12

I run the technical side of a discussion forum, which is plagued by a troll (a single physical person, as far as I can tell). It seems that the community has exhausted all means of communication (it is, beyond reasonable doubt, a net.troll, not a clueless user), including face-to-face.

I may need to block that person from visiting the site, but I'm not sure how (it already refused to leave of its own accord). The site needs registration with an e-mail address, which gets you a username. I could block the username, but the troll could just as easily register a new one.

Now, there are plenty of Q&A on "how to do an IP ban and at what layer", but is it worth the hassle?

Would an IP ban be useful for blocking a troll? If not, what? Or, could I combine an IP ban with some other form of protection?

The issues I have with IP bans are numerous:

  • the troll comes in from several different IP blocks (home/school/open wifi/...?)
  • the IP addresses seem to be dynamically assigned (usual with DSL here)
  • I suspect sock-puppetting with new accounts, possibly through proxies and/or VPN
  • at least in one case, there are other users coming in from the same IP (I suspect a large NAT - confirmed: in this case, there's a whole university accessing the web from behind a single public IP addresss)

It seems that I'll be fighting a social issue through technological means, and the prospects of that seem bleak.

Piskvor left the building
  • 91,498
  • 46
  • 177
  • 222
  • maybe you should deal with diversity at its fullest, and learn to just deal with trolls. vote systems are designed for that. sorry but shadowbanning sounds like selective cleansing, which is not healthy. history anyone ? – jokoon Apr 20 '13 at 10:48
  • 3
    @jokoon: Thank you for the suggestion; history also shows us that a *balance* must be kept between "Everything Must Be Exactly To Order, All Glory To Our Fearless Leader!" and "let's just ignore any problems and pat ourselves on the back how open and diversity-aware we are." Either extreme would kill the forum. That said, allowing one individual to disrupt an entire forum is not "dealing with diversity," **it's the exact opposite**: accepting the tyranny of whoever is most obnoxious. Since you're interested in history, perhaps the keyword "*appeasement*" might be of relevance. – Piskvor left the building Apr 21 '13 at 17:25
  • "That said, allowing one individual to disrupt an entire forum is not "dealing with diversity"". I don't think that having the ambition to control/limit/validate what people says is evil, I just think it's practically undoable. You'll end up with a bleached place. You should avoid a troll's attention entirely. It's much more healthy. Freedom of speech does not give power to the troll, it's still your forum. That said, the problem may lie in how you diffuse power to moderators. Not everybody is suited to take such a hard decision. – jokoon Apr 22 '13 at 10:29
  • Also, maybe you forum's subject is a little too specific ? If it doesn't attract enough people, trolls will quickly tear it down. Your forum's user will quickly give up. – jokoon Apr 22 '13 at 10:31

5 Answers5

28

Can you implement a "global ignore"? At its finest, this lets the troll see its own posts, but nobody else sees them at all. This gives the troll no feedback from outraged community members, but no clue that the reason is the posts can't be seen. I have seen this work, meaning that the bad behaviour stopped.

Kate Gregory
  • 18,808
  • 8
  • 56
  • 85
  • +1: I've used this strategy successfully on plenty of my sites before. Some trolls catch on and try to circumvent the system by registering a new account, but you can usually track these guys through a cookie or other means and ban the new account on creation. – Juliet Sep 09 '10 at 14:27
2

Think of as many ways as possible to identify the user, and try to use them all. Also, make it hard for the user to test your systems - e.g. if you detect him, block all signups and posting from that IP block for 60 minutes.

Some ways to identify a user:

  • E-mail address
  • IP address
  • IP address block
  • Cookies
  • Flash supercookies
  • Windows Media Player unique ID (if enabled)
  • HTTP headers (browser version etc)
  • See https://panopticlick.eff.org/
user9876
  • 10,954
  • 6
  • 44
  • 66
  • Hmmm...not too many people would think of changing their HTTP headers fingerprint. Cookies, definitely. UA, maybe. But `Accept` and its kin? Or supported plugins? Only the most paranoid. – Piskvor left the building Aug 18 '10 at 19:28
1

Ban all the account information, so when an account is banned, so is for example the email address.

Won't stop them but opening multiple email accounts as well as having to sign up again has to get pretty annoying.. if they create their own mail server, ban the domain?

Mr Shoubs
  • 14,629
  • 17
  • 68
  • 107
0

You could require moderator approval for accounts, but the effectiveness of this depends on how large your community has grown. For a small community, have the trolls queue up at the gates makes them lose interest very quickly, especially if you're looking for patterns in account signup information.

For large communities, the effectiveness of techniques used depends on how well they are used. Shadow banning aka muting the troll, can backfire if it is an innocent bystander. One effective way of handling this is to not mute the troll, but to ensure that bans on accounts are not made public; one wouldnt want to drag the community into it.

Vineet Reynolds
  • 76,006
  • 17
  • 150
  • 174
  • Moderator approval would be feasible at this size; however, most people don't fill out much info in their profile, so the mods won't have enough data. However, it would be a good reminder that access to the site is not a right. re unpublished bans: Even if I don't make the bans public, the troll will, using another account. (The community is already very much invested in this (we're not large enough to have a metasite, like SO has), and as I've noted in the question, the technical means are discussed as our last resort.) – Piskvor left the building Aug 18 '10 at 19:43
0

If you prevent users from registering with free e-mail accounts (create a ban list of e-mail domains), you can cut down on the ability for the troll to re-register every time a username is banned. Of course, that can make it harder for legitimate users to register. If possible, you could combine techniques (require approval for free e-mail addresses).

Bob
  • 3,301
  • 1
  • 16
  • 11