remark42 icon indicating copy to clipboard operation
remark42 copied to clipboard

Published 20 hours ago verified publisher icon umputun

Simple anti-spam measures

Open umputun opened this issue 5 years ago • 6 comments

Practically, in default mode (anonymous access disabled) I have not seen a significant amount of spam on any system hosting remark42. However, with anonymous access and (maybe) email auth (work in progress) it can be worse. I don't think we should spend too much effort fighting theoretical possibilities but if something can be done preventively with minimal efforts I'd like to have it in.

  1. trivial client-side protection against spam bots with the hidden input element. If it has something in it, UI will ignore the submit
  2. honeypot? I'm not sure if this even different from 1
  3. anything else?

As far as I understand all of this is frontend only. For the backend, we should consider something (no clue what exactly) too. I don't want captcha of any kind and also prefer not to use any paid third-party services like Akismet. Any ideas?

umputun avatar Jun 12 '19 07:06 umputun

i've lot of spam fighting experience and only one thing work for sure - it's phone checking by SMS or call. It will be great to have integration with some SMS providers i think...

atolia avatar Jun 12 '19 09:06 atolia

We have hone ypot actually. On the server side, I think, some tracking of IP adresses, either homebrew or third party can be useful. Fail2ban?

Reeywhaar avatar Jun 16 '19 22:06 Reeywhaar

I don't think that SMS verification is suitable solution.

bronislav avatar Jul 16 '19 13:07 bronislav

@umputun Why the strong feelings against support for captcha services? It would make someone like me supporting anonymous authentication feel a bit better about the authenticity of comments.

svengeance avatar Jan 16 '21 00:01 svengeance

Nobody has reported such issues yet. JetBrains has a big user base for their comments and has email auth enabled in their Remark42 comments, but I have yet to hear about spam problems from them.

I guess this issue waits for the first real-life spam report to see what we should improve. Unless there are objections, I'll remove the "help wanted" tag as this issue is not that clear for someone without any context to help on it.

paskal avatar Jan 08 '23 09:01 paskal

@paskal Just stumbled upon this comment :) We maintain a large list of RESTRICTED_WORDS which includes

  1. updating the list when a new spam comment appear
  2. diagnosing an issue when a non-spam comment cannot be posted (because a phrase contains a restricted word).

So an ability to use reCAPTHCA might come in handy.

dmitry-do avatar Mar 05 '24 11:03 dmitry-do