An application that is going to be generally accessible will be hard to moderate. The individual that you want to ban may change computer, spoof a new MAC address, etc. It is going to be very difficult to enforce a ban. If the application does not require an account or if the account can be freely created by the user, then you are basically out of luck. As I said, the mac addres may be spoofed or a different computer (or just a different network adapter) can be used. If the user can freely create an account, a new account can easily be created and the problem continues under a different name.
An application requiring an account (maintainable only by an administrator) and catering to a closed audience will be much easier to moderate. You simply disable the account and you are done. You need to have this mechanism planned in the user authentication method.
Awesome!
I have already done some basic flood prevention except for temporary bans which seem to be a pretty good idea but, the thing is that in this case bans would be synced accross several dedicated servers, so we would have a global banlist accross the whole network.
While it would be better to handle this at the server level, you can also deal with some of this by implementing the App.HandleURL event by looking for times when Request.Path = “” and Request.RemoteAddress is someone that you’ve banned.