How to turn off forum except for staff

Isambard · April 8, 2024, 6:14am

My forum was attacked and spammed with posts that we don’t want visible. How can the forum be disabled except for staff to clean it up?

merefield · April 8, 2024, 7:22am

You can’t “turn off” the forum and it magically still be useable by anyone.

You could consider bulk unlisting of all topics until you get chance to delete the spam, then relist everything that remains?:

pfaffman · April 8, 2024, 9:18am

You can set the forum to be read only except for staff. Read Only Modes in Discourse

merefield · April 8, 2024, 9:19am

@pfaffman that doesn’t solve the “visible” part though

nathank · April 8, 2024, 10:00am

I’d simply change all of the category permissions to staff only. With a nice explainer somewhere (of course).

You might like to do a data explorer query to record your existing permissions first, and if your forum is large/complex maybe do it all from the Rails console as a bulk action.

That would achieve what you need. And you could reveal content as it is cleaned up, category by category.

JammyDodger · April 8, 2024, 10:14am

I was considering a similar issue recently -

Would the steps be

~~Enable staff writes only mode Read Only Modes in Discourse~~
Enable login required in admin settings
Logout all users through the rails console
Disable enable local logins (and any SSO).
Use /u/admin to login as admin

pfaffman · April 8, 2024, 4:17pm

OH. I missed that.

In that case, what you’d need to do is change DNS so that it no longer points to the forum and have the admins configure their /etc/hosts (Or equivalent) to point to the correct IP address. But that’s not really a Discourse thing, that’s a sysadmin hack.

Isambard · April 9, 2024, 6:24am

Thanks. There were few enough categories for this to be doable by hand (if somewhat annoying).

nathank · April 9, 2024, 6:28am

I don’t think this would work, as they could simply log back in:

JammyDodger · April 9, 2024, 6:32am

I did have second thoughts about that bit afterwards. Do you think disabling local logins would be a suitable alternative/additional step? (And/or any SSO)

nathank · April 9, 2024, 6:40am

You’d need to turn off any OAuth methods too of course, but yes that could work nicely. Just be careful you don’t log off yourself (e.g. restore the site) inadvertently.

Although in that case you can simply turn logins back on from the console. Are you planning this for meta ?

JammyDodger · April 9, 2024, 6:57am

Ha, no, nothing like that. Mainly just curiosity. It seems like a useful plan to have in case of any emergencies. Though if there are too many steps then something else might be easier.

I’ll edit in the extra step above.

Thinking about it, logging everyone out and then disabling logins may make staff write only unnecessary?

Topic		Replies	Views
How to take a forum offline temporarily support	16	1924	October 25, 2020
Shut-down the forum / Turn-off posting support	7	1695	April 12, 2020
Limit login to staff only? support	8	971	August 27, 2023
Read Only Modes in Discourse admins how-to , explanation , read-only	6	403	March 4, 2024
Log back in as admin after locking yourself out with read-only mode or an invalid SSO configuration admins how-to , read-only	2	3661	January 14, 2023

How to turn off forum except for staff

Related Topics