8

Me and my friend are making a website which has a chat room on it. However since we do not have access to servers, and thus cannot use php or other languages used to make profile systems, the closest we can come is having a prompt appear to ask for a nickname, which can be changed to anything at any time. However this had lead to abuse.

Recently a rather odd group appeared calling themselves a "cult" that apparently surrounds me since im the owner of the site (Don't question it I guess?). They are constantly impersonating me and other important testers/mods on the chat to spread misinformation and lies across the site. On top of that they are saying "not so clean" things under our names too. It is getting extremely annoying and is hurting the reputation of our site. As a result I was forced to bring down 2 major parts of our site, the chat, and one of our popular games that had the same nickname prompt for awhile, they are up now because we have an active NSFW filter running. However we still have the impersonation problem.

Unfortunately due to the previously stated problem with the profile systems, We don't exactly have a system to identify moderators or admins officially. Our best course of action (Without the profile systems) to punish people is just to prevent the username that was punished from being able to be used as a username by filtering it.

How do I deal with this or make it so people can't have the same usernames as somebody else so that I can bring parts of the site up again? This is a very bad problem so I would prefer a solution that isn't able to be bypassed in two minutes please.

Improve this question
1
  • Comments are not for extended discussion; this conversation has been moved to chat. Please edit any necessarily clarifications into the question itself.
    – V2Blast
    Commented Sep 8, 2022 at 17:00

2 Answers 2

Reset to default
5
+50

Solution

A possible solution (as discussed in the comments) could be adding a second field to the chat, where moderators could input a "password" or "modstring" which would display a badge or give them moderator powers if they get the correct password.

Implementation

Something to keep in mind whilst implementing this is to never send the modstring or password over the internet unhashed or unsalted. This is probably off topic for this site, but a simple search provides some implementations on how to handle passwords.

Once the data reaches the server, it will probably be simple to verify that it is a correct password.

You might also want to add a checkbox which hides the badge (for that particular message) if the moderator does not wish to show their badge.

Improve this answer
0
6

There are two different ways to constrain bad behavior:

  • through technology
  • through policy

You basically need to do both. The first thing needed is a solid set of policies that are specific enough to lay out what is against the rules but flexible enough to last over time. You should lay out what some specific things (Impersonation, unacceptable usernames, etc) that violate policy and what the action taken against those users will be. Otherwise, when you take action, they're just going to say that they didn't know. Take that excuse away from them.

Only once you've got appropriate policy in place should you consider building technical means to enforce that policy. But the surest way to avoid argument when you inevitably use that tool is to tie it to a long-established policy.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.