Announcement

Collapse
No announcement yet.

How do I manage problem users? (fake identities, harassment, account flooding, etc.)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do I manage problem users? (fake identities, harassment, account flooding, etc.)

    I'm the founder of a community that uses a message forum (vB 3.0.3) as its heartbeat. It's called paxilprogress, and deals with mental health challenges and the drug Paxil. Being in this area of focus means we get the privilege of meeting the most interesting people, and vicious of harassers. (Or so I believe having never managed another forum aimed at a different demographic.)

    My question is, what do you do with problem users? We have a troll that has created a flood of harassment, e-mail (constant social engineering outside the forum to convince us they are mistakingly banned), accounts, private messages, and who has done so with no less than 85 different identities (different fake first and last names, faked doctors and phone numbers) over the last 2.5 years. They have changed internet providers, browsers, and use public access computers in various locations to circumvent every single attempt at banning, even to the level of .htaccess files. We've tried e-mail, IP , and even manually reading access logs for user agent details (a real chore, with our 1+ million monthly hits).

    That was sort of working, until they jumped on AOL with the rotating IPs. *sigh*

    What do you do about AOL users? Our greatest harassment, uses AOL and/or rebranded resellers like WMConnect. He/she has an IP address that changes ever 60-120 seconds and is hell to track in access logs.

    I spent a full year reporting and forwarding all harassing content to their ISP of the month, and have never received any help. AOL is especially deaf. I was even tempted to get an AOL account so that I could have 'member' status and more sway with their abuse reporting mechanism.

    We have had to ban several e-mail domains as he/she spends their entire day creating new accounts with those providers and registering with us a dozen times a day. Not kidding! For 2.5 years! We're definitely in the mental health world. This person sits there all day, way into 3am, bugging and bugging and bugging, poking and testing, trying to get lost passwords triggered from several accounts, and our members have had enough.

    So far we've had to ban "xoxma wmconnect gobigwest rock.com centralpets.com hotmail yahoo excite hotpop kaxy aol danworld walla msn", and new e-mail services are still being discovered and used by this individual.

    We're painting ourselves into a registration corner as fewer people can join now as a result of these bans.

    If you have the time and are feeling motivated to heroism, can you please share your experience and ideas on how you would deal with this? It's almost a case of stalking!

    My next recourse is to create a 'new members' forum where all new members would have to answer a questionaire to prove credibility, and then we could promote their account to accessing other forum areas. We've just recently moved to vBulletin 3.03 from phpBB2.0.10 and are a little naive at what we can do with this technology.

    I've just recently pruned the 500 or so accounts he/she created over the years. I wasn't pruning to remove the possibility that he/she use the same address twice, but got annoyed at some point hehe.

    Thanks.

    The forum is here : http://www.paxilprogress.org/forums/

  • #2
    Hey, does vB set banning data in cookies? I have a banned user saying they can't view any content while banned, regardless of what IP address they're rotating to. How is this achieved?

    Comment


    • #3
      It checks the cookie, if he is banned and the userid in the cookie matches the banned list, he is banned.

      Comment


      • #4
        Aw crap, tabbing around and accidentally closed an almost completed message... I'll start again...

        First thing first, since you're the admin, you want to setup the playground to your advantage. We can do so by doing three things, 1) Add free email providers to disallowed email list, 2) Add known free proxy addresses to disallowed IP list, and 3) Install miserable user hack.

        Now, let's start setting up the playground. First, go to your ACP > vBulletin options > User Banning Options (in the pull down menu) and find Email banning options. Add these email providers to your list of banned emails. Once you click save, the person must now sign up with his/her ISP email address or a small firm not listed free email provider. But don't click save just yet. While you're on this page, add these proxy IP addresses to your list of banned IPs. Now click save, and not only the person now cannot use free email providers, but the user is also stuck with his AOL rotating IP. Don't worry too much about that rotating IP, it won't help the hulligen one bit... Last step in setting up your playground is to install the Miserable Users for vB3 hack and configure it the way you want.

