Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Image

Punish Bad Users With Drupal Misery 418

If you're sick of banning or deleting troublemakers on your Drupal website, you might want to check out Misery, the module designed to give trolls a taste of their own medicine. Creating a random length delay for a user, redirecting them to a random page, presenting them with a 404 error, and crashing their browser if they're using IE6 are just a few of the things you can make users endure with Misery. I'm still waiting patiently for a Punch In the Nose module, but this is a good start.

*

This discussion has been archived. No new comments can be posted.

Punish Bad Users With Drupal Misery

Comments Filter:
  • by cruff ( 171569 ) on Wednesday April 27, 2011 @11:31AM (#35954238)

    When I read the title I thought it was about being forced to use Drupal at all.

    • by jc42 ( 318812 ) on Wednesday April 27, 2011 @12:56PM (#35955340) Homepage Journal

      When I read the title I thought it was about being forced to use Drupal at all.

      Yeah, me too. A couple of years ago, some clients wanted a drupal-based web site, and I thought it looked interesting, so I, uh, "volunteered" to learn to use it. I bought a couple of textbooks, and found online teaching sites. A month later, I'd produced nothing useful. I'd asked a good number of "How do you ...?" questions on the forum, and the people there were very nice -- but they never actually answered my questions. All sorts of things I tried didn't do at all what I expected, and often I couldn't figure out just what they did instead. Finally, the client was getting tired of saying "We need something soon", so I spent a week building their site by hand, mostly by writing a bunch of perl CGI programs that generated the site from their data. They liked it, started asking for more features, and they're still clients (though the site mostly runs itself now).

      Since then, I've had occasion to advise others looking at drupal to "Don't bother." Or sometimes "You'll be sorry." And I've read a lot of similar comments from others, so I guess it hasn't gotten much better.

      Drupal does have some good PR, though, and they're pretty good at impressing non-techie managers. And they might have some good stuff, if you can figure out how to make it do what you want it to do. I can't tell whether it's good or not, because I seem to be too dumb to understand how to make it work.

      • You're not alone. I'm the webmaster for several 501(c)3's, including one that I helped found, and everyone clamors for Drupal. I looked at the documentation on 4 or 5 occasions and said "No thanks, I'll roll my own much more quickly"
      • by operator_error ( 1363139 ) on Wednesday April 27, 2011 @01:52PM (#35956046)

        Drupal is first and foremost a professional publisher's platform with no compromises or apology. Drupal upgrades between versions are something I'll choose not even to discuss; because the pros know what to do already. Developer's are supposed to learn how to handle the professional tools for the job; it can take years for the pros to do this, and often does.

        There's advantages and disadvantages to everything, so why not embrace the advantages while trying to work past any (initial?) disadvantages?

        One advantage Drupal offers as opposed to rolling your own is the security of a lot of eyeballs against common SQL injection attacks, which seems ultimately responsible for taking down HBGary and the probably the Sony PSN network too. Hey, the White House uses Drupal publicly, and internally to replace famously-inept emails systems, along with NASA, the congress, the Economist.com...

        Also from the owners' point of view, the Drupal framework is going to be easier to support than your system if you're not around, (and you can sell that as a feature, now).

        • by mangu ( 126918 )

          Your points are very relevant about the roll your own vs. use a framework debate, but Drupal is not the only framework available.

          What I would like to see is a comparison between Drupal, Rails, and Django. The problem is finding a way to compare those three without falling immediately into a flame war.

