Document User Security Buffer (Initial Moderation)

[WillStrohl]

Is your feature request related to a problem?

In a successful community, there is a line when the community begins to see new members coming in and creating spam posts in various ways. They get very creative too. They might post as much as a dozen times to get their spam content published, and might even masquerade as a well-intentioned member, only to later edit their seemingly harmless post to something else.

Spam comes in many forms too... It's not only backlinks we need to worry about. These links could lead to hacker-led websites that could legitimately damage someone's computer/phone in some way.

This can also be necessary for other reasons... Such as a new member instantly and repeatedly breaking the community's code of conduct before a moderator can catch it.

In either case, these are use cases that can and are detrimental to the well-being and growth of a community.

Describe the solution you'd like

We already have flood control in place, but we need a buffer that can be uniquely configured in various communities to gently allow new members to join and participate. In short, we need the following settings in the forum.

• Scope: Global to all forums in a single module instance.
• Setting: New Posts Require Moderator Approval Until After ___ Posts Approved by a Moderator
• Setting: Unable to edit posts until ___ approved posts
• Setting: Unable to delete posts until ___ approved posts

Describe alternatives you've considered

We have several other things that help to prevent the root issues we're trying to solve, but this is a critical one that doesn't yet exist.

Additional context

Issue #109

[Timo-Breumelhof]

Agreed. BTW I would also like the ability to send out a notice if a message has been edited..

[WillStrohl]

I'm apprehensive to add a setting to get notified of each forum post getting edited. I think that need would be alleviated by the other controls mentioned here.

A spammer won't likely contribute to the community in ways that get so many posts approved that they can edit posts themselves later. Editing would be disabled completely with this edit until after the post threshold would be met.

For example, how many great DNN posts would we expect a spammer to have the time/patience/passion to create over time before they can edit their posts?

[Timo-Breumelhof]

BTW, I did notice this:

I had no idea a trust level existed

[johnhenley]

Actually, this feature almost exists already, just not used enough probably? If we change the "auto trust level" to "trust after number of posts", does that do what you want?

[WillStrohl]

Uh oh... We're about to weave a brand new web of spaghetti code if we're not careful. I forgot about those settings too! 😆

I'm thinking it might be a perfect time to catalog and map out all of these kinds of features so we don't duplicate and/or create unnecessary work.

[johnhenley]

So if this wording is changed, does that meet your requirements? Or do you also want the edit and delete counts as well?

[WillStrohl]

I think I need to take more time to do the cataloging of what does and doesn't exist already, and what seems to be working, what needs to be moved, etc.

After that, we can all make more informed decisions. These features are too important to roll out hastily, despite needing all of them years ago.

If some of us are confused about what and where these features are, others out there have no hope. :(

[johnhenley]

I changed this to a documentation issue rather than enhancement since it really does already exist although it might be improved.

[WillStrohl]

Not all of the security controls mentioned in the original issue exist yet, but we'll know that for sure later. :)