Default new user trust level 2, lots of spam


I have the same problem, (a swarm of spambots from Tor) and I have followed the tips listed in this thread, increasing rate limits, reducing topic/post numbers for new users, etc.

I’ve slowed the onslaught of posts, but I still have to delete them manually, and I’m still getting dozens of spambot users per hour signing up.

In my case that it would be very easy to stop their posts appearing with a content filter of some kind - all the posts contain content in Korean, and also spelling variations on bam war5 . com (not hyperlinked).

I couldn’t find anything in this thread or others about content filters to mark as spam - is there any way that posts containing this recurring text could be automatically rejected/deleted?

Spambots from Tor exit points keep taking over my forum
(Jeff Atwood) #2

You generally want to set up the Akismet layer for this:

These are 100% real humans from third world countries, not bots.


really, wow… some of the users posted over 200 comments!
Will do, thanks for the help.

(Kane York) #4

Wait, really? That sounds like either a ratelimit is very wrong, or they were posting for a while before you caught the account.

If you are using SSO, are you validating the email addresses at the sso provider? If not, you can request for Discourse to do the email validation.

(Mittineague) #5

I think so, if this was what was meant

(Jeff Atwood) #6

Also are you 100% sure these IPs are from Tor? Just to confirm.

I also agree with @riking unless you have very unusual non default settings there is no way a new user should be able to post anything 200 times due to all the built in rate limiting we have in Discourse.


That was before I caught it and changed the settings - we had our trust levels set wrong - I think a new user started at TL2.

Since that change, and the rate limit changes, the spam has been slowed significantly.
The IP addresses of the spammers are a mix of American, Canadian, and Korean IPs, almost all different, often changing. I would assume Tor, but I don’t know for sure, I haven’t looked them up yet.

The person with access to our server is AWOL so I’m stuck on manual deletion mode until they can install akismet, but the rate limit changes have made it manageable at least.

(Jeff Atwood) #8

To be fair, this is a case study in why we have the defaults set the way they are. I would not change these defaults unless you are VERY certain you know what you are doing.

And if the IPs are not from Tor, this should be extracted into a different topic.


Javascript isn’t enough in itself. Consider tools like Selenium. This is what cpatchas are for.

That said, there’s buildings full of thousands of people in India and elsewhere filling out captchas all day long in order to spam web forums.


That is why Jeff suggested using akismet in tandem with the default settings.

EDIT: In further hindsight, put it this way:

The JavaScript tricks fool bots.

Akismet traps humans.

(Marco) #11

Do they get money for that? I just don’t get it.


What’s not to get? There’s enough money in spam to pay the fraction of a cent it costs per each captcha filled, and third world labour is competitive with the cost of algorithmic approaches. It’s likely though that the humans are only doing the captcha bit, with an automated system filling in the rest of the details.

(Jeff Atwood) #13

It also implies Captcha kind of worked, in that it killed off bots viability.