What's the difference between Suspended and Silenced users?


(Lowell Heddings) #1

Continuing the discussion from Is there a way to block this type of spam?:

In the user administration panel there are two states, Silenced and Suspended. Figured I’d put this up as a new topic for anybody else that might have wondered the same thing.

And the answer…

So to summarize from what I understand:

  • Suspended users: Can’t login at all
  • Silenced users: Can login and otherwise interact, but just can’t post or start new topics

Block users via API or other?
Which setting(s) would prevent Discourse from emailing an old user?
(Jeff Atwood) #2


Suspended users are prevented from logging in. So they are anonymous, not-logged-in users forever.

Silenced users can log in, but can’t create new topics or new replies.

There’s also the possibility of a third deeper level when you ban someone’s IP (or ranges) which is configurable through the Discourse UI, but that is also only checked at login time for performance reasons.

(Jens Maier) #10

One thing of note: iptables controls the Linux firewall and you don’t “ban” an IP but tell the server to ignore any data arriving from that source address. If you accidentally ban your own IP or a range that includes your IP address, you will immediately lose access to the server, including SSH.

You can usually fix this by logging in through a virtual console. For instance, Digital Ocean provides VNC access through their control panel. Still, best to be very careful or exclude the SSH port from such rules:

iptables -I INPUT -s <ip to ban> -p tcp ! --dport ssh -j DROP

Repeat this command with -D instead of -I to “unban” the IP.

(ampburner) #11

OK, great so all the tools are there but you need command line access,

There are no built in admin tools in discourse that for example another admin (without root access to the server or who is not comfortable around the command line) could wield.

Are those kind of features on the discourse roadmap? Because they would be mighty useful.

(Jeff Atwood) #12

Generally blocking sign up by the ips is sufficient and that is built in.

(Omni) #13

Use this with only when necessary.

If you add enough rules to your iptables, you will slow down your server’s connection.
An active server will take a noticeable hit.

(Jens Maier) #14

Do you have numbers to back this? I’d be interested in where the tradeoff point is, i.e. when exactly it becomes more performant to filter connections in the application layer.

Also, performance can be improved by moving all the IP comparisions into a separate chain that is called only for SYN packets:

iptables -N synfilter
iptables -I INPUT -p tcp ! --dport ssh --syn -j synfilter
iptables -A synfilter -s <ip1> -j DROP
iptables -A synfilter -s <ip2> -j DROP

For accepted connections, this is O(1). For dropped connections, this should be O(n) but should be orders of magnitude faster then an IP comparision in the application layer, even if only because a TCP connection is not established if the SYN packet is dropped.

(Alexandra) #19

Just to clarify the last point: Will silenced users be able to send PMs to other users or are they prevented from doing that as well?

(Joshua Rosenfeld) #20

Blocked has been renamed to silenced. I’ve edited the posts in this topic. See “Block” renamed to “Silence”.

Silenced (blocked) users cannot start PMs to other users, or reply to PMs from other users. They can reply to PMs from staff users, so staff can talk to them about why they were silenced.

Specific subforum only for suspended members

Adding to the conversation …

Silenced users posts “from last 24 hours” gets hidden.
And if we enable their account after few days, these posts will still stay hidden.
Say, "in those 24 hours, the user has created like 25 posts, all those 25 posts remain hidden, and most of the times, when a post is hidden other conversations in the thread may stop making sense. I once silenced a user, and then explained him things in PM, he was good to be back, I enabled his account back to normal - but then I had to manually go and enable back “all those hidden posts myself”.

I couldn’t understand 2 things

  1. Why posts from “last 24 hours” gets hidden in the first place?
  2. When we re-enable the user’s account, why are the “hidden posts from those 24 hours” still hidden?

Since then, I stopped using the “silence user” feature, and I started using “suspend user” feature. :slight_smile:

(Alexandra) #22

That’s good to know Joshua. Thanks for explaining what a silenced user can and cannot do.

(fearlessfrog) #23

One odd thing that surprised us was that a silenced user can still flag posts. Is that intentional?

We had a user that didn’t like the way a moderator had dealt with his post. To express their displeasure they decided to flag lots of other posts as way of protest. The user was ignoring the moderators messages to discuss it, so the user was ‘silenced’ and asked to respond to the moderator’s request to talk.

Rather than talk he then went on another flagging spree, this time silenced.

In the end we did a suspend / timeout for a bit and sorted out that way, but it was unexpected behavior of the silence feature I thought I should mention here.

(Jeff Atwood) #24

What do you think @eviltrout? Sounds a bit grief-y to me.

(Robin Ward) #25

This should do it: