I’m a moderator of a medium-sized online forum with over 10,000 users. Last night, we had a serious spam attack with various bots posting fake support phone numbers for various airlines, travel companies and a few other companies.
All of these accounts seem to post phone numbers through a variety of different ways (all US ones, but they use various different characters instead of the typical dash to separate the numbers). I did see a post on here last night that filtered out phone numbers, but the problem is the fact that it would falsely flag error codes that appear on our service (which is crucial considering our main purpose is a support forum) and would also flag other things such as fediverse handles.
Additionally, things like Akismet seems out of our range considering the forum is operated by a registered LLC in the US, but we are purely funded by donations at the moment and paying for something like that seems a bit unfeasible.
We have an idea for a nuclear option, but I am strongly pushing against it at the moment given it would exclude some members of our userbase and I also think it would restrict access to support to some extent personally.
This sort of spam has become very common lately, we have a guide for general spam prevention here:
In the replies there was a useful post about a regex that can be used to block or flag phone numbers and email addresses using the watched words feature
Yeah, that was the regex in particular that I tried, it unfortunately filtered some ActivityPub handles and error codes that we have on our service (which are typically displayed like 123-4567).
