Welcome to the new Customer Portal! We are still in the process of moving all our customers so please bear with us if you are temporarily unable to log in. You can still email support@vanillaforums.com!

Banning users

edited September 2011 in Questions
Hello, I'm seeking some feedback about banning trolls. We've got a user on the Car Talk board who has been causing all sorts of ruckus, and we've now banned him for community guideline violations for the second time. (I banned both IP addresses he has used for these inflammatory comments.) Problem is, he is re-registering and generating a new IP address for himself as soon as we ban him. Is there any other way to keep on top of the situation, or are we going to have to keep banning him as soon as he re-registers under a proxy or new IP? Thanks for any input.


  • SystemSystem Administrator
    Is he also generating a new email address each time? If he's clever enough to keep changing his IP and email addresses, then you're going to have to move beyond IP-based blocking into more complicated territory.

    Here are a few options that we've seen people adopt that helped them stop folks like this:

    1. Admin-approval: require that new users enter some information about why they want to join and have moderators review the applications. It makes joining a bit of a pain, and may turn potential new users away as they don't get instant access.

    2. Social-connect-only: only let your users gain membership access by connecting with their Twitter or Facebook accounts. This way the user will need to create a new bogus account at facebook or twitter every time they get blocked by you - which is a painful/difficult thing to do.

    It's really a pain, because you need to draw the line between preventing the troll from getting in and not raising the walls of the palace so high that no-one else can get in either.

    I've been thinking of making a new plugin for times like this where you mark the person as a troll, and instead of banning them or stopping their access, you can hide all of their comments & discussions from others - so only they can see their own comments, and they aren't even aware that they're hidden from everyone else. The idea is that they would never know that their contributions have been hidden and eventually they'd just leave because no-one is responding to them anymore. They'd just think that everyone is ignoring them.
  • He's generating a new e-mail address, and as he informed us in an e-mail, "Don't you know it takes about 10 seconds to get a new IP address?" He says he owns his own server, he's going to sue us, etc. I've been banning his IPs as he generates them, but he's now registered for 5-6 different accounts. I'm a little hesitant to implement social-connect-only because a lot of our users are relatively green when it comes to their level of Internet-savvy, but Admin-approval might be an option. Your plugin idea sounds pretty smart, and would be really helpful!
  • SystemSystem Administrator
    Spent some time thinking about this last night & this morning. We are still working on some ideas, but here are a few to start:

    1. Email Confirmation Feature - We have a feature in Vanilla that allows you to make new registrations confirm their email address. This means that they can't just make up bogus email addresses at random. The emails have to actually exist, and the users will not be able to sign in until they click a link in their email (we can help you set this up if you like).

    2. Take Legal Action - Trolls hide behind their computers. Face them in real life, and they tend to run with their tail between their legs.

    3. Do not EVER interact with trolls - Don't send them emails, don't comment on their discussions, don't comment on their walls. Any response from you will only spur them on.
  • SystemSystem Administrator
    Some other things you should know as you get into this:

    The nature of the internet allows folks like this to randomly change their IP address. It's not something that a novice can do, but it is pretty easy for someone who works on the web. This is a problem that you're going to encounter with any community platform. There is no way to completely identify someone and block them. The "Ban by IP" is a false hope that most community platforms rely on to keep their customers happy - but it only works on those who don't know how to get around it.

    This is why dealing with trolls and spammers is just so darn tough. We have a bunch of things we're working on for future releases of Vanilla that will greatly help with fighting these people, but the bottom line is that there is no silver bullet. Just a variety of options that have both positive and negative effects. We're happy to work with you to find the right combination of options that work for you.

    I've written the plugin I mentioned above and I'm doing final testing on it now. I'll see about putting it onto your forum this morning and blocking this user. But if he has a bunch of accounts, it is simply going to require some dedicated administrative work to make sure he gets blocked.
  • I noticed that the guy has registered with ip addresses that all start with 68.69. I added two wildcard bans into your list:
    The % character stands for a wildcard which you can use too to prevent people with a block of ip addresses from registering to your site. I don't recommend using wildcards too much as you might inadvertently ban people that have an isp close to the offending person.
  • edited September 2011

    Thanks for your thoughts. We have implemented e-mail confirmation, and our troll hasn't used all of his accounts. (They stay at the Confirm E-mail status.) We've also stopped interacting with him, and we're going to get in touch with the NPR lawyer today, most likely.

    I understand how hard it is to truly ban someone who knows his way around the web stuff, and I thank you for your help. Todd, that's a good idea you had about the wildcard bans.

    We're pretty much resigned to trailing after him and removing his posts and new accounts, but we appreciate your input greatly!

  • SystemSystem Administrator
    I just added the Troll Management plugin to your forum, and I put a few other minor tweaks into it.

    I think before we start marking people as trolls, we should see how Todd's IP banning works.

    Also, part of my troll plugin fingerprints users so you can see which users are sharing accounts. As people log out of one account and into another, you'll start to see a "Shared Accounts" box in those user's profiles that shows all of the accounts they've signed in with. It should make tracking users across accounts a lot easier. Note that you will need to have "Edit User" permission in order to see that shared accounts box.

    Finally, in one of your other correspondences with us, you mentioned that you turned on administrative approval, but you had a large number of people up for approval as soon as you did. This was because of misconfigured roles, and @Todd jumped in and fixed that for you. If you turn this feature on, it should only affect users moving forward.
  • What about Hell Ban?
  • SystemSystem Administrator
    For anyone who checks out this thread - We ended up putting a partial IP ban on the person who was causing them problems and that seemed to do the trick.
  • Yes, thanks, Mark. We've not heard a peep from the miscreant since the partial IP ban. From the looks of it on the ban list, there have been a few blocked attempts to re-register, but all is quiet on our front.
This discussion has been closed.