Protect a website from bad users

Question

User1978473002 posted
Good day

We have a asp.net website high traffic website. When a user registers we store the ip address i that user,when the login we store all ip addreses he used and we have a blocking module which blocks a username and all the ip's associated with that username. So that those who want to create other accounts from same location will be blocked. This morning we had few incidents where we needed to block the fake user. Can anyone scrutinise my approach and there is anything to my approach that i can add to make it rock solid i would appreciate. We also have a mobile app which also does the same in terms of Imei and it blocks the phones which is easy.

Answer 1

User-491950272 posted

I recommend you to use Google Captcha with your forms, so that only humans can enter data. This one is a good approach.

Answer 2

User-1636183269 posted

Please refer:

http://resources.infosecinstitute.com/form-authentication-asp-net-security-part-3/

http://www.codeguru.com/columns/experts/top-7-tips-for-developing-a-secure-asp.net-web-application.htm

http://www.c-sharpcorner.com/article/securing-your-Asp-Net-web-applications/

Answer 3

User614698185 posted

Hi vuyiswamb,

So that those who want to create other accounts from same location will be blocked.

I think it is not good idea. If one user register in one location, then another user use the same computer to register, it will also disallow, right?

I think you could use ASP.NET identity. By default, the ASP.NET Identity system stores all the user information in a database. ASP.NET Identity uses Entity Framework Code First to implement all of its persistence mechanism.

For more information, please refer to the below tutorials: http://www.asp.net/identity

Best Regards,

Candice Zhou