Immediate actions you can take during a spam attack

This topic is for site owners who are either facing an active spam attack or would like to take preventative measures towards countering spam.

My community is under heavy spam right now

There are so many spam users and posts and new ones coming in!

If you are hosted by us ^[1], we welcome you to write in to team@discourse.org for support, and our team will take the necessary measures as soon as we can. You may also take the following steps on your own.

The following settings can be used to mitigate attacks

must approve users - Can be used to stop an influx of new users, all new accounts will need to be approved prior to posting.

Increasing min first post typing time to 5000, you can increase the minimum amount of time people need to type to bypass heading to the review queue. note accounts are silenced and users may not post at all until approved if they type too fast.

set approve new topics unless allowed groups → admins, moderators, trust_level_2 - this will ensure newer users on the forum are unable to create new topics without approval

set hide post sensitivity → high - by setting to high , spam posts will be hidden quicker depending on user flags

check flag sockpuppets - spammers often share IP addresses, by flagging users sharing the same IP you are more likely to catch spammers.

If there is a pattern of spam you can use the watched words feature to automatically silence accounts using a specific word.

You should only apply the following settings if you know the implications:

• uncheck allow new registrations
• set max new accounts per registration IP → 1

There are too many flagged users and posts in my review queue!

If you are hosted by us, write in to team@discourse.org and we can handle it for you.

If you are self-hosted, you may use this rake task to deal with many items in your review queue.

bundle exec rake 'reviewables:mass-handle'

If there are too many topics at the moment that are visibly spam and unflagged, and you have Discourse AI configured, you may use this to retroactively put topics into the Spam Detector

rake ai:spam:scan_topics[2025-01-01,2025-01-05]

I want to prepare my site for spam

Refer to Tips for Preventing Spam

Do note that some of these recommendations may provide friction to community contribution. It is good to assess which settings are suitable for your community if you intend to switch them on permanently.

1. You are a paying customer of Discourse ↩︎

Having to deal with spam on your community is stressful.

The Discourse team is actively working on features to help communities deal with spam more holistically, including

• Improving spam detection – as we are seeing more sophisticated spam behaviour
• New defaults for spam configs – site owners do not have to lift a finger to get spam protection
• Simplifying the review queue and handling of flagged content – moderators can take action with better tools and information

Great topic with lots of useful tips. Sam also posted a free route for self-hosted for AI Spam using Gemini Flash.

This is a great guide!

I think you might change this title to “what to do when you have a spam attack”

It might also be cool if there there were a one-click or wizard that sets or guides you though these settings.

Yes, agree. Though the team is currently looking through more sensible defaults that might prevent the need to take the actions here altogether, so hopefully this wizard will not be needed, and this topic can be irrelevant in the near future.

Advice taken!

I did like the other title!