#3334: Discourse spam protection
-----------------------------+---------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Keywords:
SysAdmin/Discourse |
-----------------------------+---------------------------------------------
There seems to be someone spamming our osgeo forum and general for the
past day or so.
I'm going to lock down the spam protections bit more to mitigate
For one
1) Not allowing anyone posting to osgeo feedback without moderation
2) newuser max links change from 6 back to the original 2
3) Change email time window from 2 minutes back to 5 minutes (default is
10)
4) Reset max image size back to default of 4MB (was 100 MB)
5) Min first post typing time -- was set to 600, reset it back to default
of 3000 milliseconds (this just forces the post into needs approval queue
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3334>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Description changed by robe:
Old description:
There seems to be someone spamming our osgeo forum and general for the
past day or so.
I'm going to lock down the spam protections bit more to mitigate
For one
1) Not allowing anyone posting to osgeo feedback without moderation
2) newuser max links change from 6 back to the original 2
3) Change email time window from 2 minutes back to 5 minutes (default is
10)
4) Reset max image size back to default of 4MB (was 100 MB)
5) Min first post typing time -- was set to 600, reset it back to default
of 3000 milliseconds (this just forces the post into needs approval queue
New description:
There seems to be someone spamming our osgeo forum and general for the
past day or so.
I'm going to lock down the spam protections bit more to mitigate
For one
1) Not allowing anyone posting to osgeo feedback without moderation
2) newuser max links change from 6 back to the original 2
3) Change email time window from 2 minutes back to 5 minutes (default is
10)
4) Reset max image size back to default of 4MB (was 100 MB)
5) Min first post typing time -- was set to 600, reset it back to default
of 3000 milliseconds (this just forces the post into needs approval queue
--
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
Also put back to default:
* min first post length - was set to 1 changed to 20
* I thought I had set newuser max links back to 2 but maybe I was mistaken
so set that back to 2
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
Okay haven't gotten any spam since I updated these rules, but we have been
getting too many messages waiting for approval.
* Most fall in because new users putting in more than 2 links, changing
"newuser max links" to 4.
* Descriptions that contained % with numbers and China were also being
flagged, so I've removed China from watched words requiring approval and
tightened the [0-9]+% rule.
There is another rule I did want to change but hadn't because many people
need that feature.
That is being able to post multiple topics with the same subject line,
which gets abused by spammers. This by default is set to not allowed, but
we had changed it, so that people could post to multiple categories at
once.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
P.S. Forgot to mention I also instituted clean up of accounts that have
not been verified in past 30 days and have not posted anything. I also
reduced the length of time email token is valid for.
* email token valid hours: 24 (default is 48)
* purge unactivated users grace period: 10 (default 14) - we had this
really high before I think like 60
* cleanup inactive users: 730 days, this is any account that has no posts
and no activity for past x days) I had this set to 30 -- I realize this
was too low (we quickly went from 1200 accounts to 750 when I had made
this change) so put it back at the default of 730 days.
The issue with being too lax with these settings, is spammers often try to
accrue a bunch of accounts they have created in past, and then use them
after. I suspect this is what happened. But if we have another spam
attack, I will take a closer look at the account before deleting and
banning the ip and email.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
Okay spoke too soon just got spam.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
Appears the spammer was a discourse register and account was created
today. So wasn't an LDAP or a Github one. We might need to tighten the
signup process, perhaps getting rid of the discourse registers, though I'd
like to avoid that.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
Okay no spam aside from my experimental info category.
Another option for controlling spam is to use Discourse AI plugin -
Discourse AI - Spam detection - Site Management - Discourse Meta
Which we'd only use to check trust level 0 users, which I think has been
the case for all users posting spam. Of course this would be an added cost
unless we host our own LLM.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
Got another spam attack on general from
feyexip which registered 3 hrs ago. Looks like a self-register.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
I see there were others today and all to General category. I've enabled
slow mode on general so at least 2 hrs must have past for the same person
to post another topic.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
I also set default composer category back to blank. Was set to General
which I think just encourages people not to think about the category they
need to post to.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
I've also reduced - email token valid hours down to 2 hrs. At a glance
there were a bunch of recently added accounts that have been sitting there
for 7 hrs or more, I suspect these are all spam accounts as they had
emailed addresses like abc... or 34566. Hopefully this will reduce the
likeliness they can activate them in time to spam. Also added some more
terms to the approval queue and completely blocked list.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution:
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Comment (by robe):
Okay I just came across another setting -
approve post count: 0
The amount of posts from a new or basic user that must be approved
The default is currently 0. I wonder if it's better to set that to 1, and
then revert back to not requiring approval on each category. I'm going to
try that and see how that works.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3334: Discourse spam protection
----------------------------+----------------------------------------------
Reporter: robe | Owner: sac-tickets@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2025-I (robe)
Component: | Resolution: fixed
SysAdmin/Discourse |
Keywords: |
----------------------------+----------------------------------------------
Changes (by robe):
* resolution: => fixed
* status: new => closed
Comment:
I'm going to close this out for now. I did set the:
change **approve post count**: 0 to **approve post count**: 1 for new and
basic users.
after I wrote the above message.
I think this is sufficient for now and with that I've been able to purge
those fake accounts as they try to post crap the first time.
Our traffic is not high enough yet to be a concern, and I think if all
moderators (especially if each category group has designated moderators)
this shouldn't be too much work to block out rogue players.
So this means once a user is approved for their first post, regardless
what category, they can do future posts without moderation, as long as it
doesn't fall into our watched words traps and link count/image count etc
traps.
--
Ticket URL: <#3334 (Discourse spam protection) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.