Cloudron Forum Node BB - Signature new limit max of 75 chars

girish

@brutalbirdie OK, I have made it 100 now. I had increased it since we had a few users spam things in their signature.

I feel like I am losing the war against spam in this forum See https://forum.cloudron.io/users, such a mess.

girish

FWIW, best I can tell, they are all real people, beating captchas, waiting it out for 1 hour before posting spam!

BrutalBirdie

@girish This is truly sad.

Another validation option would be a ID from www.cloudron.io like for a subscription, but why making two accounts just for the forum.

I will invest some time to lookup solutions for NodeBB.

Also first post to be moderated could be an option and with this option I can already see the pain for real new users wanting to get support via forum.
Also the extra work for you and Nebulon.

girish

@brutalbirdie first post is already moderated. But you will be amazed how far spam has come. They post helpful "comments"by reiterating previous comments. Then later they change the comment to links.

girish

I posted on HN a few days ago about this as well - https://news.ycombinator.com/item?id=24921534

BrutalBirdie

Wtf that's next level spam.

robi

@girish did you try switching it to HCaptcha yet? Or leaving both?

jimcavoli

@girish said in Cloudron Forum Node BB - Signature new limit max of 75 chars:

I feel like I am losing the war against spam in this forum

Yuuuuup. Sounds about right. That's a war I lose every day all over the place. It's tough out here - people and bots both are cramming all sorts of garbage into everything with a form field they can find. I've even seen the less brilliant attempt to robo-submit spam into a login from once that was an especially stupid day.

robi

@jimcavoli isn't there a way to set up two forms, the first one in code is hidden from view and catches bots, and the second is human visible?

nebulon

@robi We also use HCaptcha by now, but that didn't change anything. Well at least we don't hand the data to Google anymore if one cares.

BrutalBirdie

@robi said in Cloudron Forum Node BB - Signature new limit max of 75 chars:

@jimcavoli isn't there a way to set up two forms, the first one in code is hidden from view and catches bots, and the second is human visible?

That would be a honypot style, can work but like @girish said, there are real people signing up account, writing something useful and then after confirmation they edit that to a spam topic.

I also experienced less spam signups when 2FA is forced on the user. 2FA is great but forcing that on all users because of spam.
Ehh.

robi

@nebulon yeah keep stacking them, add MTCaptcha too

Lonkle

I feel like the reputation system can actually play an active role in this altogether. I don't know how yet, but I feel like it could be used to inconvenience spammers once they're on here. Then auto-deleting users based on posts and reputation after they stop being active after failing to SPAM here. Just my two cents.

robi

It also seems like they need the posts up for a short time to get credit for their work.

If the credit is not reliably received, they will move on elsewhere. Break the incentive.