I am creating a custom plugin in nodebb and I want to fetch a list of all authentic and confirmed users over there.
req.ip passed into the userData on registration, so officially, any anti-spam plugin created will already be compatible with NodeBB v0.4.0.
Unofficially, I'd like to get decent spam protection out the door for v0.4.1. So I'm using this thread to collaborate with plugin writers to bounce ideas off one another
filter:user.create. If a spammer is found on registration, we can do this:
callback(new Error('bad-ip'));, and NodeBB will stop the registration process and throw an alert with the words "bad-ip" in it. Not the greatest of messages, but we can add a language key for that error code for v0.4.1.
This plugin is transparent to the end user. It is not a front-end solution.
Unless you're in the project honeypot database, then you get the 403 error message.
(For anyone that's concerned they'll lose members to these error messages, there's a link in the error message for them to verify they're not a spam bot, it's a great tool)