A few questions related to moderation

Hi everyone, I’ve been using discourse for ~9 years over at Home Assistant. I’ve been a mod for a number of years as well. Recently, we’ve seen a huge influx of spammers. I’m wondering what we can do to alleviate the problems.

First, it seems like the keywords, regex, etc take some time before posts are flagged. Is this just limited by our servers or is there a way to increase the speed? Keep in mind we have roughly 270K users right now and we average about 100 new users a day (not including spammers).

Second, spammers have gotten smart, specifically with this forum software. They have two forms of attack.

1. They will create a post with jibberish. Just a bunch of English and non English words stringed together. This gets them past the spam filters. Then they edit the post to spam whatever they are pushing.
2. They create a topic, then they reply to the topic and mark the reply as a solution. When we go to delete / block this spamer, Discourse returns a 500 error specifically due to the solution checkbox. For some reason, you can’t delete a user who has a solution.

How is everyone managing these issues?

For the second issue, we attempted to lock the solution checkbox to a higher trust level. However the settings or the solution checkbox are just “On” or “Off”. I.e. there’s no trust levels built into the solution checkbox.

While I’m here, I also do have some feedback about the moderation tools. I find it very odd that all the links in the staff action logs simply don’t work. They all just link to the staff action logs. E.g. All the links circled on this page do not lead to topics or posts.

image1232×831 74.6 KB

One option switch to new user approval. Raise trust level on categories using solved plugin to tl1 or tl2.

Restrict new users to only certain categories.

Discourse is pretty broad.

A couple of useful categories that use the new Doc-categories plugin (sidebar might be better to access). However click these 2 links

Documentation
A couple of Topics there(there are more):

Community wiki

To search these categories use the following in search

This will search Documentation Category

#documentation your search term

This will search community wiki

#community-wiki your search term

There are also some plugins that can help as well. If you’re hosted you will need to see if they are available in your plan. If your self hosted you have more free reign to install plugins but may need help if the site breaks and you’re unable to fix.

Some plugins

This one below is an Official plugin so less chance of breaking.

We did that, it ends up with 100 mod approvals or more a day. Pretty much all new users make a post. If there was a mass approval process, it wouldn’t be as daunting.

New users were also creating multiple first posts because the first wasn’t going through. I had 59 after a 4 hour break one day, 2 which were spam. I’m trying to find a middle ground here.

EDIT: Wait, I missread this quote

How do we do that specifically for that plugin?

Sadly that’s not helpful in the HA forum at all, as the new users are the ones most likely to need help.

We have tried new user approval and also requiring approval for the first few posts, but it just increases the moderative workload significantly.

Category setup, Security Tab

Delete
Everyone. See/Create/Reply (or just delete Create/reply)

Add
Trust Level X(1 to 4). See/Create/Reply

If you change everyone to See only they can see the topics but cannot create or reply.

There is another tab in category settings where you can configure text to show when a user cannot post.

There is unfortunately no easy way that I am aware to deal with spam accounts without some headache

If new users are often so to speak are recommended by other users or invited by your team. The Invite link system might be io use as the link can be configured by staff(admin?) to set a Trust level higher than 0.

You can though still restrict new users not invited to restrict a TL0(new user) to certain “Intake Categories”

Otherwise the 2 spam related plugins maybe of consideration. There are also some AI plugins, but those will include costs related to using AI features

Does that only effect adding a solution checkbox? Or does that limit all functionality related to posting?

This feels to me like a bug that needs fixing. 500 errors shouldn’t happen in production, and certainly not regularly

I tend to agree, however I wasn’t trying to rock the boat on my first post

On a category using solved plugin set category security permissions as follows

Everyone See/Create
Trust Level 1 See/create/reply

Can see and create topic. Can still mark a reply as solved but cannot reply to topic

To reply to the Topic they need Trust Level 1. New user is Trust Level 0

I get ya now. I don’t have access to that UI, so I have to make some guesses. I’ll forward this on to the admins, hopefully it will get us what we want.

Create a topic in Bug with tag solved Not sure on tag) but detail the issue

Yes typically need Admin Level. Though if the Admin(s) are comfortable there is an option to let Full Site Moderators to manage categories

You can also quote posts here and use copy quote to post on your forum to your team/admin say private staff category or a pm/group pm

You can also use links to the posts here to assist your team.

Admin here!

I dug into the settings overall for the Solved plugin. Doing that per category seems a little clunky, imho. However, I noticed that what I could do is probably increase create topic allowed groups from 0 > 1 and then slightly lower the bar to get to Trust Level 1. We already have it at a reasonable level and I think lowering a couple of the requirements won’t impact the moderation team too hard.

Does this sound like a solution y’all would suggest? petro, Rosemary - do you think this would impede too much on our real new members?

Welcome to Missy Quarry!

It could work. Though that would maybe make it harder for new users to get to being able to create a topic.

Truly clever spammers could even with my suggestions above save the plugins mentioned maybe. Could go through the new user tutorial to advance user level

Though it seems the spammers are just looking for quick bypasses.

It is a bit of a pain though if you have lots of categories to adjust if using category security.

One of the more experienced members here though might know a bulk rails command line that could be able to change all categories settings. Then you might just need to adjust some categories you want so to speak free access or more restricted.

Fair callout.

I dug into some data going off that. We have roughly ~200 new sign ups per day, anywhere from 25-50% of that number making first posts at ~100/day (I cannot see any join between new users and their first post so this is fuzzy), and ~80 users gaining Trust Level 1 per day.

This feels fairly safe to go the route I found. I’ll discuss with my mods and then follow up here. Always good to have some tribal knowledge of what works for some, and that way we can close this out if something’s working well or chat more about potential solutions if not.

Yeah things can be quite grueling at times. Especially if you have an influx of spammers. Another tool in the admin settings if you identify users using temporary emails. You can add those temp email domains to the domain blacklist. I can see about getting a list of one of the sites I am admin. Not sure if can export them as text. But can get a SS for sure. There are many sites so nearly impossible to get them all.

If you need any help you can also reach out to me via pm as well.

It might be worth looking into our AI plugin, which now has an AI spam scanning feature that can flag posts

We’ve been using this on Meta for a little while now and have found it to be better at catching spam that would make it through other systems, and if you’re suffering from a specific type of spam there’s the benefit of being able to provide custom instructions.

Discourse AI bases spam scanning is not vulnerable to this.

Additionally, we do have safeguards that stop people from editing once a post is old.

If this is reproducible we need a bug report, we would love to fix it.

At this point in time I consider Akismet as incapable of dealing with the current pattern of spam online, it has too many false negatives.

Discourse AI has been doing very well, you can configure it on your self hosted instance for free if you lean on a model such as Gemini Flash 2.0 which does a spectacular job with spam.

Can you try it out and report back?