Admin: fix user suspensions and shadowbans & add frontend for it

[CrystalVulpine]

I added a frontend for suspensions and shadowbans etc and patched some problems related to them. I tested them and they all work on my instance. I also added automatic suspension notifications with a list of rules they might've broken.

Global bans have not been removed. They are already in use on the main site so I can't delete it or they would all be unbanned. I also made the nuke user content shadowban the account automatically.

For some reason I couldn't get VirtualBox to share my repo folder without breaking all the symbolic links, so it converted them into copies of the file. I don't know how to ignore that change. But it doesn't affect anything other than making the repo a little bigger. I apologize for that.

[CrystalVulpine]

I think I figured out a way to revert the changes for those files, so I can restore the symlinks only. I also assumed the one test file was generated by my instance, so I added it to .gitignore (which for some reason it didn't work), but it turns out it's supposed to be there. That's getting reverted too. I'll make another commit shortly.

[CrystalVulpine]

Done

[CrystalVulpine]

I'll provide some screenshots in a bit

[CrystalVulpine]

Here are screenshots of this system working on saidit: https://imgur.com/a/QPwnrJx

[CrystalVulpine]

I'm not sure if temp suspensions will work. They are implemented, but from what I understand reddit has a separate program that lifts it once the duration is over, and if not it turns into a permanent suspension.

[CrystalVulpine]

@libertysoft3 do you want account IP bans in addition to the one that completely blocks access to saidit? What I mean is essentially every account created from that IP address would get auto-banned, and potentially any account logged into. Idk if IP is a good identifier to go by though, and it can get innocent users banned if it's reassigned. Fingerprinting is probably much more accurate and can even detect VPN and TOR users sometimes if it's on the same device, though it's a lot harder to automate. Cookies could also be used. I know reddit uses all of these methods.

[libertysoft3]

Nice work man. I like your checkbox UI.

Better IP bans would be good for this codebase, but I don't know how much good they would do for saidit. most of the abuse seems to come from allowed Tor users. I think ip bans was a baby step on the way to saidits automated cloudflare ip banning. Maybe saidit ip bans are still used a bit by saidit, im not sure.

[CrystalVulpine]

@libertysoft3 That's why I suggested browser fingerprinting, because it's harder to evade (can even detect some TOR users) and has less false positives. It's probably hard to implement though. I wouldn't worry about that though unless someone keeps causing trouble after evading multiple bans.

[CrystalVulpine]

@libertysoft3 what kind of abuse is worst on saidit? Is it things like DDOS attacks or just serial rulebreakers who keep making new alts? In the second case it's probably better to make IP bans ban the accounts rather than blocking all access. Spam is more easily dealt with using shadowbans, because the bots usually aren't going to check. They can be applied to accounts as of now, and in the future hopefully IP, domain names, browser fingerprints, and cookies.

[CrystalVulpine]

@libertysoft3 I don't know how I thought of the checkbox UI. For years I had only ever thought of approve/remove buttons, and just a few weeks ago this popped into my head. It seemed a lot more elegant to me.

[libertysoft3]

saidit's biggest abuse lately seems to be people (socks / asshole, potentially not even using tor) using alt accounts to upvote their posts to the top of /s/all and admins not caring. and having too many subs with no mods, that spammers find and post to. I haven't been as admin for some time though, I'm very out of the loop.

[CrystalVulpine]

@libertysoft3 magnora7 removed IP bans and nuking post history when he added a bunch of new admins, in case one of us goes rogue and abuses them. For the same reason subs are no longer banned. The spam is still removed though so it doesn't really matter.

But he said that he has tried IP bans and numerous measures against these attacks and nothing works. He's right, unless you have reddit's literally impossible detection system, you simply can't keep someone off who's determined enough. Unless you want to threaten them with legal action, but I highly doubt that's the road you want to go down. After this PR shadowbans can help a lot with the spam and abuses, but it isn't really for real users. I'm hoping there will at least be a decent drop in spam with the shadowbans. For such a small site I'm surprised saidit gets so much spam.