Our forum is getting "bamwar" spam

@DeanMarkTaylor Thanks for the code snippet

We had tried Trust Level 0 (we use Trust Level 1 by default) but had not seen improvements. Seeing that Akismet is triggered in this way (should it be first number of posts instead?) is helpful

I like Trust Level 1 better because it has been common for legitimate users to sign up for the first time just to share screenshots and links for a new game they have developed. Otherwise, these end up being “I don’t know why, but I can’t post images” type posts

I’ve asked this question before @codinghorror kindly pointed me toward the newuser max images setting allowing you to change the maximum images a TL0 user can upload per post. For me I set it to 2 no complains since.

As @deanmarktaylor noted, just edit the setting to allow 1 image per new user. if you make TL1 the default without some kind of external vetting (paid accounts, or SSO) you will be in a world of hurt and suffering pretty quickly.

I updated my earlier post with final stats.

Ok phase 1 of improvements here are going out. I want to be coy about the specifics because spammers but you can read commit logs for today and yesterday to get more detail.

We should be much more resistant to casual 100% human spamming now, as well as any potential browser scripted spam.

(But from what we saw, and the data we gathered, bamwar is unquestionably human spam. Very, very persistent and annoying human spam with lots of IP addresses and valid emails at their disposal.)

Have these improvements been applied to Stable as well, or do we have to be on Beta to get them? Our forum which is on the 1.3.x Stable might be getting hit by bamwar spam as well now (I haven’t looked into it closely enough yet to say that for sure), and I’m just wondering if the pseudo-secret protective barrier is already in there.

No, all the magic is in 1.4, you should be running beta you are hard core

beta is super safe

On 1.3 your options are Akismet. But you should be on 1.4 anyway, all our customers are.

With TL0 and Akismet enabled, I am happy to report that spam has gone down (and all but disappeared)

However, I got a user response that they received a message “Akismet has temporarily hidden your post as potential spam.”

There is nothing on my end that I see that I can use to unblock his post

I seem to recall an Akismet section in the Admin pages, something like “/admin/plugins/akismet”?

Akismet is there under “Settings”, but there is nothing displayed under the “Plugins” section

Sounds like you are not logged in as staff? There should be a red circle with a number on it over the menu drop down at upper right.

I remember an option being available before, it disappeared after a recent update (without about 18 commits to Discourse and 1 commit to Akismet, I believe)

It should be present at /admin/plugins/akismet.

So… @codinghorror, we’re getting slammed by the same South Korean ip’s. I had to bring up a post I made almost 3 years ago about this: https://meta.discourse.org/t/some-ideas-for-spam-control/10393. Blocking countries (or ip ranges) is sometimes the only way to deal with spammers.

You can now block IP ranges in Discourse

@zogstrip - boy am I glad to hear that.

You can use both stars - 1.2.3.* - or CIDR notation - 1.2.3.0/24.

Make sure you are on latest Discourse as there are changes in 1.4 to make life much harder for human spammers like bamwar.

What version are you running, be sure you are on latest, you should be fine without an IP ban… hint: auto block first post regex of \p{Hangul}{3} totally resolves this.

Blocking all of South Korea is bad karma.

Any IP blocking will take some inocent people with them. IPs being mostly shared or dynamic, I have been blocked from a small website that, said the message, denied access to my entire country, and its incredibly annoying.

These IP lists could act reducing the number of necessary flags for banning to 1.

Dont take it as a request, my small instance has zero spam, I am pretty happy with what you already done in this regard. Its a request for the admins here to think before they block half the globe out.

We have not seen Bamwar (or any automated spammers) be a serious problem for a long time since the changes in 1.4.