2013-01-12, 12:49 PM
The "hellban" plugin is a small step in the right direction as it allows you to "ghost" a user to the rest of your forum community. Anything the user posts is invisible, but the user doesn't know it because THEY will see their own posts.
I'd love to see this type of idea expanded on in 2.0.
1) Ghost/Hellban an IP address or IP range
This means that if you know a spammer is always coming in from the same IP or IP range, you can ghost him and he won't even know it. HE will see his own posts and everything, but anything he posts (or sends privately) does NOT get seen by anybody else on the boards. Basically it keeps the person hellbanned whether they're logged into their account or not, because otherwise, it would be very easy to figure out you're hellbanned.
2) Ghost/Hellban viewing privileges spread to ALL users from the IP of the hellbanned user, so NONE of them realize the user is hellbanned.
Basically if you put a hellban on "Sarah" and she's living with "Tom" then we want "Tom" to have NO IDEA that Sarah got hellbanned. Since Tom is on the same IP as Sarah, then Tom SHOULD see all of Sarah's posts even though nobody else on the forum can see them.
3) Manually link viewing permissions to specific accounts.
If we know for a fact that "Jim" is romantically involved with "Suzy" and we have to hellban Suzy, then we already know that we're going to want to extend the "trick" to Jim's account so Jim doesn't realize that Suzy got hellbanned. This will accomplish the same thing as step #2 above, but manually, because Suzy and Jim have a different IP.
4) User Agent detection and crosschecking with recently banned individuals' user agents.
As we all know, a user agent isn't as "specific" as an actual fingerprint would be, but it does help give us a clue as to who is who. I'd like a feature where, if I perform a ban to a user, then I automatically get a "quiet" entry in a log of people who have created accounts with this exact combination: (from an IP never used in our system before, plus matches the user agent of a banned party from the last 3 hours, plus came to our site from a directly typed URL rather than by clicking a link from somewhere)
So basically if that formula matches a NEW signup, I have that person's name on a "possible risk" list. That right there will give me the heads up I need in order to perform some manual searches on this user's info and quickly figure out if they're legitimate.
4b) If a "flash cookie" can also be stored on a users system and then checked later on (and used to verify that it's the same user as before) then that also should be implemented to what I'm describing in step 4 above.
Sum up...
It's all about tricking the person who is violating your rules, AND keeping it difficult for them to "check" if they've been ghosted to the public. Their fellow spy accounts and friends NEED to also be "fooled" which can be done with a combination of automated and manual actions like those above.
I have more ideas that can expand on this type of thing further.
I'd love to see this type of idea expanded on in 2.0.
1) Ghost/Hellban an IP address or IP range
This means that if you know a spammer is always coming in from the same IP or IP range, you can ghost him and he won't even know it. HE will see his own posts and everything, but anything he posts (or sends privately) does NOT get seen by anybody else on the boards. Basically it keeps the person hellbanned whether they're logged into their account or not, because otherwise, it would be very easy to figure out you're hellbanned.
2) Ghost/Hellban viewing privileges spread to ALL users from the IP of the hellbanned user, so NONE of them realize the user is hellbanned.
Basically if you put a hellban on "Sarah" and she's living with "Tom" then we want "Tom" to have NO IDEA that Sarah got hellbanned. Since Tom is on the same IP as Sarah, then Tom SHOULD see all of Sarah's posts even though nobody else on the forum can see them.
3) Manually link viewing permissions to specific accounts.
If we know for a fact that "Jim" is romantically involved with "Suzy" and we have to hellban Suzy, then we already know that we're going to want to extend the "trick" to Jim's account so Jim doesn't realize that Suzy got hellbanned. This will accomplish the same thing as step #2 above, but manually, because Suzy and Jim have a different IP.
4) User Agent detection and crosschecking with recently banned individuals' user agents.
As we all know, a user agent isn't as "specific" as an actual fingerprint would be, but it does help give us a clue as to who is who. I'd like a feature where, if I perform a ban to a user, then I automatically get a "quiet" entry in a log of people who have created accounts with this exact combination: (from an IP never used in our system before, plus matches the user agent of a banned party from the last 3 hours, plus came to our site from a directly typed URL rather than by clicking a link from somewhere)
So basically if that formula matches a NEW signup, I have that person's name on a "possible risk" list. That right there will give me the heads up I need in order to perform some manual searches on this user's info and quickly figure out if they're legitimate.
4b) If a "flash cookie" can also be stored on a users system and then checked later on (and used to verify that it's the same user as before) then that also should be implemented to what I'm describing in step 4 above.
Sum up...
It's all about tricking the person who is violating your rules, AND keeping it difficult for them to "check" if they've been ghosted to the public. Their fellow spy accounts and friends NEED to also be "fooled" which can be done with a combination of automated and manual actions like those above.
I have more ideas that can expand on this type of thing further.
Kind of like quoting you to agree but then continuing to make my case for Nathan/others who might be looking on.