Security and Spam Protection: Setting up spam protection and CAPTCHA

Jay Moonah

Spam is a problem for many forums. To combat it, NodeBB uses a number of different services in a single anti-spam plugin known as Spam-be-Gone.

1. Open the administrative dashboard using the 'gear' icon on your forum.
2. Open the Extend > Plugins menu, and select the Find Plugins tab.
3. Use the search on the right. Type 'Spam' and the plugin should appear -- select Install when you see it.
4. From Installed tab on the Plugins menu, search again for 'Spam' and select Activate.
5. Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the Spam-Be-Gone plugin will be active.
6. Configure the plugin, go to the Plugins menu and select Spam-Be-Gone.

Spam-Be-Gone makes use of three separate services to limit spam. Each of these requires a one-time set-up to activate.

Akismet

Akismet is a spam filtering service that is run by the blogging platform WordPress. If you are running a non-commercial website you can use it on a pay-what-you-can basis.

1. Follow the link from the NodeBB dashboard to the Akismet site.  If you do not already have a WordPress account you may be prompted to create one. Once you have set this up, you can activate your Akismet account.
2. You will be provided with an API key – copy it, and return to the NodeBB dashboard.
3. Enable the Akismet service, and paste the API key into the appropriate field. If you are new to using Akismet, leave the other fields at their default values as these will work for most sites.

Project Honeypot

Project Honeypot is a second service used by NodeBB to help identify individuals and bots who are known to be responsible for high volumes of spam postings. You can create a free Project Honeypot account by following the link from the dashboard and providing your information. Once confirmed, you can get an API key by logging into the Project Honeypot dashboard, and clicking the "get one" text link on the left side of the screen. Copy the key, then return to NodeBB, activate the service, and paste the key.

reCAPTCHA

The Google reCAPTCHA service can be used to provide an additional layer of spam prevention by setting up a challenge that filters humans from bots. Activating this service requires a Google account.  If you wish to use this service, follow the link from the NodeBB dashboard, and enter the URL information for your forum. reCAPTCHA makes use of two different keys: a public API key and a private, or secret, key. Copy and paste each of these keys into the appropriate field in NodeBB.

When you are done entering information for all the services, be sure to hit Save at the bottom of the Spam-be-Gone page. You will need to restart the forum one more time for these changes to take effect.

 Setting up spam protection for NodeBB