I managed a support forum in the late nineties/early aughts. It was a support forum for a particular mental health condition, so we expected a lot of not-always-perfect behavior and tolerated a lot of it. But with some people it was always hostile and over the top (e.g. somewhat credible death threats) . We always outright banned first (after fair warnings). It’s easiest. That worked for some, who emailed, apologized, and ended up being great community members.
Others not so much. When they came back repeatedly with a new account after multiple bans with no change in behavior they got shadowbanned. The couple of users that figured it out and came back again got the nuclear option. Imperfectly and without guarantee of no collateral damage, it linked IPs, accounts, etc of the user. They could register a new account but the shadow ban followed them unless they were very careful; in which case we just applied it manually.
The thing is, you have to make the system easier for you to control than it is for them to exploit. Otherwise they’ll just grind you down until they “win”.
We did something similar for a browser-based RPG game 15ish years ago.
Shadow banning is way more effective. IP bans don't work because even tech illiterate users can figure out what's going on and get a proxy working.
We ended up going with normal account-level banning after experimenting with IP-based shadow banning. The game was popular with kids, who would tell their siblings/school friends about it. So lots of IPs were associated, and at the time teasing apart different traffic streams from the same IP was sci-fi level stuff.
But, we did learn that normal banning was way less effective. If it weren't for the collateral damage, we would've kept shadow banning with IP account association.
No. A ban gave them instant feedback for testing ways around the ban. It also gave them instant gratification if they bypassed the ban.
The shadowban slowed them way down by denying the feedback. A user would have to respond to them for them to even know they did it. If they did, we’d manually shadowban that one too and they wouldn’t realize for awhile.
Others not so much. When they came back repeatedly with a new account after multiple bans with no change in behavior they got shadowbanned. The couple of users that figured it out and came back again got the nuclear option. Imperfectly and without guarantee of no collateral damage, it linked IPs, accounts, etc of the user. They could register a new account but the shadow ban followed them unless they were very careful; in which case we just applied it manually.
The thing is, you have to make the system easier for you to control than it is for them to exploit. Otherwise they’ll just grind you down until they “win”.