          • by cwgmpls ( 853876 ) on Wednesday April 27, 2011 @03:01PM (#35956908) Journal
            You won't find a framework comparison between Drupal, Rails and Django, because Drupal is not a framework. Drupal is a CMS. Rails and Django are frameworks. You can used Rails and Django to build a CMS if you want to. You can't use Drupal to build a CMS, because it already is one. You'll find plenty of comparisons between Rails and Django if you Google them -- they are both frameworks. You'll also find plenty of comparisons between Drupal, Joomla, Wordpress, and Plone -- they are all CMSs. You won't find a framework comparison between Drupal, Rails and Django.
        • If it takes years for a professional to learn how to effectively use any piece of software, that's a sign that the software is very poorly designed indeed.
          • How long does it take to learn to develop SAP or Oracle business applications, for example? How much does such a job pay? Maybe 'relatively complex' environments have something going for them after all? I mean these things are in-place with their own markets for developers to engage in. (And books exist, while open-source code is actually a.v.a.i.l.a.b.l.e, and legal!) If one expects everything to be sugar-coated as simple as an iPhone GUI, one might expect to earn less per day as well. The converse is true

        • Drupal upgrades between versions are something I'll choose not even to discuss; because the pros know what to do already.

          Why don't you discuss it?

          I would expect a "professional publisher's platform" to be able to handle upgrades between versions seamlessly, or very close to that (possibly tool-assisted migration path).

          I would expect a hack someone threw together and grew into a monster to be a pain in the !@$# to upgrade between versions, if it were even possible without major rewrites.

      • by cwgmpls ( 853876 ) on Wednesday April 27, 2011 @02:55PM (#35956822) Journal
        You think Drupal has gotten to over 7 million installs based on good PR? I've been building Drupal sites for over four years. I remember the first time I tried it, I had a site up and running from scratch in a couple hours. I'm not sure what you bought the textbooks for. The facts speak for themselves: over 7 million installs, and one person who can't "understand how to make it work".
  • by Anonymous Coward on Wednesday April 27, 2011 @11:32AM (#35954254)

    If Misery isn't enough for you, you can try the module "Crime Against Humanity". It forces the trolls to admin a site that runs Drupal.

    • Another easy way to randomly delay users, show them the wrong data, and return 404 errors under load is to build your site with one of those trendy Rails frameworks. Make sure to use MySQL with MyISAM "for speed" if you want even more inexplicable service outages.

      A third implementation would be to redirect the trolls over to the version of the site hosted in "the cloud".

  • What code are they using to crash IE6?

    • by recoiledsnake ( 879048 ) on Wednesday April 27, 2011 @11:36AM (#35954306)

      HTML code

    • by RagManX ( 258563 )

      Almost any modern HTML + CSS page? :)

    • by kikito ( 971480 )

      White space.

  • Trolls (Score:5, Interesting)

    by parlancex ( 1322105 ) on Wednesday April 27, 2011 @11:35AM (#35954292)
    I always thought the most effective way to combat trolls would be to silently flag their account, allowing them to post and continue viewing the forums as normal, but everything they do is completely invisible. The system could also generate fake replies to their replies and threads, also completely invisible.
    • Re:Trolls (Score:5, Informative)

      by _0xd0ad ( 1974778 ) on Wednesday April 27, 2011 @11:39AM (#35954354) Journal

      So that would be...

      If you want to give your trolls the silent treatment try the Cave [drupal.org] module.

    • Trolls usually equip themselves with multiple accounts, I think they'd figure that little goodie out rather quickly

      • They might, but not as fast as they would if the accounts were simply banned. There's probably also a good number of trolls who only bother to create a new account when their current account is banned.
        • Re:Trolls (Score:4, Interesting)

          by parlancex ( 1322105 ) on Wednesday April 27, 2011 @11:49AM (#35954532)
          And actually now that I think about it, you might as well just put all the troll flagged accounts into the same bubble, so they could see each other's posts, but they would all be invisible to everyone else. That would be much more difficult to detect.
          • Re: (Score:2, Redundant)

            That would be way more hilarious heh!

            "Trollspace": where Trolls troll Trolls

            • That would be way more hilarious heh!
              "Trollspace": where Trolls troll Trolls

              They already have that. It's called USENET.

          • Re:Trolls (Score:5, Interesting)

            by Animats ( 122034 ) on Wednesday April 27, 2011 @12:13PM (#35954818) Homepage

            you might as well just put all the troll flagged accounts into the same bubble, so they could see each other's posts, but they would all be invisible to everyone else.

