Stop Forum Spam - Spam Countermeasures

deweydb (deweydb) 2013-04-12 15:01:41 UTC #1

I am considering switching my main forum http://www.glitchhopforum.com to discourse, but i am concerned about spam prevention. That board gets quite a lot of spam attempts, which have been pretty much completely decimated by using Stop Forum Spam countermeasures. In the past 3 months alone it has blocked over 10,000 spam posts. Is there anything like this being setup for discourse, or what would be a good way to go about it?

Thanks,
Dewey

codinghorror (Jeff Atwood) 2013-04-12 15:05:13 UTC #2

Remember that we are a 100% JavaScript app. There is virtually no HTML on the page. (Try using the "view source" function of your browser if you don't believe me.) Discourse is radically different from previous forum software.

The odds of spammers having any canned solution for us is basically nil.

Even after a year, we'll still be a small fish.

On top of those facts of life, we built Stack Exchange as our previous project, which unlike Discourse allows completely anonymous, no-login-required participation. A far tougher scenario, since anyone could just start typing in a text box right now and spam away to their heart's content.

Do you see any spam there?

No?

I rest my case.

codinghorror (Jeff Atwood) 2013-05-30 04:48:39 UTC #3

codinghorror (Jeff Atwood) 2014-10-02 20:45:28 UTC #4

Note that we're seeing fairly mixed results from Stop Forum Spam in our testing. It stops maybe 1/3 (33%) of spam signups. That's not bad compared to some of the other checks though!

codinghorror (Jeff Atwood) 2015-08-25 22:39:46 UTC #6

In 1.4 we added a few additional early checks that tie in with the post approval queue, and catch a lot of spammers.

Also try our official Akismet plugin, which is an important Bayesian after-the-post checker that works well against the many human spammers that are out there.

https://github.com/discourse/discourse-akismet

terraboss (Markus) 2015-09-13 23:15:47 UTC #7

We've got our first and only spam entry so far.

May I ask, how many mechanmism Discourse is running in idle mode and how we keep runing our community spam free in future? Is Askisnet also free for non-profits?

You're doing an excelent job at this Our last community software phpBB was a magnet for spamers and we were spending recently more time with cleaning up insted of supporting our members. That was painfull.

image.jpeg2048x1338 266 KB

codinghorror (Jeff Atwood) 2015-09-14 02:17:42 UTC #8

Akismet might be free for non profits, check their signup page for details. We bought an enterprise key and use it for all our hosted clients.

terraboss (Markus) 2015-09-14 02:22:30 UTC #9

That's cheap for unlimited sites. But are 100,000 monthly checks enough for all of your sites?

codinghorror (Jeff Atwood) 2015-09-14 02:25:22 UTC #10

Only new user posts are checked so it depends on the volume of new user posts. People don't tend to stay new users forever.

I should log in and see how many Akismet checks we have used per month in actuality. Thanks for reminding me about this:

terraboss (Markus) 2015-10-06 17:48:50 UTC #17

@Jeff: What do you think of Google's captcha routine? Will it help to improve the false positives rate by asking the user for, if Discourse thinks the latest post could be spam?

Mittineague (Mittineague) 2015-10-06 18:01:29 UTC #18

@terraboss I don't think you @ mentioned the member you think you did
(anyway, no need to @ mention Discourse team members, they see all)

CAPTCHAs help stop non-humans, but unfortunately they also present a hurdle to real humans.

IMHO the best thing would be to be patient and give Akisment some time to "learn"

riking (Kane York) 2015-10-06 19:13:13 UTC #19

We haven't had problems with actually automated posting, so that isn't going to help.

sebastianh (Sebastian) 2015-11-24 10:42:07 UTC #20

My discourse has been online for three days (no akismet enabled) and I have some spam bot signups, but no actual spam in the forum.

A global, collaborative blacklist might also make sense. A few of those exist, can discourse check against that? At any rate, just as a trivia, the spam bots I am now seeing have funny email domains like @site.insurple.com or @old.syfyman.com