll module.
Sample of using HTACCESS to block an IP:
order allow,deny
deny from xx.xxx.xx.xxx
deny from xx.xx.xx.xx
allow from all

With HTACCESS you can also block via referrer, domain, ip-range, and more.

Server Level:
If you run your own server and you want to pull out the big-guns you can block the IP at the server. This will prevent access to the website, email, or anything else on the server. You can easily do this with IPTABLES in Apache using this commend:
iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP

We havn't had to resort to this method yet, but it's there if we need it.

Blocking by IP isn't 100% effective because IP's change - particularly with dial-up users. But if you use the Drupal Troll module and the member has been around for a while, it will give a complete list of all the IP's that he/she has been using. By using all the methods above you can create a pretty effective ban.

Labels: Drupal

¶ 7:43 PM

Comments: Post a Comment

Subscribe to Post Comments [Atom]

<< Home