            That was seriously considered for an early MMORPG. Annoying players would be dumped into a dungeon level full of NPCs and other annoying players, where they could flame war and player kill as long as they wanted, without bothering anybody else. It wasn't done due to resource constraints, but it remains a good idea.

            • The main difference is that I would want the trolls to still see all the legitimate posts as well (or in your case, players) so it is difficult or impossible to tell you've even been flagged. Once trolls know they've been taken out they tend to find another way back on, so the best way to fight them is to make it hard for them to tell they've been silently banned at all.
            • Re:Trolls (Score:5, Funny)

              by blair1q ( 305137 ) on Wednesday April 27, 2011 @01:22PM (#35955662) Journal

              No, it's a total success. We called it World of Warcraft.

            • by Tynin ( 634655 )
              One of the places I worked at provided shared web hosting. It was pretty normal for a single server to have ~300 accounts on them, and generally the servers would purr along without any issues. Customers who were constantly eating up more than their share of resources would get silently migrated over to what we called the swamp servers. That way all the customers who were resource hogs but to cheap to go with a VPS/dedicated server/colo solution could use as much resources as they wanted with other abusive
          • What happens when the troll version of the site has more traffic, viewers, comments, and ad generating revenue than the non troll version? Which one is the true site then? Do the trolls then rule?
      • It can be done by IP.

    • Re:Trolls (Score:5, Funny)

      by FriendlyPrimate ( 461389 ) on Wednesday April 27, 2011 @11:48AM (#35954508)
      Interesting. Why do you feel that the most effective way to combat trolls would be to silently flag their account, allowing them to post and continue viewing the forums as normal, but everything they do is completely invisible. The system could also generate fake replies to their replies and threads, also completely invisible?
    • silently flag their account, allowing them to post and continue viewing the forums as normal, but everything they do is completely invisible.

      That's the Graklaw Pan Jones Module...

      http://www.zdnet.com/blog/open-source/groklaw-accused-of-censorship/7826 [zdnet.com]

    • vBulletin has had this option for years (not including the fake replies, of course), called "Tachy Goes to Coventry".

  • Bad idea. (Score:4, Insightful)

    by CountBrass ( 590228 ) on Wednesday April 27, 2011 @11:37AM (#35954328)

    Bad idea.
    All it will do is generate hundreds of bug reports.
    And. It doesn't really address the problem. If 'Misery' can auto-magically detect trolling why not just auto-ban or auto-suspend and give an explanation?
    That assumes of course that 'Misery' can detect trolling reliably -which I doubt- so realistically it's going to annoy 'normal' users, ie the ones your web site presumably wants to keep, who will just think your web site is badly written and buggy.
    In short: it's a stupid idea and a stupid plugin.

    • If 'Misery' can auto-magically detect trolling why not just auto-ban or auto-suspend and give an explanation?

      The user will know that the account is dead and just create another one. If you can string them along for a while and they think that the site is broken maybe they'll just leave instead.

    • Yeah because forum trolls often file bugs. And in fact most forums even have a place to file a bug report.

      And why would it be doing detection. Instead of clicking "ban" you click "misery". Now said troll will be slowed down in their trolling for a little while instead of instantly creating a new user and continuing at full speed.

      It's not an approach I think will be too useful, but it's not a completely stupid idea.

  • I wonder who I pissed off! :-)
  • by lluBdeR ( 466879 ) on Wednesday April 27, 2011 @11:45AM (#35954456) Homepage
    Is there a way I can enable this, like, sitewide by default, punished user or not?
    • by Amouth ( 879122 )
      yes just put

      <script>for(x in document.write){document.write(x);}</script>

      at the start of the page - have fun
    • Is there a way I can enable this, like, sitewide by default, punished user or not?

      Easy. Put the following snippet in all your pages: <script>for(x in document.write){document.write(x);}</script>

  • by Aphrika ( 756248 ) on Wednesday April 27, 2011 @11:47AM (#35954494)
    ...with the IE6 crashing thing. Granted, it's turned off by default which is a good thing. Looking through the other options, they all affect the way the troublemaker interacts with the site, so essentially are all within the realms of the site owners responsibility.

