Keeping a troll out - IP bans considered harmful? What to use instead?

Question

I run the technical side of a discussion forum, which is plagued by a troll (a single physical person, as far as I can tell). It seems that the community has exhausted all means of communication (it is, beyond reasonable doubt, a net.troll, not a clueless user), including face-to-face.

I may need to block that person from visiting the site, but I'm not sure how (it already refused to leave of its own accord). The site needs registration with an e-mail address, which gets you a username. I could block the username, but the troll could just as easily register a new one.

Now, there are plenty of Q&A on "how to do an IP ban and at what layer", but is it worth the hassle?

Would an IP ban be useful for blocking a troll? If not, what? Or, could I combine an IP ban with some other form of protection?

The issues I have with IP bans are numerous:

• the troll comes in from several different IP blocks (home/school/open wifi/...?)
• the IP addresses seem to be dynamically assigned (usual with DSL here)
• I suspect sock-puppetting with new accounts, possibly through proxies and/or VPN
• at least in one case, there are other users coming in from the same IP (I suspect a large NAT - confirmed: in this case, there's a whole university accessing the web from behind a single public IP addresss)

It seems that I'll be fighting a social issue through technological means, and the prospects of that seem bleak.

Answer 1

Can you implement a "global ignore"? At its finest, this lets the troll see its own posts, but nobody else sees them at all. This gives the troll no feedback from outraged community members, but no clue that the reason is the posts can't be seen. I have seen this work, meaning that the bad behaviour stopped.

Answer 2

You could require moderator approval for accounts, but the effectiveness of this depends on how large your community has grown. For a small community, have the trolls queue up at the gates makes them lose interest very quickly, especially if you're looking for patterns in account signup information.

For large communities, the effectiveness of techniques used depends on how well they are used. Shadow banning aka muting the troll, can backfire if it is an innocent bystander. One effective way of handling this is to not mute the troll, but to ensure that bans on accounts are not made public; one wouldnt want to drag the community into it.

Answer 3

If you prevent users from registering with free e-mail accounts (create a ban list of e-mail domains), you can cut down on the ability for the troll to re-register every time a username is banned. Of course, that can make it harder for legitimate users to register. If possible, you could combine techniques (require approval for free e-mail addresses).

Answer 4

Ban all the account information, so when an account is banned, so is for example the email address.

Won't stop them but opening multiple email accounts as well as having to sign up again has to get pretty annoying.. if they create their own mail server, ban the domain?

Answer 5

Think of as many ways as possible to identify the user, and try to use them all. Also, make it hard for the user to test your systems - e.g. if you detect him, block all signups and posting from that IP block for 60 minutes.

Some ways to identify a user:

• E-mail address
• IP address
• IP address block
• Cookies
• Flash supercookies
• Windows Media Player unique ID (if enabled)
• HTTP headers (browser version etc)
• See https://panopticlick.eff.org/