Could you post the full output from your terminal? That doesn't read as it should above. Everything from doing npm install downwards.
NodeBB anti spam
Xiph last edited by Xiph
@Xiph all this is good, but doesn't prevent a targeted-script
Well, the theory of using those three methods of prevention combined is that only A. a regular, normal human (sorry, mutants and/or half-cyborg jellyfish-themed superheroes) or B. a bot rendering the entire page can register.
Having to actually render the page does massively increase the cost of creating spam accounts though and as @julian said, if you really really want to spam you can always just have a human register, or do it yourself. None of this removes the need for a kind-of Akismet-ish thing as another layer of protection, it just massively reduces the amount of automated registrations.
EDIT It seems like XenForo does in fact allow you to check all posts with Akismet.
@bentael You still working on this?
@fantapop this plugin is currently blocked while waiting for some desgin descisions. i'll chat with NodeBB team to see whats the best way to go about this.
@fantapop I just released a sort of working version,this one only work with the Honeypot Project, i would appreciate some testing help. i didn't get a chance to actually test real IPs, only tested with
127.0.0.1which is close to useless. Tomorrow, I'll try to hardcode fake spammy IPs for better coverage.
I need a hook on
Topic.post or Topic.replyto get a check with Akismet, but Akismet requires at least these 3
user_ip: req.ip , user_agent: req.get('User-Agent'), blog: req.host,
I could also use
let me know what you think is the best approach and I can add the hooks and submit a PR.
So, I don't know if you want to plumb through the
reqobject, or maybe implement the filter on a higher level, maybe at the
Topic.replyare both standalone functions, but to follow DRY,
So I believe putting a hook in at the
Posts.createlevel (here, as the first waterfall function) would be easiest.
filter:posts.validateas a name.
filter:posts.saveis already there, but the post creation process has already begun, so it is used mostly for munging data after it is destined to enter the database.
Post.createsounds like a good place, but can I guarantee that the
reqobject is going to be plumbed in from all the paths?
Hm... since posting is done via web sockets, we don't have the same data we would have in req... would have to example the socket data and see what we have to work with...
ok i'll investigate and post back
I don't think we should put it in
Posts.createas that is the internal function used by importers as well, Topics.reply seems like a better place as it is the one that is called by users and Topics.post calls that too.
Haha good thing we have @baris watching out for the wrong things I say
@bentael Really glad to see the evolution of NodeBB's first anti-spam plugin!!