Discourse Akismet Anti-Spam

Summary: Fight spam with Akismet, an algorithm used by millions of sites to combat spam automatically.

:link: GitHub: https://github.com/discourse/discourse-akismet
:arrow_right: Install: Follow the plugin installation guide.

Features

What does it do?

Akismet helps keep your site free of spam by automatically scanning all posts from new users. Scanned posts that Akismet flags as spam are immediately removed from the site and added to a queue for review. Site staff can then review the posts to confirm spam, or restore if the posts are not spam. Akismet learns as staff confirm or restore spam posts, improving its spam detection and decreasing false positives.

Spam sucks, Fight it with Akismet

Akismet is a well known service that trains a Bayesian filter for detecting spam specific to your domain. Akismet is NOT free for commerical use, but can be for personal use. To use this plugin you will need an Akismet API key, you can get one here.

How it works

The plugin works by collecting info about a new post’s HTTP request. Every 10 minutes, a background job runs that looks for new posts. All new posts are sent to Akismet to determine if they are spam or not. If a post is deemed spam, it is deleted and placed in a moderator queue where staff can take action against it.

Configuration

For sites that are on our hosting, the Akismet plugin is pre-installed and enabled for you. For self-hosted sites, follow our Install a Plugin howto, using git clone https://github.com/discourse/discourse-akismet.git as the plugin command.

Once you’ve installed, add your akismet key under site settings by searching for akismet.
Alternatively, you can also add it using a DISCOURSE_AKISMET_API_KEY environment variable.

After enabling the plugin, you can find the moderator queue by visiting /review or selecting Review from the Hamburger menu.

From the review queue you can then filter for Akismet flags

Screen Shot 2020-02-11 at 2.35.45 PM


Action Result
Confirm Spam Confirms the post as spam, leaving it deleted, and tells Akismet that it was spam.
Not Spam Akismet thought something was spam but it actually wasn’t. This undeletes the post and tells Akismet that it wasn’t spam. Akismet gets smarter so it hopefully won’t make the same mistake twice.
Ignore Confirms the post as spam, leaving it deleted, but doesn’t notify Akismet.
Confirm Spam & Delete user It will delete the user, their posts, topics and block their email and IP address.

What data is sent to Akismet?

Field Name Discourse Value
Author User’s Name
Author Email User’s verified email (can be disabled with the akismet_transmit_email site setting)
Comment Type “forum-post”
Content Post’s raw column (including post’s topic title if first post)
Permalink Link to topic
User IP IP address of request
User Agent User agent of request
Referrer HTTP referrer of request

Testing

Once you have the plugin installed, let’s do a quick test to make sure everything is working. Login as a non admin user and create a new topic and post. Use the following info:

title: Spam test - Will this plugin do what it says!
post: love vashikaran, love vashikaran specialist,919828891153 love vashikaran special black magic specialist hurry hurry love now

Now, go to /sidekiq/scheduler and find the CheckForSpamPosts jobs and trigger it. Now, as a staff member, view the moderator queue by going to admin/plugins/akismet or by using the Hamburger menu. You should see the post with some additional info about it.

CHANGELOG

TODO

19 Likes

Akismet plugin actually pulls in data for every 10 minutes before classifying any post as spam. So, does the posts get published before classifying them as spam and later gets under moderation?

1 Like

The plugin handles posts created by TL0 users differently than it handles posts from users with a higher trust level. TL0 posts are checked by the plugin immediately after they are created. Posts by TL1 users are processed in batches every 10 minutes.

4 Likes

So the TL1 and above posts initially gets published and later goes to moderation if spam?

2 Likes

Are TL0 user posts verified immediately after they are created regardless of the value of skip akismet trust level?