We're still massively hit with spam. Somehow random channels, sometimes with tracks, are created continously. Usually related to some US carpenter, anyway..
hCaptcha is activated for user registration and sign in (I even fail the captcha sometimes :D)
E-mail must be confirmed before you can sign in
Cloudflare "Bot Fight Mode" is enabled (free plan)
Postgres RLS rules so only authenticated users can create content
None of this worked.
Ideas
One thing we didn't try yet is Cloudflare's Turnstile. It's also slightly annoying, but could be worth a try?
We could also..
add a disclaimer on /explore on what's going on.
require phone (?) 2step verification ufff.
add social auth (supabase supports tons)
check supabase api logs for refererer on the spam content, was it created from our domain, or somewhere else?
There's also the fact that the biggest reason we care about this is the fact that it's visible on /explore. And that it ruins channel search + just fills up the database with spam. Explore could be changed to not show latest channels, but rather newest with +20 tracks, or most recently updated with +x tracks, or?
Edit: Eh, adding social logins won't help as long as we keep email/pass. Which we want to.
We're still massively hit with spam. Somehow random channels, sometimes with tracks, are created continously. Usually related to some US carpenter, anyway..
We tried asking Reddit for help https://www.reddit.com/r/Supabase/comments/1d06zxr/tips_for_fighting_spam/. Let me copy/paste what we've tried to combat the spam so far:
None of this worked.
Ideas
One thing we didn't try yet is Cloudflare's Turnstile. It's also slightly annoying, but could be worth a try?
We could also..
There's also the fact that the biggest reason we care about this is the fact that it's visible on /explore. And that it ruins channel search + just fills up the database with spam. Explore could be changed to not show latest channels, but rather newest with +20 tracks, or most recently updated with +x tracks, or?
Edit: Eh, adding social logins won't help as long as we keep email/pass. Which we want to.