Hi everyone - for the past few days, our forums have been getting a lot of spam registrations that are properly being flagged for us to review. The problem is the large quantity of them every few hours:
Is there a way to quickly review and do a bulk edit so that we don’t have to click on each entry and click again to select the delete + ban option? That gets pretty tedious after some time.
Hi Jeff, team - the amount of spam we get is quite high, and we have about 30-40 posts flagged for review daily. It’s a lot of repetitive point-and-click. Have there been any new techniques introduced to make this less tedious?
We reviewed thousands of automatically flagged (system and Akismet) posts/users on my forum.
The accuracy of both system and Akismet was very close to 100% (1 false positive to my knowledge for 2500 flags). It’s not the case for every forum, so you have to be sure of what you’re doing if you want to automate the ban of automatically flagged users.
In the end, I made a PHP script using a Discourse webhook data:
I added custom code to trigger the auto-ban by sending an API request to Discourse, based on arbitrary criteria:
Here’s the final code:
<?php
// Immediately verify the authenticity of the request.
if (array_key_exists('HTTP_X_DISCOURSE_EVENT_SIGNATURE', $_SERVER)) {
$discourse_payload_raw = file_get_contents('php://input');
$discourse_payload_sha256 = substr($_SERVER['HTTP_X_DISCOURSE_EVENT_SIGNATURE'], 7);
// For security, configure the webhook with a secret in Discourse and set it below.
$discourse_payload_secret = 'xxxxxxxxxxxxxxxxxxxxx';
// Verify that the request was sent from an authorized webhook.
if (hash_hmac('sha256', $discourse_payload_raw, $discourse_payload_secret) == $discourse_payload_sha256) {
echo 'received';
}
else {
die('authentication failed');
}
}
else {
die('access denied');
}
// Prepare the payload for use in the PHP script.
$discourse_json = json_decode($discourse_payload_raw);
$reviewable = $discourse_json->reviewable;
// Set up the API URL
$api_url = "https://unicyclist.com/review/$reviewable->id/perform/delete_user?version=0";
// Verify that the "type" and "score" properties are valid
if (($reviewable->type == "ReviewableUser" || $reviewable->type == "ReviewableAkismetUser" || $reviewable->type == "ReviewableQueuedPost") && $reviewable->score > 0) {
// Set up the curl options
$options = array(
CURLOPT_URL => $api_url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => "PUT", // Set the request method to PUT
CURLOPT_HTTPHEADER => array(
"Api-Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"Api-Username: system"
)
);
// Initialize the curl session
$curl = curl_init();
curl_setopt_array($curl, $options);
// Make the API call
$response = curl_exec($curl);
curl_close($curl);
// Decode the response
$response_data = json_decode($response);
print_r($response_data);
} else {
exit;
}
?>
It works perfectly so far.
Note that my code may be very dangerous to use in another context and the content must be thought carefully.
For example, a “ReviewableUser” flag may be set on users on forums who need to validate users manually (I don’t know if it’s the case, it’s just an example). Other forums could have changed the spammer detection thresholds in their setting, or the automatic detection could simply be less accurate on their forum.
I have been using @Canapin’s solution on my personal discourse, but I also have separate instance setup for another company. I would prefer not to use this script on their solution.
Is there an update from the Discourse team on alternative approaches? This applies to both flagged registrations as well as posts flagged as spam:
As yet, we have nothing planned for adding bulk actions to the Review Queue, but if you could create a feature request for it we could more easily gauge the popularity of the suggestion, which may get it more attention.