Open umputun opened 5 years ago
atolia
commented
5 years ago i've lot of spam fighting experience and only one thing work for sure - it's phone checking by SMS or call. It will be great to have integration with some SMS providers i think...
Reeywhaar
commented
5 years ago We have hone ypot actually. On the server side, I think, some tracking of IP adresses, either homebrew or third party can be useful. Fail2ban?
bronislav
commented
5 years ago I don't think that SMS verification is suitable solution.
svengeance
commented
3 years ago @umputun Why the strong feelings against support for captcha services? It would make someone like me supporting anonymous authentication feel a bit better about the authenticity of comments.
paskal
commented
1 year ago Nobody has reported such issues yet. JetBrains has a big user base for their comments and has email auth enabled in their Remark42 comments, but I have yet to hear about spam problems from them.
I guess this issue waits for the first real-life spam report to see what we should improve. Unless there are objections, I'll remove the "help wanted" tag as this issue is not that clear for someone without any context to help on it.
dmitry-do
commented
6 months ago @paskal Just stumbled upon this comment :) We maintain a large list of RESTRICTED_WORDS which includes 1) updating the list when a new spam comment appear 2) diagnosing an issue when a non-spam comment cannot be posted (because a phrase contains a restricted word).
So an ability to use reCAPTHCA might come in handy.
Practically, in default mode (anonymous access disabled) I have not seen a significant amount of spam on any system hosting remark42. However, with anonymous access and (maybe) email auth (work in progress) it can be worse. I don't think we should spend too much effort fighting theoretical possibilities but if something can be done preventively with minimal efforts I'd like to have it in.
As far as I understand all of this is frontend only. For the backend, we should consider something (no clue what exactly) too. I don't want captcha of any kind and also prefer not to use any paid third-party services like Akismet. Any ideas?