[Community] The Trouble with IP Bans
When you should use an IP ban (and when you really shouldn’t)
The utility of a standard, non-wildcard IP ban is actually pretty limited. Subverting them by changing IP is a trivial extra step, the knowledge for which can be garnered with a simple Google search.
They can be useful against a recurring troll who has figured out that they can keep making accounts, but knows little of the internet beyond that. There are certainly less tech-savvy communities out there where those users exist. IP bans can also be useful against trolls who don’t care enough to jump through the extra hoop of changing their IP every time they want to be a pain in your ass.
The world of trolls is home to enough of the ignorant and lazy that this tool will certainly be effective on some occasions. IP bans can also be useful for getting rid of persistent groups of spammers who aren’t bothering to anonymize their connections.
The biggest pitfalls make themselves apparent when wildcards are added to an IP ban. If you ban 184.108.40.206, a user from that single address will be unable to post. The effects of this ban are likely to be limited to the people living in a particular house or workplace.
There is always the risk of collateral damage, but in the case of a single address that risk fairly small. The situation is also complicated by the fact that many, if not most, ISPs recycle their IPs between customers. You’ll never know if a given IP has been re-assigned to a different end user.
If an overzealous community manager notices the troll recurring, and decides to ban 1.2.3.*, the amount of people affected multiplies hugely. If the same manager moves the wildcard further back, the effects will be even worse. You’ll likely never hear from the innocent users who were unable to access your community, they’ll simply go somewhere else. Meanwhile, the troll you were trying to stop can simply change proxies and continue posting unimpeded.
Poorly applied IP bans cause huge problems
Confessions time: in my early days as a moderator I may have slightly, a little bit, kind of, banned the east coast of the United States in an attempt to get rid of a troll. No long term harm was done, but the staff periodically remind me of it to this day. Thankfully, I’m not alone. One of the most common problems I’ve seen in communities are inexperienced moderators and CMs throwing IP bans around and causing enormous headaches.
One CM refused to allow any of the IP bans choking their forum to be removed. They’d decided in their head that they were a renegade cop, who would do whatever it takes to get results. In reality, they were a fool who didn’t understand what they were doing.
In another case, I discovered an IP ban in a system that covered, roughly speaking, the entire subcontinent of India.The defense given for this action was that “most of our spammers come from India”. I’m sure he was right, but so does 17.5% of the population of the world. He didn’t last long. I’ve even seen a Community Manager IP ban their own API, completely breaking their main site’s interaction with their forums.
IP bans are a useful tool. In situations where they’re needed, nothing else will do. For instance, an IP ban (accompanied by a cease and desist letter) is one of the few legally enforceable actions you can take against abusive users. What they aren’t however, is a catch-all. Don’t use them as a hammer that you hit every troll with in an attempt to win the eternal game of whack-a-mole that is community management. Use them surgically, to solve the specific problems that they’re best at solving.
The Dos and Don’ts of IP Bans
Do use IP bans:
- As legal notes of trespass
- To deter low level trolls
- To keep small groups of spammers out
Don’t use IP bans:
- As an “extra strength ban” against all trouble makers
- Without knowing precisely what you want the ban to achieve
- Without being sure of how many people could be affected