Dupe ban accts with same IP not being auto caught anymore


(Dylan Hunt) #1

Discourse used to auto-catch ban evaders by matching IP. However, we recently had a case with the latest Discourse version where the guy made 2 more accounts after a ban, all with the same IP:

How is this possible? Is this a bug? Or did I miss a patch note?


(Jeff Atwood) #2

You’re 100% sure this IP was on the blocked IP list? Suspending an account doesn’t ban the IP; only deleting an account as a spammer does that automatically.

Or of course adding the IP to the Screened IP list manually.


(Dylan Hunt) #3

Hmm, why wouldn’t it, though? The ban somewhat defeats its purpose if the account isn’t at least auto flagged.

All of our mods, including myself, are fairly certain it used to (although we could all be wrong and faced coincidence). What’s the point of banning if they can just swoop back in unnoticed?

Is there an option to auto ban or at least flag (flagging at minimum should be default, IMO) when a dupe is detected when banned?

The system often flags users that are dupes, anyway, but not when banned? Something doesn’t seem right.


(Jeff Atwood) #4

Not to my knowledge, suspending has never blocked the IP of the suspended user. If this did happen, it would be trivial to evade via VPN anyways, if you’re deaing with anyone even mildly sophisticated.

No, it has never worked that way. You can look up the IP on a user profile to see any matching users by IP though, that’s been a feature for many years.

There is an official browser fingerprinting plugin we’re working on with @udan11 but it’s still got some bugs to work out.


(Dylan Hunt) #5

Good to hear about the browser fingerprint. However, the average person doesn’t have a VPN. The word alone intimidates tons of people. Otherwise why even have a blacklist system for IP? Its the same concept. Sort of like paywalls for games. It gets rid of the majority of Trolls. IP banning does the same.

It’d make sense to at least flag them for mod review upon detection.


(Jeff Atwood) #6

There’s already spam prevention for multiple new users signing up from the same IP, you could turn that site setting down if you like but you can expect a lot of false positives.

Note that there are zero other topics complaining about this – that suspended users must be automatically IP banned as well – in the last 5 years, that I can recall. So you might want to reconsider whether what you view as so “urgent” … is in fact an urgent issue :wink:


#7

Moderator on a Discourse forum since Spring 2017 here: I also longed for a single-click function on the user’s admin page to block their IPs (Last & Registration) for that member every single time I had to ban someone, but I kind of assumed no-one else minded having to go to burger > Admin > Logs > Screened IPs, paste it in, get that OK dialogue, have to click reload if the person displays 2 IPs…

It seemed too whiny and lazy and time-consuming to me to bother logging in here, and posting about it, basically requesting people put in hours of work to save me seconds of copy-paste, on at most a few occasions a month; also, I felt I should run searches and see if it had already been addressed and nixed, so never bothered. :slight_smile:

Urgent? Maybe not, though again it depends on how many of your staff are volunteer moderators, enthusiasts on the forum’s topic who are fitting in forum checks between work, family, other commitments, and how they may experience the added workload of the extra steps needed each time.

Especially because when you copy the IP straight off the member’s admin page it carries a space at the start (which copies elsewhere as a linebreak, not sure what that’s called), and that has to be manually deleted from the field before the IP can be blocked.

In the busyness of handling things after someone has had to be banned, maybe sending PMs and also trying to log everything relevant, it’s the most annoying thing in the universe in the 3 seconds it takes to be told

… but then, I backspace it and do the block, and forget about it until next time. :slight_smile:

But it’s all worth it, because IP blocks are still an amazingly useful tool even now, and even with quite serious trolls.

While I have the list open, other things that would be nice on the same theme:

  • single click to copy their IP and information on Location and Organization to my clipboard, so when I add this to Staff (where I am logging who was banned and why) I can paste it in one step. These have had proven value identifying grudge-bearing people who try to return.

  • option to automatically add Banned as a title, so valued members don’t PM them/try to get into conversation, and feel upset to not get a reply.

That does have the same arguments against as IP address, this was what my computer showed me just now:

fingerprinting

And the add-ons that did this are free, unlike a decent VPN. :slight_smile:


(Jeff Atwood) #8

If you are looking for a more nuclear solution, delete them as spammers instead – flag one of their posts for spam, then press the “delete spammer” button. This deletes all their posts, and automatically adds their IP and email to the blacklist.

We generally favor feedback from paying customers first, and we’re not hearing “you must ban IPs every time you suspend someone” from our paying customers at this time. Or even in the last four years, that I can recall.

Bear in mind that IP banning is not a risk free operation, either. If you ban a shared IP, you could have “banned” entire companies, apartments, etc. This tradeoff is generally worthwhile for spammers, but for garden variety suspensions?


#9

There could be good reasons to keep their other posts though, so casting my mind back over recent bans where IP block was used, deleting their posts would have been a net loss, and I still have to copy-paste their Location & Organization for pattern recognition.

Sometimes people wig out after being active, even valuable contributors for a while, if their ego gets prickled or something, or some deep-hidden weirdness (like a tendency to start populating with sock puppets once bedded in, then arguing with themselves) comes to the fore, but it seldom requires nuking their entire presence.

None of this is remotely urgent, nor is the current workflow confusing, it’s just a “would be nice.” :smiley:


(Jeff Atwood) #10

Right, but it also seldom requires nuking their IP, which can have other consequences if that IP is shared.

Not a fan of heads on a pike, though.

Sure, that makes sense… @misaka4e21 did you want to take that? basically a copy to clipboard button on this IP lookup dialog


(Yihan "Misaka 0x4e21" X.) #12

In which format should we copy to clipboard?

From Hostname to Phone 716, or should I include the IP address associated with the dialog?


(Jeff Atwood) #13

I would say all the info in whatever format you think works best is OK with me!


(Dylan Hunt) #14

If this is the main reason it’s not a feature, then should we just nuke the ban IP feature, too?

The main point is that it should be up to the board admin, as different boards have different specifications and requirements and to each their own. Mentioned in OP, instead of IP banning, perhaps simply flagging them (put on hold instead of ban) would make more sense and would resolve your VPN concern, should the board owner choose to enable it. Perhaps your paying customers thought the board does this already? I went two years thinking it did this already until I realized it did not when some banned alts made it very obvious.

Most banned alts are going to be subtle. That’s why your paying customers have not said anything. That’s why I didn’t know until recently. The paying customers dont know that the banned are among them - unflagged, unmoderated, and on alts no one knows about because there are no awareness flags raised.


(Yihan "Misaka 0x4e21" X.) #15

(Jeff Atwood) #16

It’s a good tradeoff for confirmed spammers. In my experience, they’re usually from strange countries that shouldn’t even be represented in your typical userbase. So the risk of an IP ban to, say, vietnam, is quite low.


(RĂ©gis Hanol) #17

This is now merged.

A couple of feedbacks

  • when clicking the “copy” button, it should tell the user something happened. Changing the text to “Copied” for a short while would do the trick

  • there are lots of leading/trailing whitespace. Nothing a trim() can’t fix :wink:


(Jeff Atwood) #18

We’ll need to make those changes as the internship is complete! Perhaps @nbianca could take them?

Example result pasted here from the copy button on the IP lookup form cc @Ubik

IP: 104.238.46.xxx
Location: 40.7317,-73.9885 New York, New York, US
Organization: AS8100 QuadraNet, Inc

Thank you @misaka4e21 for getting to this final little request :bowing_man:


#19

Thank you & to everyone who worked on this! :+1:


(Bianca) #21

Fixed by


(RĂ©gis Hanol) #22