Anti spam suggestions


(AstonJ) #1
  • Make location field required
  • Do not show URLs in profile publicly for TL0 members

Comparing specified location and IP location is a great tool in fighting spam (often the location as specified as west, yet IP is east)

Often spammers signup, put a URL in profile, then make one post to make it look real. Hiding profile links of TL0 users is a nice strategy. However I think this may need to be an admin option for TL1 too (since it is fairly easy to get to that).


(Jeff Atwood) #2

This is already the case; URLs are not linked for TL0 user profiles.

Location field is free form data so there are no plans to validate that; it’d be like trying to validate the “User Name” field to verify someone is a man or a woman.


(Joshua Rosenfeld) #3

If I am understanding the request correctly, I think @AstonJ is asking for URLs to be stripped entirely from the profile, not just unlinked.


(AstonJ) #4

That’s right @jomaxro - they don’t start showing until the member hits TL1. Usually we would do something like this with a template conditional… but I haven’t figured out how to do that with DC yet.

With regards to the location field - not looking for validation. Just want it to be a required field (so they have to put something there). Often times, spammers (and suspicious accounts) will put the UK or US as their location, yet they will be posting from India, China, etc It’s one of the markers we look for when determining whether an account is likely to be a spammer or not.


(Jeff Atwood) #5

Ah, I misunderstood then. Making it a required field isn’t unreasonable. I am generally in support of techniques that let spammers voluntarily out themselves.


(Jeff Atwood) #6

Just to elaborate on this, another Discourse instance I know has a ton of custom user fields (for gamer IDs on steam, xbox, ps4, etc) and it is true that spammers tend to fill them with… junk. Even if they are not required fields!


(AstonJ) #7

Yup! And making them a required field forces them to put something there. Most bots will just enter gibberish but ‘paid’ human spammers will be very reluctant to put their real location (because their target market is in the West)… and so it’s easy to check their IP location vs their entered location.