Spam protection

In the forum we have had quite a SPAM problem for years.

New posts need to be moderated manually and there is quite a large number of attempts to get SPAM into the site.

How does discourse defend against SPAM?

There are multiple features enabled by default:

Trust system

New users get more privileges and less limits (link posting, image posting, inviting users…) as they use the forum.

Spam blocking

Built in Akismet spam protection and heuristics including new user sandboxing, user flag blocking, and standard nofollow.

Community moderation

Let the community suppress spam and dangerous content, and amicably resolve disputes.

1 Like

So what does a new user need to do before being able to post a link?

I think SEO and SPAM are the juciest targets in a high profile web site.

The old French forum was on phpbb and I had to validate all the registrations manually and manage the mass bot registrations (sometimes 200 per day). Since the French forum is based on Discourse (since 1 year), no more problem. It’s so much more relaxing. :sunglasses:

1 Like

New users can post two links per post at most. Other users with higher trust levels can quickly flag spammy posts from new users to hide them, without action from the moderators.
See Discourse Trust Levels for details.

And Akismet is able to detect suspicious or spammy links and require some posts to be reviewed by a mod.

Discourse seems to be less targeted than other web forums for spam, probably because it limits number of links and puts nofollow on links posted by users.

Additionally, any bots built around spamming discourse forums will have to deal with our different login procedure (osm.org oauth).

In practice, I think this would only mean spam gets manually posted gets through.

Discourse’s trust levels should take care of most of this, so I propose not worrying about this unless it becomes a problem.

2 Likes

All the SPAM currently prevented from appearing in the forum by the moderation is manual posts, some quite cleverly camouflaged. Bots are not an issue.

My conclusion would be that the measures at discourse should be sufficient, but if the Spammers move together with the forum, we will need those mechanisms and their limits will be tested.

We don’t have the plugin for Akismet installed at this time (Discourse Akismet Anti-Spam - plugin - Discourse Meta). Maybe you could elaborate a bit why you believe this is already in place.

It’s not enabled right now but we can enable it if needed. I think we initially said we want it but we never enabled it during the testing phases.

If the default spam protection is not enough, it will be an option to enable it.

After 1+ year on the french OSM discourse, we have no spam problem and no plan to install akismet (and create a dependancy).

Well the problem is we’d need a license key - it’s why I’ve never pursued using it on the main site.

1 Like

Did you have one before on the old forum?

Oh yes !!!

Bots registering, spamming

Some real user originated spam cases, but low volume compared to bots.

Unlikely we will install Akismet. We are privacy conscious, and akismet sends private user data (including IP) to their servers for processing.

We have not enabled it on www or wiki.

3 Likes