Stop Forum Spam - Spam Countermeasures


(deweydb) #1

I am considering switching my main forum http://www.glitchhopforum.com to discourse, but i am concerned about spam prevention. That board gets quite a lot of spam attempts, which have been pretty much completely decimated by using Stop Forum Spam countermeasures. In the past 3 months alone it has blocked over 10,000 spam posts. Is there anything like this being setup for discourse, or what would be a good way to go about it?

Thanks,
Dewey


(Jeff Atwood) #2

Remember that we are a 100% JavaScript app. There is virtually no HTML on the page. (Try using the “view source” function of your browser if you don’t believe me.) Discourse is radically different from previous forum software.

The odds of spammers having any canned solution for us is basically nil.

Even after a year, we’ll still be a small fish.

On top of those facts of life, we built Stack Exchange as our previous project, which unlike Discourse allows completely anonymous, no-login-required participation. A far tougher scenario, since anyone could just start typing in a text box right now and spam away to their heart’s content.

Do you see any spam there?

No?

I rest my case. :smile:


(Jeff Atwood) #3

(Jeff Atwood) #4

Note that we’re seeing fairly mixed results from Stop Forum Spam in our testing. It stops maybe 1/3 (33%) of spam signups. That’s not bad compared to some of the other checks though!


(Jeff Atwood) #6

In 1.4 we added a few additional early checks that tie in with the post approval queue, and catch a lot of spammers.

Also try our official Akismet plugin, which is an important Bayesian after-the-post checker that works well against the many human spammers that are out there.


(Markus) #7

We’ve got our first and only spam entry so far.

May I ask, how many mechanmism Discourse is running in idle mode and how we keep runing our community spam free in future? Is Askisnet also free for non-profits?

You’re doing an excelent job at this :slight_smile: :sunflower: Our last community software phpBB was a magnet for spamers and we were spending recently more time with cleaning up insted of supporting our members. That was painfull.

:heart:


(Jeff Atwood) #8

Akismet might be free for non profits, check their signup page for details. We bought an enterprise key and use it for all our hosted clients.


(Markus) #9

That’s cheap for unlimited sites. But are 100,000 monthly checks enough for all of your sites?


(Jeff Atwood) #10

Only new user posts are checked so it depends on the volume of new user posts. People don’t tend to stay new users forever.

I should log in and see how many Akismet checks we have used per month in actuality. Thanks for reminding me about this:


(Markus) #17

What do you think of Google’s captcha routine? Will it help to improve the false positives rate by asking the user for, if Discourse thinks the latest post could be spam?


(Mittineague) #18

CAPTCHAs help stop non-humans, but unfortunately they also present a hurdle to real humans.

IMHO the best thing would be to be patient and give Akisment some time to “learn”


(Kane York) #19

We haven’t had problems with actually automated posting, so that isn’t going to help.


(Sebastian) #20

My discourse has been online for three days (no akismet enabled) and I have some spam bot signups, but no actual spam in the forum.

A global, collaborative blacklist might also make sense. A few of those exist, can discourse check against that? At any rate, just as a trivia, the spam bots I am now seeing have funny email domains like @site.insurple.com or @old.syfyman.com


#22

On my non-Discourse forum, StopForumSpam integration has made a huge difference at preventing human spam signups. Plus it’s free. I would strongly prefer SFS over Akismet if I were to migrate to Discourse.


(Jeff Atwood) #23

I’m just not convinced SFS is organized enough to survive? Akismet is backed by WordPress and I’m confident that has a HUGE corpus and will survive for the next 10 years at least…


(Sam Saffron) #24

I think that is fair, however it would be nice to offer hobbyists something here plus it would be a good test for the review queue changes @eviltrout is doing. SFS is doing 480 requests a second which is quite a high number.

I think we could potentially commission a plugin here for SFS.

Looking at absolute numbers of scanned posts looks like SFS is at 50,531,189,226 and Akismet is at 463,220,426,871. So SFS is 410 billion behind but 50 billion is not a terrible number.


(Jeff Atwood) #25

I am also not convinced SFS is going to be a reliable service in terms of infrastructure.

Might be a good community encouragement fund project @erlend_sh


#26

Thanks guys for considering it.

SFS has been around for a long time, and it’s one of the top options for non-Wordpress CMSes, so I wouldn’t worry about its sustainability.

Another thing is that I kind of prefer the non-heuristic functionality of SFS. It’s all very predictable and simple for me as the admin, I can just configure the thresholds based on X number of times the IP or email or username appears in the database, and that’s it.