This documentation provides a comprehensive guide on preventing spam in Discourse forums, and includes information about various settings and tools designed to help maintain a spam-free community environment.
Required user level: Administrator
On most forums spam is rare. However, if you’re having problems with spam on your site, Discourse comes with numerous tools to help you automatically prevent spam.
The following guide offers some recommendations on how you can help prevent spam, while still maintaining a positive and welcoming environment for your community.
Spam Detection with Discourse AI
AI Spam Detection is one of the best Discourse features for automated spam detection. Unlike other tools, it can automatically block users and posts based on preconfigured rules. AI Spam Detection is available to **all users on Discourse hosting, and on self-hosted sites with an LLM configured.
Benefits of AI Spam Detection include:
- Automation: No manual intervention is needed to block obvious spam.
- Customizability: You can tailor it to your community’s unique requirements.
- Scalability: Works well even when communities are under heavy spam attacks.
- Broad compatibility: Free (on Discourse hosting) and budget-friendly LLMs like GPT-4, Claude 3.5, and Gemini Flash can handle spam detection effectively.
Setting up AI triage
Simply turn it on in Admin settings → plugins → AI → Spam Handling (details here).
By default it uses a prompt that Discourse has tailored for our sites, but you may add custom instructions specific to your site.
Example tailored prompt
With Discourse AI you can also use the creative AI bot to generate tailored prompts that are specific to your site’s needs.
Akismet Anti Spam Plugin
If you’re having trouble with spam on your site, the Discourse Akismet (Anti-Spam) plugin is a great place to start.
This plugin helps keep your site free of spam by automatically scanning all posts from new users. Scanned posts that Akismet flags as spam are immediately removed from the site and added to a queue for review.
Site staff can then review the posts to confirm spam, or restore if the posts are not spam. Akismet learns as staff confirm or restore spam posts, improving its spam detection and decreasing false positives.
On all Discourse hosted sites, this plugin is automatically included and pre-configured!
For self-hosted sites, follow our Install a Plugin howto guide to install Akismet, and then visit the Akismet Configuration Instructions to finish setting up this plugin.
Can I alter the sensitivity of Akismet?
While Discourse doesn’t have a way to directly alter the sensitivity of Akismet, there are a few related site settings that you adjust can help prevent spam on your site. The following settings are accessible on your site’s .../admin/site_settings/category/plugins?filter=plugin%3Adiscourse-akismet
page after installing Akismet:
Default Trust Levels
The default trust level for new users on your site can be adjusted on the .../admin/site_settings/category/trust
page, however, we recommend keeping the default trust level
set to 0.
If you’ve modified the value of this setting, we strongly recommend changing it back to 0: new user
, as changing this setting can put your site at serious risk for spam, due to the way that trust levels interact with Discourse’s spam related settings.
Spam Related Site Settings
Unless you are specifically having trouble with spam, we recommend keeping the following settings at their default values.
Discourse has several spam related site settings that you can access on your site’s .../admin/site_settings/category/spam
page.
These settings can be adjusted to increase or decrease the sensitivity of spam detection, and the strictness of the consequences associated with posting spam.
The following are some of the more commonly adjusted spam related settings that have a notable impact on how spam is handled on a site.
The default values for all settings are shown below.
Hiding Posts
The hide post sensitivity
and cooldown minutes after hiding posts
settings control the likelihood that a flagged post will be automatically hidden by Discourse, and how long a user must wait before they can edit a flagged and hidden post.
Silencing New Users
Discourse has a num users to silence
site setting, which will automatically silence a new user if they receive a certain number of spam flags.
By default this is set to 3, so you may want to consider lowering this if you’re consistently having problems with spam coming from the same user(s).
Limiting Links
Discourse limits the number of posts a new user can make that contain links to an outside domain with the newuser spam host threshold
setting. If new users on your site are frequently spamming links to the same domain, you may want to consider lowering the value of this setting.
Limiting IP Addresses
Discourse limits the number of new accounts a user can make from any given IP address. If you’re finding that problematic users on your site are repeatedly creating accounts to spam your site, you could consider lowering this from the default value.
There’s also a flag sockpuppets
checkbox that you can enable to prevent users from creating multiple accounts and then commenting on the same topic:
Additionally, you can manually look up the IP addresses of problematic users on their admin page under the Last IP Address
and Registration IP Address
fields, and delete other accounts associated with the same IP address.
Or consider blocking IP addresses that spammers are using on the “Logs → Screened IPs” page (.../admin/logs/screened_ip_addresses
):
Adjusting Flag Requirements
By default, a topic needs to be flagged by 5 unique users before Discourse will automatically suspending posting to that topic.
You can adjust the num flaggers to close topic
site setting to raise or lower the number of flaggers required to suspend posting on a topic, and adjust the auto close topic sensitivity
setting to change the likelihood that the topic in question will get automatically closed instead.
Watched Words
Watched Words are another great feature for helping block or limit posts that contain words, phrases, or URL links that spammers might be repeatedly using.
Considering adding some “Blocked” or “Silence” Words to your site if you’re finding that spammers are frequently using the same types of text in their posts.
For a more advanced use of Watched Words, you could also consider Using Regex with Watched Words.
Increase Trust Level Requirements
If you’re finding that spam is coming mainly from TL0 users, you may also want to adjust some of the trust level settings to make it harder to get to TL1:
Since Akismet will skip over posts from users trust level 1 and above by default, making it harder to get to higher trust levels can make it more difficult for users to bypass spam detection.
hCaptcha Plugin
The Discourse hCaptcha plugin aims to enhance security and bot protection by integrating hCaptcha into the local sign-up form.
On all Discourse hosted sites, this plugin is automatically included.
Additional Steps
It’s important to understand why users are spamming your site. Are they’re bored, malicious, or looking to promote themselves?
Suggestions for dealing with The Difficult User, along with a variety of other moderation topics can be found in our Discourse Moderation Guide, so you may want to read through this guide for some additional ideas regarding moderating your site.
Outside of the above, ramping up your moderation team for the short term, so that you have full coverage is another good approach to combatting spam. The key is to wear the problem users down so they get bored and move on.
If you’re continually having problems with spam after going through this guide, you could also consider placing all or some posts from new users into the review queue with the approve post count
, approve unless trust level
, or approve new topics unless trust level
settings:
However, it’s important to make sure you have enough moderators at hand to handle this, as this can have the potential make it difficult for new users to start interacting with the site if posts go unapproved.
Last edited by @SaraDev 2025-01-16T20:28:26Z
Check document
Perform check on document: