Spam protection

Nop · March 23, 2022, 4:59pm

In the forum we have had quite a SPAM problem for years.

New posts need to be moderated manually and there is quite a large number of attempts to get SPAM into the site.

How does discourse defend against SPAM?

nukeador · March 23, 2022, 5:59pm

There are multiple features enabled by default:

Trust system

New users get more privileges and less limits (link posting, image posting, inviting users…) as they use the forum.

Spam blocking

Built in Akismet spam protection and heuristics including new user sandboxing, user flag blocking, and standard nofollow.

Community moderation

Let the community suppress spam and dangerous content, and amicably resolve disputes.

Nop · March 23, 2022, 6:04pm

So what does a new user need to do before being able to post a link?

I think SEO and SPAM are the juciest targets in a high profile web site.

gendy54 · March 23, 2022, 6:34pm

The old French forum was on phpbb and I had to validate all the registrations manually and manage the mass bot registrations (sometimes 200 per day). Since the French forum is based on Discourse (since 1 year), no more problem. It’s so much more relaxing.

H · March 23, 2022, 6:53pm

New users can post two links per post at most. Other users with higher trust levels can quickly flag spammy posts from new users to hide them, without action from the moderators.
See Discourse Trust Levels for details.

nukeador · March 23, 2022, 7:11pm

And Akismet is able to detect suspicious or spammy links and require some posts to be reviewed by a mod.

pnorman · March 23, 2022, 8:21pm

Discourse seems to be less targeted than other web forums for spam, probably because it limits number of links and puts nofollow on links posted by users.

Additionally, any bots built around spamming discourse forums will have to deal with our different login procedure (osm.org oauth).

In practice, I think this would only mean spam gets manually posted gets through.

Discourse’s trust levels should take care of most of this, so I propose not worrying about this unless it becomes a problem.

Nop · March 24, 2022, 7:09am

All the SPAM currently prevented from appearing in the forum by the moderation is manual posts, some quite cleverly camouflaged. Bots are not an issue.

My conclusion would be that the measures at discourse should be sufficient, but if the Spammers move together with the forum, we will need those mechanisms and their limits will be tested.

mmd · March 24, 2022, 10:17am

We don’t have the plugin for Akismet installed at this time (Discourse Akismet (Anti-Spam) - plugin - Discourse Meta). Maybe you could elaborate a bit why you believe this is already in place.

nukeador · March 24, 2022, 11:16am

It’s not enabled right now but we can enable it if needed. I think we initially said we want it but we never enabled it during the testing phases.

cquest · March 24, 2022, 11:36am

If the default spam protection is not enough, it will be an option to enable it.

After 1+ year on the french OSM discourse, we have no spam problem and no plan to install akismet (and create a dependancy).

TomH · March 24, 2022, 12:53pm

Well the problem is we’d need a license key - it’s why I’ve never pursued using it on the main site.

Nop · March 24, 2022, 1:11pm

Did you have one before on the old forum?

cquest · March 24, 2022, 1:42pm

Oh yes !!!

Bots registering, spamming

Some real user originated spam cases, but low volume compared to bots.

Firefishy · March 24, 2022, 5:05pm

Unlikely we will install Akismet. We are privacy conscious, and akismet sends private user data (including IP) to their servers for processing.

We have not enabled it on www or wiki.