Unknown location, what can I do?

There is a user on my forum that I can’t find his location, and he goes to my forum just to cause trouble, intrigue and destruction, what can I do? How does he manage to hide the location?How can I not allow this?

Hi, is the unknown location appearing for all the users? If so, you might need to follow this.

Did you suspend his account?

It only appears for this user, if I suspend the account, he goes there and creates another one, how does he achieve this?

He’s likely signing up with different IP through a VPN/proxy.

It’s a tricky situation to deal with. This Discourse Fingerprint - Browser Fingerprinting Plugin might help you detect early, but there is not much you can do (in the meaning, automatically).

The help of your community by flagging inappropriate content is important.

That’s the ISP for the Opera VPN. You can try banning their whole IP block, but it’s a whack a mole game. One thing you can try is making TL1 harder to obtain and making the forum either invite only or oauth2 only for a while.

How can I leave only oauth2? is there a way to disallow temporary email to register?

Is there any way to prohibit registration by temporary email?

You can define this using the blocked email domains site setting. There is no way to bulk add domains to my knowledge. Maybe someone has more information than me though

edit: I was wrong, see Unknown location, what can I do? - #19 by Canapin to bulk add domains.

Uncheck “enable local logins”

What do you consider a ‘temporary’ email address? For many people, it’s gmail.

I don’t want to speak for them but my guess is that they’re talking about disposable email addresses (from services like yopmail, to provide a single example).

I wonder if something like this would be helpful on signup requests:

When my wordpress site was being bombarded by bogus signups last fall, most of them had either gmail or yandex email addresses. The IP addresses were all over the map, literally.

thank you all for these clarifications, I will do everything that you explained to me, thank you

what did you do to deal with it?

I now require a code on sign-ups, one that they have to request via email.

The good news is I haven’t gotten a single bogus sign-up since then.

The bad news is I haven’t gotten any non-bogus sign-ups since then, either, but that site is not being heavily promoted for signups and is open for non-member read-only access. It generally only gets a few sign-ups each year.

I’ve found that very helpful, I believe I’ve been able to copy paste many at a time, haven’t had to add any in a long time, seems the immature spammers don’t want to actually work for their fun time by verifying burner accounts

All the domains you added at the same time are set as a single string (notice how mailinator.com, altmails.com and sharklasers.com have their own “box”) so I don’t think the domains you added are actually blocked.

If you want to add multiple domains, you must separate them with a pipe: |, as written in the description:

altmails.com|sharklasers.com

Thanks for pointing that out, I did scroll down the list to see how it looked and there appears to be only a handful active as indicated by the boxing, I’d guess those where ones taken from signed up spammers and added singularly, happy I mentioned it so it now clear (since I can’t read)