stop multiple users on one account
On a website that has paying memberships only, what techniques are available for avoiding a member posting their login details in forums and other sites like bugmenot and letting many users use the one account without paying.
I know the ip address can be used to check if the locale of the original member is the same as the current member trying to login. But ip's change all the time and so cannot be used as a definite measure of determining if the current user is the original one.
Any ideas?
Cheers
Greg K posted this at 15:04 — 4th February 2008.
He has: 2,145 posts
Joined: Nov 2003
It really depends on how much coding and data you want to obtain/pay for...
A first idea would be as you said, watching the IP address, however like you said they can change (have seen multiple IP's from AOL's proxy servers from the same person accessing a site).
Even doing a "blanket search", (ie. hey that IP is the same ISP and general location as what they signed up with), involves getting the data to check at this level (manually you can see an example at http://www.ip2location.com/ which i occasionally use to check an IP address), and then there is the issue of someone who travels, may be using multiple ISP, or if someone uses a hotspot somewhere....
About the best you can do is, using a service that can get you the IP info like the one I linked to above, is watch current activity. For example, if an account logs in from one ISP, then logs in later from another, and then another... let you know there may be this issue. If nothing else, as soon as a login is detected from ISP #2, the session for the login session from ISP #1 is closed.
I have also seen some sites lock it down from not only your IP block, but also your browser. Netscape was crashing out left and right on me, so I went to login in IE, wouldn't let me log in for 10 minutes because it was a different browser... And later I got an automated reminder e-mail about sharing my login...
Another site I used allowed only 3 differnt computers to access your account (a paid music service - LEGAL one). Once you had a cookie set for 3 systems, and you tried to connect with a 4th, you had to choose one of the three other ones to delete. Worked good, as I had my desktop, my wife's desktop and my laptop all registered. However only one could be loged in and accessing the system at a time, as soon as another one logged in, the first one was no longer active.
This just came to mind, and it would really depend on how much users would be willing to accept it depending on the need for your site... Have a weekly changing login code that auto e-mails the client each week when it changes. Like I said, really would depend on how much in demand your content is....
And definitely, use google to search for sites that link to yours. I think all you have to do without going to their advanced search is enter link:http://wwww.yoursite.com in the searchbar. (could be wrong, but there is a way)
-Greg
greg posted this at 15:24 — 4th February 2008.
He has: 1,581 posts
Joined: Nov 2005
Thanks. some good stuff to think about.
In honesty I really don't like making users change their login details periodically. Although this is the best way to ensure those logins posted in forums only work for a month/week. With a good password reminder system to the original email address this really shouldn't be a major problem. And perhaps only to a few users, maybe the added security from this outweighs my reasons for disliking it.
That's a good idea too. unfortunately it's manual work, but in this case a requirement I think.
I suppose the IP address is the only way. I think I will implement a system where if someone's IP locale changes, it locks their account and an email sent asking them to contact me. If they can prove they do travel a lot or another explanation then I can setup their account to allow changes in locale.
There should only be a handful of these members so they can be manually monitored.
pr0gr4mm3r posted this at 15:44 — 4th February 2008.
He has: 1,502 posts
Joined: Sep 2006
To me, that screams WGA. I would just stick to the automated signout of the previous session when another one is started somewhere else.
Greg K posted this at 15:41 — 4th February 2008.
He has: 2,145 posts
Joined: Nov 2003
Definitely make sure you point this out clearly when they sign up. Myself, I'd be ticked if I was using a paid service, and decided to use it while waiting at an airport to get told I have to contact you first, since I'm not where I normally use it, unless I knew about it upfront.
(and still be prepared for those people who don't bother reading anything when they sign up, so they don't know anyhow... LOL
We had a site that clearly stated that they are being charged $$$ right now and will automatically be rebilled $$ each month until they cancel. It's spelled out where you select subscription, spelled out when they review order (right at the top), and part of the TOS, and also get a copy on their e-mailed receipt. (I was very demanding on making sure this was clearly spelled out, refusing to make the site live until it was)
Still would have the occasional person call up when they got rebilled being upset cause they forgot or didn't read. About 98% of them were fine once we reminded them of that (especially when we told them to go to the signup page and review their receipt and then they felt stupid cause they didn't read). And to be the "nice guy" if they still wanted it, we'd cancel the subscription and refund the $$.
Like the old saying, You can lead a horse to the water, but you can't make him drink; you can inform them as much as you want, but you can't make them read it. (be honest, how many times have you clicked "I have read and agree to the above terms..." without even reading them, event he ones that check to make sure you actually scrolled all the way down.) You know your first born child was signed away when joining here right???? Just kidding... LOL
-Greg
greg posted this at 17:07 — 4th February 2008.
He has: 1,581 posts
Joined: Nov 2005
But that's my problem. If a member posts his login details around the internet, other users will use the site for free. Personally, if I had paid to be a member somewhere I wouldn't be posting my logins around. But many people do, they share paid logins of various sites with other paying members of other sites.
I know there will only be one person at any one time accessing it, so its not like it will cost me extra in server/bandwidth bills. But it's something I want to avoid for obvious reasons.
The site is not the type where you would view it in the airport. LOL
It's not illegal, but you wouldnt be sat in a coffee shop while people walked past with what will be on the screen!
so most people will use it in private, their own house, girlfriends/boyfriends house etc.
pretty much never really, they are always too long. taking about 3 hours to read every TOS I agree to I wouldnt have time to do anything else.
Yeah, but I got $50
lol
EDIT: this post was supposed to be down there!
I will get used to this blog style replying soon!
Greg K posted this at 18:38 — 4th February 2008.
He has: 2,145 posts
Joined: Nov 2003
RE: your "Edit" note
I figured out how to move the post, so anyone reading it wondering "down where?", it is already where he ment it to be now
Back to topic.... The one site that was picky about even looking in two different browsers, that was one similar to what I think you are doing
Hey, I didn't always used to be this squeaky clean...
-Greg
greg posted this at 17:44 — 5th February 2008.
He has: 1,581 posts
Joined: Nov 2005
Thanks for moving my post...although for some reason it wont let me edit any of my posts in this thread now?
I don't need/want to, but it's strange. I checked another few threads I posted in and I can edit all posts even after someone has replied!
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.