Handling trolls with multiple accounts over VPNs

  • Enable must approve users in settings for all new users. Reject all suspicious sign up that comes from VPN, temp-email or anonymous name.

  • Require restrict approval for all new users.

  • Whitelist certain e-mail providers to avoid chances of using temp-emails.

  • Blacklist those e-mail from which troll is generally coming.

  • Set min trust value for message

image

  • Require approval/Block based on certain offending keywords

  • Blacklist offensive username.

  • Block VPN server IP by AS Num. For example, in screenshot I have shown DO.

  • Ask for legal Identity and Address proof as image URL hosted by them in Sign up form under text field. :fire:

4 Likes

I’ll echo this being something that would be useful in trying to detect, and deal with, banned members coming back as new accounts.

It would be very helpful if the system would flag (simply for attention) mods when/if any account logs in with an IP address that is the same as any other account. A match not just for Registration and Last IP, but for any IP that’s ever been recorded.

Could have whitelist to allow admins to take out IP’s that would result in too many false positives.

But, otherwise, having this sort of automatic notification of common IP address for all IP’s ever recorded for all accounts, would be very helpful in letting mods know which accounts to follow up with special attention.

Very little can be done when a troll is not only motivated enough to keep coming back, but is fastidious enough to cover his tracks meticulously.

But trolls seem to pretty much always slip up at some point.

Currently, it requires mods manually checking Last IP frequently and being lucky enough to catch the IP address commonality in real-time. We catch people like this quite a bit, but I imagine that it’s just the tip of the iceberg.

5 Likes

So we’re currently dealing with a problem user who creates a fake account, then gets blocked, then changes their IP with a VPN, creates a new email and then creates a new account.

I have a different suggestion, which I’m not sure is feasible:
A setting that blocks ‘anonymous’ IP address. IP’s from VPN services for example.

Discourse currently uses MaxMindDB to do IP lookups and I see that MaxMindDB has an anonymous ip database. I honestly don’t know anything about the MaxMindDB integration though.

If this were possible it would at least stop users from creating multiple accounts using a VPN to mask their IP. Should cut down trolling a lot.

4 Likes

Ohhh interesting. As a first step can we show whether or not Maxmind tagged that IP as anonymous here @nbianca? Could you take 30 minutes (when you’re back, of course) and see if it’s even possible?

However @RobinTS if you mean a different or additional maxmind database, it’s unlikely we would pull that in. I was wondering if “anonymous” is a designation in the existing database, like the geolocation.

9 Likes

This linked database is paid and “contact us” pricing level, so not something we could ever ship.

12 Likes

Ah that’s a pity. I’ve also seen some APIs out there that you can use to check for pretty much the same thing. I’ve been using this one to manually look up the IP addresses of new users. I’m sure there are others out there that may be better. Sounds more like plugin territory now though.

3 Likes

It may have to be noted that some legitimate users use VPNs (I don’t know exactly the proportion, but I do know I am usually one of them). Totally blocking these IPs would have side effects for them :frowning:

4 Likes

We did a small project a while back in php where we determined for market research purposes where if the verbatim comments where ‘positive’ or ‘negative’. It worked a treat for our custom Net Promoter Score (NPS) results.

Would there be a way to profile the new user from the language they use? Something like … to flag users who have a degree of the same language as specific silenced users.

I personally feel this would be quite viable, provided the user types enough content over a reasonable amount of time. If they only post terse sentences, it’d be tougher.

(Note that I specifically mean “match one unknown user to an existing user based on the words they use, how often and in which order they use them”)

3 Likes

The perspective API plugin will already analyze and store a score for posts, and a data explorer query can give you the average score for users and filter only the recent ones.

If someone tries this and proves it successful we can look into automating it on the plugin.

6 Likes

As @Falco said, that is a paid solution. Instead one could use these IP lists to ban VPN users (or we could add that one to our core to identify anonymous IPs).

6 Likes

Today, I logged out of Meta and wanted to log in again (I had initially written my password on a piece of paper. I now put it somewhere, and I just wanted to make sure I had correctly entered it by doing a copy/paste log in test). Anyway, I got a message “You cannot log in as Mevo from that IP Address” (the one I used for weeks to post, and just logged out with :wink: ). It is through a VPN. So are some VPN addresses blocked now ? Is it Discourse as a whole, or only here on meta ?

Your IP is blocked for some reason, probably because we had problems with a user at that IP before.

5 Likes

Ok, but it’s a VPN used by a LOT of people, so you’re also blocking all potential people wanting to connect using that VPN. It’s interesting to understand with that little example how you tend to run into some problems like this one, using VPNs (1 of the user does something, and the IP shared by a bunch of people gets banned from services :wink: )

Yes, I am OK with that.

4 Likes

Just checking in to see if anyone perhaps did something with this. Would be cool if users that sign up with a VPN IP could be put on hold or silenced (similar to what happens when a new user types too fast, for example).

Idea:

  1. User signs up
  2. User’s registration IP gets checked against the lists that @nbianca mentioned
  3. If it’s a anonymous IP, user’s accounts gets put on hold
  4. User receives a message explaining the situation
  5. Moderator can review the sign up or message the user

Ideally this could be enabled/disabled with a setting for communities who don’t need this.

Background: Struggling with a very dedicated spammer who has been banned three years ago. After their account is deleted, they use a VPN service to create a new one and continue posting as if nothing happened. We manage to catch them every single time, but by then there’s usually some damage already. Would be nice to have some sort of preventative measure.

2 Likes

So much for browser fingerprinting…

This is still the relevant advice @RobinTS. Assuming you don’t have hundreds of new users signing up every day and posting, having staff approval of all new user posts isn’t too onerous.

1 Like

We have about 25-50 on any given day. Some days less and some days more. It’s a global community and I don’t want to punish legitimate users who want to join, but have to wait for a moderator when none may be online at the time. It could negatively impact sign up and community growth.

The user is also intelligent enough to start posting “normally”, like a new user would. Eventually they slip up or we pick up on something.

I guess that there’s no easy solution to this. Or at least not one without some drawbacks. But I thought there would be at least some merit to sharing my experiences here.

5 Likes

I sure get that. It brings the question what can moderators do at signups ?

So, you get a bunch of new users “on hold” because they use a VPN. But then what ?

Wouldn’t it be better to follow a little more closely what these users (using a VPN) are saying/doing ? Without them knowing. Maybe by using the Data Explorer Plugin to spot VPN users, and then follow these users (+fingerprinting +other measures).

EDIT: It would also be better for legitimate VPN users (no hold period or any extra inconvenience) and less work for moderators.