Hi Everyone
I apologise in advance for this long post but perhaps someone familiar with Discourse will know the answers straight off.
I co-run a special-interest forum, which is moderated. There are two of us and the other chap wrote the software (also in Ruby). The existing forum is fully custom software, notable for its simplicity compared to e.g. PHP-BB and Vbulletin (and those keep getting hacked). The database is about 40GB and it has 200k posts. For various reasons we are looking at moving the database to another platform and Discourse looks like it would work.
Preliminary testing suggests that it is pretty good in the overall functionality e.g. support for image and movie embedding. Even multiple image uploads from an android phone work correctly!
However we would need some customisations; mostly user interface simplifications. Examples, not in any particular order of importance, are:
-
Not show someone’s total post count - this is to prevent new members being intimidated
-
Block user editing of his post after a time (currently we set this at 2hrs) - this is to prevent a type of trolling which is not uncommon in this sphere
-
Classified advert section, with a means of paying for the advert (Paypal), would be nice… I realise this is nontrivial because of the pricing structure config, payment link, etc.
-
Displaying the year in the post date prominently
-
Admin ability to go to a user and see who else is active under the same browser installation (basically just cookies). I see Discourse already has this but based on the IP, which these days is not effective (many people are on mobile data, especially those who want to run multiple identities). I did read this thread
Handling trolls with multiple accounts over VPNs - #18 by ljpp
and others, so clearly many others have been up this road, and there are no solutions for somebody who is clever with VPNs etc; they tend to eventually reveal themselves via a posting style, or by posting something really nasty which then gets them banned. I would also suggest that detecting the same pwd hash would be an asset because many people use the same pwd for all their characters -
For admins, a simple linear post listing, permitting a very quick review of last x posts on a phone. I imagine this could be done with a bit of code going straight to the database, on a subdomain. Within this listing, having a DELETE and BAN buttons, so someone who posts something nasty (unfortunately not unknown on forums) can be quickly removed.
-
This may already be in place, from what I can see: admin merging of selected (or all) posts from one thread into another thread, and ending up with the posts in the destination thread being in the correct chronological order. I realise this can break links to posts, unless the link is site-unique (e.g. is the post # in the database, rather than the post # in the thread).
-
Admin generation of a CSV email list of everyone who has logged in within past 12 or 24 months. We found that mailing older (more stale) people greatly increases the chances of being blacklisted (RBL etc), despite the mailing (mostly about meetups, a few times a year) being done slowly, 1 email per minute only, to minimise the risk (we also blacklist in the mailing all known throwaway addresses e.g. sharklasers.com)
-
A user setting in a user’s profile to select whether to receive these emails, for GDPR compliance
I have just read the thread here about GDPR. AIUI in the UK a poster has no right to demand deletion of his posts. He can have his login details removed. I wonder if Discourse is in some way additionally vulnerable in this area. On our forum, just about everybody uses a nickname anyway.
-
Admin ability to read PMs. This is essential because many spammers join up and just PM, not post. We would not find out unless somebody complains, but a lot of new joinups are suspicious (but not clearly so) so we watch them for a bit… For example we have a Country setting in the user profile which has to be specified during the signup, and somebody who sets Germany there but is on a Thai IP is likely dodgy, but it could be a German in Thailand!
-
A Country setting for the user’s location, enforced in the signup (I realise they can put what they like there)
I realise that if one does mods to the code, applying updates might be difficult or impossible…
Dodgy signups are a real problem. I reckon, currently, 10-20% of signups are dodgy, so if nothing is done, you will get a lot of problems down the road. The usual behaviour is to sign up and wait a week, then hit the forum with spam.
Unfortunately I know nothing about Ruby. I did a tiny bit of PHP. My IT expertise is more general: pop and smtp servers, VMs, VPNs, FTP, SPF, DKIM, router configs. Simple HTML but no CSS… My old IT expertise is embedded systems hardware and software (assembler and C). The guy who wrote the original software offers to help with moving the database over. I have some contacts who can do other bits but no direct Ruby expertise currently… I have a few sites running on a Linode server which has worked very reliably so that would be the #1 choice for hosting.
Thank you in advance for reading this far and for maybe throwing in a few pointers as to how much of this is already there and how much work it would be to do the rest, or something similar