        Now that your playground is set, lets have some fun... Once the troublesom user registers and identifies him/herself, you can put him into the miserable user group, add him to Tachy Goes to Coventry (ACP > vBulletin Options > User Banning Options), and watch the show. What to look for? Well, you can sit there and watch him/her spend hours and hours trying to make a post but get redirected to forumhome/balnk/server error pages. When he/she finally makes a post/reply, the post will not appear to anyone because of Tachy Goes to Coventry

        There's also a template hack which allows you to lock down certain users so that they cannot signout, but they can always just clear the cookies and register a new; but you don't really need it. Just repeat the same process and they'll get bored eventually.

        Good luck!
        Best Regards,
        Andy Huang

        Comment


        • #5
          After 2.5 years of trolling, I really hope your suggestions are enough to bore them. I mean, I get personal hate e-mail from them despite bans on whatever accounts they've created, but this will at least waste their time and get their posts out of focus so that honest members can enjoy their time more.

          This is invaluable advice! Let's see how this goes. I owe you big. I was running out of ideas!

          Comment


          • #6
            Check the hack at vbulletin.org called Miserable Users.

            Use it on my 10k member forum and works a treat (they just think there are server issues )

            Comment


            • #7
              Originally posted by Jimmy Kane
              Check the hack at vbulletin.org called Miserable Users.

              Use it on my 10k member forum and works a treat (they just think there are server issues )
              did they finally port that to 3.0.x?

              I wanna see the hell ban hack.

              Comment


              • #8
                Originally posted by Neocorteqz
                did they finally port that to 3.0.x?

                I wanna see the hell ban hack.
                Aye they did, works lovely too.

                Comment


                • #9
                  Yeah, Alfarin suggested that, and I've installed it. Now I'm just waiting for the troll to make an account. It seems they're happier bugging me on MSN and e-mail for the moment. I'm happy about that! Keeps him/her away from the community!

                  Comment


                  • #10
                    Originally posted by Jimmy Kane
                    Aye they did, works lovely too.
                    sweet, although i really don't have a use for it, it was a kick ass hack.

                    Comment


                    • #11
                      You can also create a usergroup that severely restricts their access. I call mine "Registered - Restricted". Then just change the usergroup for the offending users, and the problem is solved.

                      Comment


                      • #12
                        I had considered that Dennis, and have done similar things in the past. What happens is that once the troll notices his/her privileges have been reduced, they try to register a new account to resume full access for themselves. One of them constantly registers accounts, to give them a sense of security that 'eventually I'll miss banning one of them', and they'll lie quiet for months at a time hoping I've forgotten a seemingly harmless account created so long ago, and they begin their harassment with a new personna on that account, different writing style, different fake name/location and often from a different public access computer in their city. He/she's even travelled to other cities, I'm guessing to visit family, and spends some time there creating accounts that I can't recognize is his/hers, and begins using them once they get home. I can then only catch them by familiarity and experience in written mannerisms, hours of visit, opinion, and other profile/avatar patterns.

                        This person has jumped ISPs and used free month trials like crazy. They've been on AOL, Wal-mart Connect, Earthlink, Netzero, Roadrunner, AT&T and onward.

                        Really, I don't have a troll problem, I have a stalker problem. This one individual I've had to battle for years is completely relentless. If the affection were only aimed at me, that would be fine, but they harass other community members at the same time. It's his/her full time job it seems.

                        Comment


                        • #13
                          We allow registration by request only. The requestor MUST provide a "real" (ISP-based) email address. If they don't, they don't get in. I run a world news and disaster prep forum, and we also discuss politics and religion issues, so I'm sure you can understand how volatile my forum can be. We get over 30 million hits/month, so we tend to be, um, busy....

                          Comment


                          • #14
                            So that's how the big guns do it! Good to know that my caution is not misplaced when trying to create a harassment-free and productive environment.

                            So did you disable the registration features of vBulleting, and changed the text vB tries to show when a reg attempt is made to write you and make a request? Did you create your own form and put it in the templates?

                            What do you do for MSN customers where MSN *is* their real ISP?

                            Comment


                            • #15
                              I changed the text in the Registration Closed template. I added a detailed explanation of WHY we require non-anonymous email addies, and also included the email addresses to mail a registration request to.

                              Alternatively, you COULD set up moderated registration, and it accomplishes the same thing, but lacks the "personal touch".

                              JMHO

                              BTW, there will always be exceptions. We keep track of these members in a special thread in the Staff Lounge, that we can reference if there is a problem....

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X