• @a_5mith said:

    No registration process can tell if a human is a spammer or not. It's not possible.

    You are right here. Eventually, all human processes can be simulated and replicated and thus verification of humanity will eventually be impossible.
    I do wonder if AIs will just spam us to death instead of outright revolting and murdering us, or maybe just doing things like mass-committing something like identity fraud on their own accord. Plus, if they're really clever, they'll have seen the movies. Murdering us directly will inevitably invoke the wrath of a gun-wielding ex-con with a mullet who will be their demise.

    Also:
    Checking against external blacklists and APIs has a couple of disadvantages, mainly:

    • A. Part of your spam protection dies when their service does.
    • B. Refusing registration attempts when the external service is disrupted prevents your site from working properly and semi-randomly denying visitors the ability to sign up will most certainly not encourage them to do so. On the contrary, not doing so opens up an unnecessary vulnerability upon the disruption of the external service, which is not really a very good thing.
    • C. You're essentially giving them a carte blanche to determine who does or who doesn't get on your website.

    From personal experience, when one of these external blacklists actually triggers, some other method of spam prevention my forum (Not NodeBB. Yet.) has installed generally does as well. Although maybe if they decentralized the concept, bitcoin-style (or bitmessage, or bitsomething, or bitanotherthing, you get the deal, there's thousands of there projects now) it might become a bit more interesting, as it'd invalidate two out of my three main complaints. To negate the third, there's always the possibility of clever stuff. Don't underestimate some people when it comes to coming up with clever stuff.

  • GNU/Linux

    @bentael said:

    @a_5mith @meetdilip
    what about Q&A? how is that related to an anti-spam plugin?

    @meetdilip
    the spam-be-gone plugin uses the following:

    • Honeypot Project: To check user's IP at registration time. At the moment, we only submit the IP, because @julianlam 's node module only supports that.
    • Akismet: To check every single user post, this one uses IP, User-Agent, host URL, path to topic, username and the content of the post.
    • Google recaptcha: (recently supported) no need to explain that, but that's only used at registration time at the moment.

    You can use which ever ones you want or all, so if you're worried about Honeypot, the Captcha option may be enough for you, however, you would need to wait for the NodeBB 0.5.0 for a stable release.

    All: The CAPTCHA support works in the latest spam-be-gone plugin v 0.2.0-8 with the NodeBB latest master branch, but it's really targeting the NodeBB 0.5.0 release.

    if you want to use NodeBB 0.4.0 <= your version <= 0.4.3, please use the spam-be-gone v0.1.2

    Thanks for the insight @bentael. I guess Questions which are difficult for bot to answer are very common and effective these days.

    Is there anyway that I can ignore Project Honeypot and use only other services. I use Akismet on my blog. It is very effective for me.


  • @meetdilip just don't fill in the honeypot api. šŸ‘

  • GNU/Linux

    After installing npm install nodebb-plugin-spam-be-gone , my ACP is not working. I restarted a couple of times using terminal. I can see the plugin under plugins option but whatever button I click on ACP does not work. That include " Restart Nodebb ".

    The I tried npm remove nodebb-plugin-spam-be-gone . The cursor kept blinking for say 10 minutes and I closed the terminal to get out of it. Then restarted. Still no luck. Any help ?

  • GNU/Linux Admin

    Invoke the log viewer by running ./nodebb log -- what errors do you see? Open another terminal and try restarting. Ctrl-C to exit.

  • GNU/Linux

    @julian

    info: [meta/css] Minifying LESS/CSS
    info: [sounds] Sounds OK
    info: [meta/css] Done.
    info: [themes] Compiling templates
    info: [themes] Successfully compiled templates.
    info: NodeBB attempting to listen on: 0.0.0.0:80
    info: NodeBB Ready
    warn: [plugins/nodebb-plugin-emailer-local] "callbacked" deprecated as of 0.4x. Use asynchronous method instead for hook: filter:admin.header.build
    info: [meta/js] Compilation complete
    warn: [plugins/nodebb-plugin-emailer-local] "callbacked" deprecated as of 0.4x. Use asynchronous method instead for hook: filter:admin.header.build

  • GNU/Linux

    Disabled emailer-local. Now working fine.

  • Admin

    Just to add my 2 cents, I've been an admin at a bunch of big forums in the past (phpBB); the best spam prevention has been a Q&A "what's the name of this forum" kind of thing in registration. Of course, anybody could easily write a bot to solve that, but I guess the idea is that a good chunk of forum admins can get by with minimal spam prevention measures as the aforementioned.

  • GNU/Linux Admin

    Baris brings up a good point with the "users with rep > x can flag2ban".

    Where do we want to go with the rep system, anyway?


  • How can i tell if this project honeypot key is actually working?

  • GNU/Linux

    No. of bot registrations will reduce.


  • @Scuzz the output log of node adds a warn user x denied registration when it happens.


  • @meetdilip That's quite hard to notice when we have like 3 every two months.

    @a_5mith Thanks, i'll keep an eye on the logs šŸ‘

  • Plugin & Theme Dev Anime Lovers GNU/Linux

    I wonder who created this bot program. I would like to thank them first and foremost for having expedite this honeypot / Captcha system, then I would like to tell them fuck you for having me go and delete 100 users manually.


  • @bentael Awesome. Looking forward to it. What's the proper way to update when it is published? cd /var/node_modules/nodebb-plugins-spam-be-gone && git pull && npm install?

  • GNU/Linux Admin

    @Guiri said:

    @bentael Awesome. Looking forward to it. What's the proper way to update when it is published? cd /var/node_modules/nodebb-plugins-spam-be-gone && git pull && npm install?

    npm-installed packages won't have git info. Just run npm install {plugin-name}@latest from the nodebb root folder.

  • Admin

    @trevor said:

    I wonder who created this bot program. I would like to thank them first and foremost for having expedite this honeypot / Captcha system, then I would like to tell them fuck you for having me go and delete 100 users manually.

    LOL

Suggested Topics

| |