I have a web-based Django app where users congregate and chat with one another, under pseudonyms.

Most of the users hitting this website do so via Opera Mini. Unlike straightforward web browsers, Opera Mini has a twist that it fetches all content through a proxy server, and reformats web pages into a format more suitable for small screens.

I want to implement a banning feature in this app. Some users are terrorizing others - if I manually ban them right now, they simply return under new nicknames. Note that these users aren't very tech savvy - almost all are not more than semi-educated. My question is thus-pronged:

1. Is banning user IP effective when they're using proxy such as Opera Mini?
2. Is there any reputable Django plugin available that handles IP blocking elegantly?
3. If 1 doesn't hold (in which case, 2 won't either), is there any other robust method I can follow to keep out antagonistic users and protect my community?

Currently, I've given these users a "downvote" feature, muting accounts whose posts receive too many downvotes. But that is of virtually no help in flame-wars. The abuser keeps returning under new pseudonyms, undermining the whole community. Maybe I should try hellbanning, if nothing else works?

Note: I'm not an advanced programmer (more of a designer), so I'll prefer swift solutions that have a small time-to-market for someone like me.

Have a look at this section of the Opera Mini documentation. The Opera servers will be sending you an X-Forwarded-For header which contains the original IP of the client, which you can access in Django with request.META['HTTP_X_FORWARDED_FOR'].

That said, some things to bear in mind (I live and build websites in a country where Opera Mini has largest web browser market share):

• It sounds like many of your users are connecting from phones. This means that they are highly likely to have dynamic IP addresses. Their IP can change frequently and if you ban one IP now it may end up blocking access for a different user a few minutes/hours later. If you do ban IPs, then it is advisable to set a fairly short timeout.

• X-Forwarded-For headers are notoriously unreliable. They will often contain internal IPs and you need to filter those out. There is also no guarantee that you will get the correct upstream IP (consider cases where the user is behind a VPN/Tor node/etc). You also need to account for any reverse proxies that you may have in front of your application.

• People who really want to abuse the system will find a way in. A moderation and/or reputation based system is the only way to keep their noise to a minimum.