Cloudron Forum Node BB - Signature new limit max of 75 chars
-
@brutalbirdie OK, I have made it 100 now. I had increased it since we had a few users spam things in their signature.
I feel like I am losing the war against spam in this forum See https://forum.cloudron.io/users, such a mess.
-
FWIW, best I can tell, they are all real people, beating captchas, waiting it out for 1 hour before posting spam!
-
@girish This is truly sad.
Another validation option would be a ID from www.cloudron.io like for a subscription, but why making two accounts just for the forum.
I will invest some time to lookup solutions for NodeBB.
Also first post to be moderated could be an option and with this option I can already see the pain for real new users wanting to get support via forum.
Also the extra work for you and Nebulon. -
@brutalbirdie first post is already moderated. But you will be amazed how far spam has come. They post helpful "comments"by reiterating previous comments. Then later they change the comment to links.
-
I posted on HN a few days ago about this as well - https://news.ycombinator.com/item?id=24921534
-
@girish said in Cloudron Forum Node BB - Signature new limit max of 75 chars:
I feel like I am losing the war against spam in this forum
Yuuuuup. Sounds about right. That's a war I lose every day all over the place. It's tough out here - people and bots both are cramming all sorts of garbage into everything with a form field they can find. I've even seen the less brilliant attempt to robo-submit spam into a login from once that was an especially stupid day.
-
@robi said in Cloudron Forum Node BB - Signature new limit max of 75 chars:
@jimcavoli isn't there a way to set up two forms, the first one in code is hidden from view and catches bots, and the second is human visible?
That would be a honypot style, can work but like @girish said, there are real people signing up account, writing something useful and then after confirmation they edit that to a spam topic.
I also experienced less spam signups when 2FA is forced on the user. 2FA is great but forcing that on all users because of spam.
Ehh. -
I feel like the reputation system can actually play an active role in this altogether. I don't know how yet, but I feel like it could be used to inconvenience spammers once they're on here. Then auto-deleting users based on posts and reputation after they stop being active after failing to SPAM here. Just my two cents.