It's really easy to spam the discourse chat - Implement tighter spam resistance

Noah · January 7, 2023, 7:52pm

Hi,

I’ve recently been using the chat feature and it’s super easy to spam somebody on default chat settings.

This left me with an inbox full of messages and it’s annoying to deal with:

I’m also sure if you really wanted to strike somebody hard you could do it, especially if you had 2 accounts spamming, I believe by default there should be some type of spam resistant, especially since most chat systems have some type of resistance to prevent spam.

Thanks for any responses

twofoursixeight · January 8, 2023, 12:02am

A similar solution would be to make it so that the chat can only be accessed at a certain trust level. (TL1 or TL2 would work, but it would require the users to participate more in order to access the chat.)

Noah · January 8, 2023, 12:17am

Thank you for proposing that. Is there a way we could implement a rate limit or cooldown feature which could likely be effective in reducing spam?

mcwumbly · January 8, 2023, 1:57am

There are a couple existing site settings for rate limits at /admin/site_settings/category/chat

Screenshot 2023-01-07 at 8.48.16 PM

Users who are flagged will also be silenced for a period of time:

Screenshot 2023-01-07 at 8.49.21 PM

And you can also limit which groups have access to chat (or to direct messages):

Screenshot 2023-01-07 at 8.51.28 PM

Finally, there’s this setting, which could be raised to 1.0 prevent the particular issue you shared:

Screenshot 2023-01-07 at 8.52.21 PM

(from a quick test, it works at 1.0, but I think there may be an issue where it has no effect if it is set to any value less than 1.0)

hiddenseal · January 8, 2023, 11:00am

just for clarity, I think it’s worth explicitly specifying that the user will be silenced not just in chat but in the whole forum (which is somewhat counterintuitive for me, and I raised this issue before)

Noah · January 8, 2023, 11:26am

I was wondering if there is a way to reduce the number of notifications that the recipient will receive after the spammer has been silenced.

On default settings you can still send quite a lot of spam until your silenced. Is this something that can be adjusted on the default settings, or is there another way to address this issue?

mcwumbly · January 8, 2023, 7:19pm

I’m guessing your best tools here are going to be:

disallowing chat for trust level 0 (make it require trust level 1)
reduce rate limits for “other trust levels”
suspend users who violate any policy/norms

If you run into any issues in the wild that you aren’t able to address with the existing site settings, by all means please report them here with the details of what happened so we can think about it more together.

sunjam · January 9, 2023, 3:12am

Those options all make sense, but is there an option to slow posting for chat users similar to how it can be done currently within topics?

Topic		Replies	Views
Can I enforce Slow Mode on a per-user basis or limit their comments? Support slow-mode	5	867	December 14, 2021
One of my users just group messaged 100 other user with a spam offer Support	11	2209	June 26, 2019
Difficulty interacting with Discourse as a new user via email Support	8	1932	June 26, 2018
I can't easily delete spammers due to my site configuration Feature	9	1573	October 14, 2019
Spam sent via public open groups by user with trust level 0 Support	1	415	July 30, 2022

It's really easy to spam the discourse chat - Implement tighter spam resistance

Related topics