    Crashing a browser is actively and knowingly interfering with the users local software and could have unknown consequences, moreso if it manages to take their entire machine out.

    Other than that, it's a nice and interesting way of messing with your online nemeses.
    • by h4rr4r ( 612664 )

      It won't take out the machine. It just makes IE6 close. Personally this should be run on every webserver by default.

  • DailyKos (Score:4, Informative)

    by mr100percent ( 57156 ) on Wednesday April 27, 2011 @11:47AM (#35954496) Homepage Journal

    DailyKos has a better way to deal with Trolls. Enough downvotes and the system makes all their posts invisible to the rest of the users. The troll still sees them so he/she wouldn't know they're essentially locked out (at least not right away).

  • Harming your users (Score:5, Interesting)

    by SirGarlon ( 845873 ) on Wednesday April 27, 2011 @11:47AM (#35954500)
    Harming your users doesn't seem to me a good idea at all. Adding more bad behavior to the Internet is unlikely to improve anyone's situation. And crashing their browsers? That crosses an ethical line, in my opinion. What's next, infecting them with malware out of spite?
    • Well, obviously something like this can be abused...

      But if you look at the actual module you'll see that it is intended to combat trolls.

      Not automated spambots... Not the well-behaved members of your community... But trolls. The folks who intentionally post garbage just to get a reaction.

      Sure, banning trolls is the typical response. But it's also rather obvious when you've been banned, and somebody who is determined to troll your boards can simply create a new account. This module will hopefully dissua

      • Also, if you take a look at the module itself you'll see that by default it will not crash IE6. That's simply an option that can be enabled if you're feeling particularly malicious.

        You'll see if you look at this smallpox-infected blanket, that it is not flung into that village by default. It's merely an option for which I bear no moral responsibility at all.

    • Harming your users doesn't seem to me a good idea at all. Adding more bad behavior to the Internet is unlikely to improve anyone's situation.

      Can't say I agree. The more energy one has to use to be a turd, the less inclined they'll be to do it after a certain amount of time.

      And crashing their browsers? That crosses an ethical line, in my opinion. What's next, infecting them with malware out of spite?

      Normally I'd agree, but it shouldn't be possible to do that with any browser.

    • The worst users are those that keep signing up under new names and continuing the harrassment, or those that exploit your 'anonymous' features and just keep it up. Rather than play whack-a-mole and inactivating their accounts to watch them come back like a cockroach, 'misery' gives them pain for their bad behavior.

      Of course they will figure out what's on, and either leave or re-register, but the stupid and slow might think you're an ID10T admin, and give up on your stupid broken website. Which is also a g

  • This is pretty funny in theory, but in practice, as others have noted, it's not really very professional or a good idea..

    Better off just banning them, using CAPTCHA, etc.

  • The primary problem with trolls is that they get fed. Other users MUST feed trolls - They're powerless to resist. You can scream DON'T FEED THE TROLLS at the top of your lungs yet time after time after time yet they'll still be fed, everywhere, all the time. If you could somehow figure out how to address the other users who feed the trolls, the trolls would eventually starve and die off. Of course, getting rid of spam would be easier than this, as it goes against human nature, but if it could be solved
    • by ae1294 ( 1547521 )

      The primary problem with trolls is that they get fed. Other users MUST feed trolls - They're powerless to resist. You can scream DON'T FEED THE TROLLS at the top of your lungs yet time after time after time yet they'll still be fed, everywhere, all the time. If you could somehow figure out how to address the other users who feed the trolls, the trolls would eventually starve and die off. Of course, getting rid of spam would be easier than this, as it goes against human nature, but if it could be solved the troll problem would go away...

      I know what ya mean my nigger...

  • I want to see a module that would let us know how much money /. gets anytime it publishes one of these Drupal articles, can you do that?

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...