Stop Forum Spam Plugin

Overview

The Stop Forum Spam plugin (unofficial) can help weed out human spammers who are able to bypass Discourse’s built-in spam tools (thanks to their awesome human powers). Right after a new user signs up on your forum (before they have time to post), this plugin will check the user’s email address, forum username, and/or IP address (depending on your plugin settings) against the Stop Forum Spam database. If the user is found in this database of known spammers, their user account will be immediately auto silenced in Discourse.

Note: If needed, you can unsilence the user in the Users → Silenced section of the Discourse Admin.

Installation

Follow these instructions to install this plugin in your Discourse installation.

Note: This plugin’s git clone url is GitHub - singerscreations/discourse-stopforumspam.

Configuration

After installing this plugin in Discourse, you’ll be able to configure the following settings in the Settings → Plugins section of the Discourse Admin:

• stopforumspam enabled: Enable the Stop Forum Spam plugin. This will auto silence new users who are in the Stop Forum Spam database of known spammers.

• stopforumspam check email: Silence new user if email is found in Stop Forum Spam database.

• stopforumspam check username: Silence new user if username is found in Stop Forum Spam database.

• stopforumspam check ip: Silence new user if IP is found in Stop Forum Spam database.

• stopforumspam minimum entries found: User must appear in the Stop Forum Spam database at least this number of times.

• stopforumspam recheck users after hours: Number of hours to wait before rechecking new users a second time to make sure they are still not in the Stop Forum Spam database. Set to 0 to disable recheck.

Note: If you have more than one of these check settings enabled, the user will be deemed a spammer as soon as one of them is found in the Stop Forum Spam database.

GitHub Repository

Questions/Comments/Suggestions

While I don’t mind if you reach out to me directly for help, it would be benefit everyone here if you’d post your questions, comments, and/or suggestions below.

I added a new stopforumspam recheck users after hours plugin setting to allow users to be rechecked again after X hours. This will allow more spammers to be cleaned up later when they are not found in the Stop Forum Spam database on the first check.

This is a great idea — however, I would have expected that spammers change their email address each new time they spam so I’m surprised that checking such a database is effective.

It’s very effective, but it’s certainly not foolproof.

An improvement proposal:

• Add option to put suspicious users in the review queue directly after login (instead of silencing)
• Add option to put suspicious users in the review queue after their first posting
• Add option to the review queue actions: “Delete user and report to SFS”

Certainly works only for forums with little spam volume.

Hi there, thanks a lot @msinger for this plugin, I’ve been using SFS for years on a non-Discourse forum and it definitely helps.

The option to recheck new accounts after X hours is a fantastic idea, thanks for adding it!

A few possible improvements for this plugin:

• Is it possible to make it work from the very beginning at the registration page so spammers can’t even sign up?
• Could admin configurable thresholds be implemented to specify how many hits in the SFS database for username, email, and IP in order to consider it a spammer?
• An admin button to report a user and its posts to SFS would be nice.

Thanks again

Does this plugin work with the latest version of discourse?

I notice StopForumSpam is down at present, showing “too many database connections” - is it possible this plugin is part of the problem? Could this plugin apply a rate limit, if it doesn’t already?

(And, how does this plugin react if it can’t get a good response from the service?)

I know the question was from December, but… I think that was a fluke; Stop Forum Spam has been generally up and working.

This plugin works by async jobs, so it will not break the user experience if Stop Forum Spam is down.

@msinger I see it’s been five years since you committed to this plugin.

Do you have any thought of making changes and improvements to this plugin, or have you moved on and it’s reasonable for someone to fork?

Thanks!

I introduced a new setting in version 2.0 named Stopforumspam Minimum Entries Found. By default, this setting is set to 1. You can increase the value to adjust the threshold for matches found based on email, username, or IP address.

Additionally, when a user is silenced, the reason now includes the number of occurrences.

I do, as long as they remain within the scope of the original project. If you’re looking to expand beyond my initial vision, then feel free to create a fork.

While I can’t guarantee it will never break due to Discourse’s aggressive release schedule, it is fully functional with the latest beta version. I’m currently running it on all my forums with 3.5.0.beta2-dev.

I recently installed this plugin, but I don’t think it has caught someone yet (I’m sure it will come, as I quite often saw some new users’ IPs present on stopforumspam.

When a post is detected, does it go to the review queue?

Nope, in my opinion that would kind of defeat the purpose of the plugin, which is basically a hands-off completely automated system of blocking confirmed spammers with no moderation time involved. But you can look under /admin/users/list/silenced and the ones that were silenced by the plugin show the reason as “User was found in StopForumSpam”.

Excellent, I was not aware of this page.

It seems the plugin’s working hard!

The image shows a list of active, new, staff, suspended, and silenced users in a moderator interface within a forum or community, highlighting users who have been silenced and the reasons, alongside details about their last seen activity and creation times. (Captioned by AI)1091×786 76.8 KB

I’ve had many spammers for years on my forum and tried various things to try minimizing admin’s actions. I’m confident that this plugin will do an amazing job, from what I see!

No false positives?

Every matched account on stopforumspam, even before using this plugin, looked suspicious enough to ban the user.

So, I just trust this database because it seems reliable.

I’ve never had it give a false positive (ie, every time it finds something, it’s something that’s in the SFS database).

One thing to be aware of is that the API has one limitation, and you can get a match on e-mail address that doesn’t match the e-mail address exactly - SFS will identify the domain as a “toxic domain”, but the API doesn’t tell you that. Users with e-mail addresses that are from one of those domains will show as an e-mail match, but you won’t find their exact e-mail in the SFS database by searching.

The database is a community effort, so there will be a chance that the user isn’t actually a spammer but was identified by someone as a spammer for some reason. It’s rare, but it does happen (which is why SFS has an ‘appeal’ process.

Up until now I had it configured to only check email address matches, which is the most unique identifier. IP address and username matches are much more likely to be false positive so I disabled those checks. But now that the threshold is configurable I might set a very high threshold of like 30 matches for IP addresses and maybe usernames.

Good point to keep in mind, it took me a long time to figure that out. Although honestly those “toxic domains” are aptly named, and any user registering with one of those emails almost surely has bad intentions of spamming or evading a ban for repeat trolling / harassing. Fortunately this plugin just silences the user, so if they were somehow a false positive they can still contact staff with this other (IMHO essential) plugin enabled: