Spam protection from three day old account?

(Peter N Lewis) #1

So my site was just hit with a porn spammer account that posted ten new topics, all with content like:

<a href=""><img src="" /></a>

The account was created three days ago, and then presumably left dormant to avoid the “max topics in first day”.

Might I suggest that flag actually be “max topics in first day that user posts any topic”? Same for the max replies in first day flag.

Also, does anyone have any recommendations for settings that might have further limited this intrusion without negatively impacting real users (many of whom tend to be new users and light visitors, and thus not particularly trusted). 3 new topics in the first day you post any topic seems quite sufficient.


(Sam Saffron) #2

I just saw a flood of them on a few of our sites as well, are you running akismet? Did it not catch it?

(Joshua Rosenfeld) #3

We saw this as well, and no, they weren’t caught by akismet. Not sure when they created there account though, after the third post we blocked them while we investigated. 1 post was deleted by a moderator almost immediately, the other 2 posts were flagged and subsequently deleted. I then went in and deleted the user, also blocking email and IP.

(Jeff Atwood) #4

Yeah that would be better, can you add that to your list @neil? “first day” timer should start after the first topic / reply is posted. It is a strengthening of the first day user limits.

(Peter N Lewis) #5

I’m not running akismet whatever that is, no.

(Peter N Lewis) #6

I’d suggest keeping independent start dates for each, that way they could not get clever and post a reply to some old topic that might go unnoticed before creating a bunch of new spam topics.

(Jeff Atwood) #7

Oh geez if you are not running the Akismet plugin you are cruisin’ for a bruisin’. Strongly advise that you run it otherwise you are super vulnerable to human spammers, of which there are tons these days.

(Claas Aug.) #8

PS: The plugin can be found here: GitHub - discourse/discourse-akismet: give spam a whoopin

(Neil Lalonde) #9

I made this change today, although the descriptions of max_topics_in_first_day and max_replies_in_first_day still need to be updated now that they’re a bit more complicated.

(Jeff Atwood) #11

OK I updated copy as follows, hopefully this keeps it clear:

max_topics_in_first_day: "The maximum number of topics a user is allowed to create in the 24 hour period after creating their first post"
max_replies_in_first_day: "The maximum number of replies a user is allowed to create in the 24 hour period after creating their first post"

(Peter N Lewis) #12

Does the number include the first post? If so, I would think the text should be “24 hour period starting when they create”, or briefer “24 hour period from creating” - after implies the first one would not be included.

(Jeff Atwood) #13