This is directed to any admin or mod from any message board.
I administer a small free vB board, Door County Message Board, and recently have been inflicted with what appears to be a semi-automated registration. I will be slightly vague about the details for possible legal reasons, but so far there have been 5 names that come from the exact same IP. Each has a different domain, but all resolve to the same registration name in December 2004 in Cyprus. (And although I welcome visitors, I have nothing to do with Cyprus.) None of the domains are active from a public web sense, and I’ll give one as an example: lightblondevagina.biz.
Except for one, the user names appear randomly generated. Some names have completed the registration, some are waiting email confirmation, so there may be a human in the loop. When the first two appeared, I deleted the accounts and emailed them (at a yahoo account), allowing them to contact me with an explanation if I made an error. No replies so far.
Then I thought it might be best if I kept one account active so I could monitor things and find out what they are up to. But I’m not sure that is the best policy.
None of the accounts have posted anything, even though the first was around for about 2 weeks until I spotted it and became suspicious.
Now I don’t want anyone to reveal any secrets or tricks that shouldn’t be made public, at least in this thread, but I am curious as to how others handle this kind of threat. I have floodcheck turned on, and I am never more than a few hours from detecting any bogus activity, but I sure don’t want to turn on my computer one morning and have to delete 400 junk accounts. And just what do these assholes think they will accomplish? They will get bumped immediately if they post commercial messages, and the FAQ warns of that clearly. What’s the point?
Tell me what you would do. Right now, I expect I will delete the accounts, block the IP and hope that does the trick.
I’m the admin for a local, public, general-interest board. We have about 1500 registered users, but not more than 50 who post regularly.
I’d ban the suspect usernames. Don’t delete them, ban them; this serves two purposes. One, if they turn out to be legit, you can unban them (Note: this won’t happen). Two, if they’re deleted instead of banned, they can just come back and register that username again.
If you’re worried about seeming too harsh in case these “users” raise a stink, send an e-mail of warning first to the usernames from your mod e-mail account. (I assume you have a special e-mail account for this? If not, I have gmail invites aplenty; drop a line and I’ll send you one.)
One general note: I’d been on the SDMB for a couple years before I became the mod for this board. Until that time, the SDMB was the only message board I’d ever seen, and I originally caused quite a lot of consternation by trying to make that board run like this one. If you haven’t already, go ahead and accept that that board will never run like this one. The general Internet standard for message boards is simultaneously more lenient and more Draconian than the standard here; flaming, general shortsightedness, and an appalling lack of cites are the norm.
Good thoughts, jackelope. Not so good, Case Sensitive.
I never had to ban a user before (such awesome power!), so forgive this newbie question. Where is that function in the Admin CP? VBulletin 2.x doesn’t seem to have a “users->ban” option as described in the online Vb manual. Do I need to create a “Banned Users” group with very limited privileges, then move the user to that group?
Can’t help you there, as we’re not using vBulletin. We use a board software called InstaBoard (which by the way totally sucks donkeyballs), and if you’re logged in as a Mod or Admin then each post has a little drop-down menu at the bottom with options like “deactivate user” (which is the same as banning), “block IP address,” and some others.
Then each thread has a menu at the bottom of the page with options to hide/close/move/delete the thread or the forum.
Finally, there’s a double-secret site for admins, where one can edit users’ accounts, changing usernames and passwords, and also make lots of changes to the forums themselves. You can also ban/unban/delete users that way.
Again, though, InstaBoard SUCKS: full of horrible bugs, no support (well–it is free), no stickies, etc. So far the worst bug we’ve run across was when I wanted to appoint a new Mod a few months ago; I’d recruited a sucker to take over a lot of it. So we created a username for him, and when I gave that username Mod-status, that resulted in EVERYONE having Mod status, including site visitors who weren’t even signed in at all.
It was awful; everyone had the authority to ban anyone they didn’t like, with total anonymity. As you can imagine, it was chaos for a while. Also I know exactly who did most of it; it was a previously banned and extremely unstable user who still reads the forum regularly to see if he’s still being talked about (which he is, for some reason). But knowing it was him doesn’t help; what am I going to do, ban him again?
I used to be a moderator on a huge forum (more than 100,000 members). We sometimes got dozens of bogus registrations an hour. These usually turned out to be disgruntled persons who had been banned for misbehavior and who hoped to stir a little trouble under new usernames. There was one troll who must have come back from the dead a hundred times.
Occasionally it appeared that some sort of bot was attempting to register multiple accounts. But since registration was not complete until a passcode was emailed to the user, the bot efforts generally failed, and those registrations were never activated.
Whenever you get a spate of new registrations from one source, I would suspect mischief from banned users. Spammers are a possibility, but I think irate former members of the board are more likely to register repeatedly.
One more thing: I agree with jackelope’s advice that it’s better to ban the suspected usernames rather than deleting them. It keeps the names out of circulation, it gives you a permanent record, and it can be undone if it turns out that the new user was legit.
I’d be curious if SDMB had any similar guest registrations (you can view the detail on my post in the linked thread). Although I will completely understand if SDMB admins do not wish to show their hand and talk about it here.
Your board seems small enough (188 members) that you might be able to do what we did with our equally little Yahoo board. Require all new members to be approved by the mods first. I’m not sure if that kills the ability to get new membership (my board is very sleepy by nature) but it sure keeps out the porn spammers.
Then, you could personally welcome new members to your board, because you’ll be involved in approving the membership.
Good idea, Cheesesteak, to verify users before accepting them. If the problem gets too much to handle, I’ll do it that way. But, since there isn’t an admin on duty 24/7, it might delay someone’s activation, and that might not be good. My users tend to be computer-shy and just about everything scares them away.