I am a moron.
I forgot the /api/v3 in the API url.
The fact that a very busy human spammer or (more likely) an automated spammer has been active on this site since early this morning is a good reason why NodeBB needs an anti-spam feature not just during registration, but also for posting.
We just have to find a way to make it less annoying for human posters.
While I do agree with you, currently the problem is a borked user delete... didn't actually delete the user as I thought it would ><
Latest version (when committed) should ensure that a since-deleted user will not be able to post.
Well at least thanks to that spammer, we know that the user deletion feature still needs more tweaking.
Ironically, deleting the user made it impossible for me to ban him, while he's still able to post, rofl
Ironically, deleting the user made it impossible for me to ban him, while he's still able to post
Interesting. Maybe ban first, then delete.
@baris just pushed a fix that hopefully solves the user deletion bug, and I guess we all know what we're doing in the upcoming weeks re: spam prevention
I guess we all know what we're doing in the upcoming weeks re: spam prevention
Yeah, and all we needed was to have a spambot hammer us for half an hour
What about adding support for Project Honeypot, I use it on my forum and haven't had a single spambot registration in 7 months. It stops them before they even get to the registration process. Then an option for either a Q&A or one of them new fangled captchas where you need to click the spanner or something.
I use it on my forum and haven't had a single spambot registration in 7 months.
Hey, good enough for me -- I might just look into it
Most Captchas are easily broken by bots, the only real way you can stop a spambot by using a captcha is if you build your own or use one that's not well known, the spam bot creators don't bother hacking the smaller captcha providers.
An option to use each one would be nice though, maybe a few different captcha providers, or a Question & Answer form. Then run them through someone like Stop Forum Spam whilst we're there. This, by default would also give you an edge over other bulletin board software, as most just handle it through a plugin/add-on.
The following traps could be done as well:
If these options are implemented the following should be configurable within ACP:
Interestingly enough I had the idea of making a Project Honeypot plugin 2 months ago
Never came around to doing it though... Still have that Poll thing and the video chatting...
On my new site, I have more bot-registered users than real users. The list just keeps growing by the minutes. Nothing to stop them.