We’ve got a deranged person who is using proxies, fake emails etc. to bomb our site with the products of his paranoia. He’s clearly getting a lot of gratification out of being deleted for “censorship” and coming back with a new sock-puppet ID within a day or less. And he has escalated to making violent threats against moderators in personal messages. We’ve tried most of the obvious things, but they aren’t that hard to get around if you’re determined and motivated by misplaced revenge fantasies.
He’s using various IPs, but one commonality is that they all map to something called “HERN Labs AB” in the Netherlands. So far as we can determine, no other users are associated with that IP. Most of them are in a range around this IP 2001:67c:198c:906:2::256.
Is there a way to blacklist HERN Labs AB by name?
I tried using a wildcard (*) to block the range of IPs rather than the specific one he’s using (which always changes). I’ve read that it’s possible to do this in Discourse, but when I’ve tried it, it doesn’t seem to work. Similarly with trying to search on the suspect IP in the users list using a wildcard, to see if there are any other similar accounts lurking—that doesn’t seem to work either.
We’ve alerted our legit users that they can instantly hide his posts by flagging them as Spam, which seems to be helping a bit.
We’re keeping an eye on the New Users list and silencing any suspicious looking accounts that pop up, but we’re volunteers, so tightening up the automated solutions would be preferable.
Any other suggestions? I assume he’ll get bored eventually but it could be a long time as he really seems to be getting off on the whole whackamole game. Makes him feel clever. And the violent threats indicate a level of demented determination that he isn’t easily going to give up on. We’d appreciate answers to any of the above or suggestions of things we may not have thought of.
In Admin / Logs / Screened IPs you can make a Block rule for 2001:67c:198c:906::/64 - that’ll block anything on the local network he’s using.
If you want to block HERN Labs entirely, you could instead block 2001:67c:198c::/48, but the wider you get the more chance you have of hitting a legitimate user.
○ → whois 2001:67c:198c:906:2::256
% This is the RIPE Database query service.
% The objects are in RPSL format.
…
inet6num: 2001:67c:198c::/48
netname: HERNLABS
…
I may not be much help because I’m only familiar with IPv4 not IPv6. Anyway, AFAIK the header search finds IPs as a substring match but the Admin User searches use “subnet masks”. You can still search by wildcard in a way, but by bits. eg. 123.123.123.0/24 will match IPs 123.123.123.0 to 123.123.123.255
Yes, that’s why we’re also considering maybe a more social-engineering approach to hopefully deprive him of some of the emotional payoff he’s seeking as well. His great claim is that we’re “censoring” him by this treatment because we don’t want to hear what he’s saying (apparently we’re an astroturf op for Big Pharma, who knew?). Whereas in reality LOTS of members bring up the exact issues he’s exercised about, but they discuss them intelligently rather than scream and shout and break things. And the community easily sees through the sock-puppet accounts to realize it’s obviously the same guy. But he’s using this behavior to cast himself as the hero of his own fantasy epic. So one thought I had was to just freeze one of his posts, lock out further comments and silence the account, but leave the post visible, with one single comment from admin explaining the situation. Here’s what the guy has to say, so read it and be impressed—or not—and understand that the reason he keeps getting banned is because of sockpuppeting, abuse, threats against staff and the rest. My thought is to PIN that post at the top of the forum for a week so he knows everyone can see it, undermining his claim about censorship and depriving him of the hero role he craves.
But meanwhile, if we could also narrow his access to the forum by technical means that would help too.
That’s really helpful, @JimPas. We’ll try contacting their abuse line. Trolling is one thing, but this guy is making physical threats, and he’s been consistently running his junk through Hern Labs.
It might take some massaging to get to work, but you could also try the shadowban plugin. That way he has no feedback on the fact that he’s banned, until he realizes he’s getting no responses, so the cycles between sign-ups are longer.
That’s a great idea—one of the other admins suggested something like this but I didn’t know there’s a plugin for it. Definitely will check it out. Troll has been idle the last 4 days, but I love the idea of leaving him alone in the closet with no one to talk to. Thanks for that tip!
Let’s be real, it doesn’t really seem possible to totally block someone from registering again to your forum with a different username / informations / IP / browser and maybe even device.
Shadow banning may work for a little while, but sooner or later, he’ll probably figure out what is happening. And then, it will be useless, as he’ll know.
The better thing I see would be to actually talk to him and find a solution with him. For example, why not let him have access to just one thread (his own personal thread), that anyone could then easily mute if they want (or maybe not. Their choice. They can even follow it, and/or engage with him if they want). This may be an acceptable solution for both of you, and it would stop him for good, while at the same time he would not be censored and hardly be able to claim so anymore.
(I don’t know if you can easily restrict someone to one single thread. I hope so)
That’s along the social-engineering lines I was thinking of, yeah. Engaging him directly hasn’t worked—he just spews venom and threatens physical violence. But allowing one of his posts to stand as representative of the point he wants to make, but not allowing discussion on it because it leads nowhere except to confrontation and insults to other members.
For now, he’s quiet. There’s a chance (from what he’s posted about his mode of life and current circumstances) he’s been incarcerated. That would be ok with us.
Here’s what the interface looks like.
You can choose different locations.
Depending on if the VPN feature is enabled or not, other settings may be changed automatically.
As you can see here, the WebRTC setting changes automatically.
This actually happened to us years ago; one troll disappeared for 6 months and after he returned we learned through other sources that he had been in jail. People will never stop to surprise you
