We are a community built on Flarum, and in recent weeks, we have been inundated with aggressive spam from a user on FreeFlarum. We have documented several instances with screenshots and attempted to reach out to FreeFlarum, but unfortunately, we have not received any response. How should we proceed from here?
Dealing with Persistent Spam Issues on Our Flarum Community
Kovsky https://discuss.flarum.org/d/33698-friendsofflarum-anti-spam might be a good option.
treyb That is good, but not enough. He will continue to register, act properly for a while, then just write the spam message differently, until someone from FreeFlarum stops him. I don't understand why FreeFlarum does nothing against this kind of behavior. This is not an isolated incident by someone who doesn't know what can and cannot publish, it's someone who has no respect for other people's work and just spams their URLs anywhere they can. This has been going on for weeks now.
Kovsky hello. This is not a FreeFlarum support platform. Please visit https://support.freeflarum.com/ to get in touch with their team. There are several ways to handle spam in Flarum. If it's an individual targeting you it will be hard to catch that automatically though.
Kovsky as mentioned we cannot speak for FreeFlarum - this is a separate project not run by Flarum. If you are unhappy with their services they offer an export, and you can always choose to host Flarum yourself so you have total control over your environment. Requirements to host Flarum are minimal.
Turnstile (IanM) can fix that but I'm not sure you can use it with FreeFlarum.
- Edited
First of all, I'm sorry to hear you're dealing with spam. Sadly, once you attract enough visitors, you also become a target of automated and manual spam actors. We're well known with this issue and a few extensions exist that help fight it (https://extiverse.com/?filter%5Bq%5D=spam).
However a human spam actor is something else entirely. What I've noticed works best is to carefully compare their behavior and create logic that identifies potential shadow accounts. As this usually requires looking at different information, like email, username, ip addresses/country and post content; once a pattern is identified one could create some code to flag anything that implies a shadow account. This process requires dedication, perseverance, but especially it requires access to the database and possibly the extend.php of your local install (but not necessarily).
As for contacting @SKevo make sure you send an email to info@freeflarum.com if you hadn't already. As far as I know that's the communication channel of preference for these kind of pressing matters.
I hope you can get this nuisance under control.
- Edited
Hello,
I apologize for the inconvenience. I have actually sent an e-mail response on 8th May (the same day you have sent your original e-mail), but it is possible that it didn't reach your mailbox (or landed in spam?). In any case, I am writing a response here now so that it reaches you:
As far as I know, your forum is not hosted at FreeFlarum, but you have issues with people that register an account and spam a link to a forum hosted at FreeFlarum. First, please understand that FreeFlarum is not responsible for the behaviour of its users outside of the platform, and that these kind of spam issues are problem for many forums on the internet nowadays. It's not tied to FreeFlarum only. Therefore, I strongly recommend that you employ as much anti-spam mechanisms as possible to combat a wide variety of spam tactics, like others in this discussion have suggested.
As for the forum that is being spammed, I have removed it from our platform now - if it indeed holds any value (judging from the content that is currently present over there, the forum is just a spam farm), the forum administrator can reach out to us and we will bring it back online under the condition that the spam messages stop. But please note that this does not mean that the individual can not create a new forum under a different name, or even move to a different hosting - or simply keep spamming other things. It is still very important to strengthen your anti-spam protection as soon as possible.
luceos Thank you. We are indeed trying to pay attention to all those patterns and block them, but there are always other disposable emails (even if we use the extension for those), other patterns, and so on. Usually, the best approach is to make them understand that they will be shut down if they continue. This type of behavior should not be encouraged.
SKevo Hello, thank you. We are indeed not hosted on FreeFlarum. We are paying, and not a little, for our hosting plan. We invest a lot of time and resources in this project, so we appreciate your help and understanding! We completely understand the situation. Usually, these issues stop once the spammers realize they won't be able to keep their website if they continue spamming. They are indeed a spam farm, doing this not only on our website, and they are usually not willing to pay for a hosting plan. And even so, many hosting companies have anti-spam policies and may take action against the website sending the spam.
Maybe as a general overview, a post we made a while back on tackling spam problems in Flarum (https://discuss.flarum.org/d/29126-community-updates-092021). But I assume that you have that in place already. Besides that, GEO-locking and a strong moderator staff is the best option.
GreXXL Thank you! Yes, we actually have various measures in place and have tried different approaches. GEO-locking could work, but only up to a point, it has become quite easy for almost anyone to mask their IP address nowadays. We also have moderators, but there might be times when, for about an hour or so, everyone is offline for some reason. The best approach in these cases, when they don't care and just continue to spam, is to take their website down and make them understand that this behavior is not permitted in any way and won't get them anywhere.
- Edited
Kovsky The best approach in these cases, when they don't care and just continue to spam, is to take their website down
So, a user spams your community with a url to another community, and you want that other community taken down? To be honest, you have zero proof this user is even affiliated to that other community.
My advice, fight the battle on your battlefield not somewhere else. This also means trying to identify the patterns of that user to try to block them. If all else fails you can implement first post approval (extension) or even a user approval system.
Kovsky if it's newly created user Spamblock will allow you to put the first post including links into the moderation queue so they get never seen by the forum members even though no moderator is online at the time. This proves to be very effective. Currently not possible - but a future idea could be to make users able to flag posts as spam and put them back into a moderation queue.
luceos We already have first post approval in place. It takes nothing to post a few good messages, get approved, wait until there are no staff members online, and then start spamming his website in every discussion. What would you do if someone began posting their URL in 50 different discussions, created other profiles with the website in the username, and followed users to get them notified with the website name? These are just a few of the things that have happened. We can stop some of these actions, but there is almost always a workaround. At this point, since there isn't a community on the other side, but just a user trying to build one by spamming, I don't think we need more proof. Want to build a community? Fine, create quality content, get backlinked, put in the hard work, but don't come and spam your site elsewhere, disturbing our users. As long as they know that the platform allows this kind of behavior, they will always try to find a workaround. At some point, when these things happen and they continue, they need to be taken down. We've been dealing with problems from this guy for weeks.
GreXXL It could be a good idea, but the problem might arise if some users create other accounts just to penalize others by flagging their content and putting it back into the moderation queue. It might work better if this option is available only to users with a certain level of experience, rank, or something similar.
- Edited
Kovsky What would you do
Considering what you just wrote. I would create an extension that would keep track of links in usernames, bios and posts. Then based of that create a link approval extension, or even completely disallow certain links/domains including link forwarders and shorteners.
Once they found a way around that we can work against the next round of spam. Eventually they will give up. Trust me.
Let me know if you need any help with this, my discord and email is open.
I'm currently putting together a list of things to create extensions for - I think that spam related stuff has to be up there in the priorities. Just some random thoughts here so apologies for rambling a bit.
I have a site that is running on xenforo at the moment, and I've got it set up so that new users go into a "registering" group where they are only allowed to post an intro in one part of the forum - I guess that would be a flarum "tag" - someone has to "like" that post, and when that happens they get put into a group that is allowed to post on the rest of the forum. It's quite easy for us to spot which ones are legit as they will usually give a bit of an intro about themselves or at least something to indicate they are an actual person and interested in our community. I guess in this instance that wouldn't work, if people are making legit posts before going into spam mode though? It seems a bit odd someone going to all that effort to spam.
I think there may be an opportunity on the other side too, for a site that allows people to create their own forums - they should not be allowed to create spam farms so if there was some sort of automation to catch these that might help too.
And I'm not sure what the tools in Flarum are like, in the core or if there are any existing extensions related to spam clean up? Currently I have a "spam" button which does a heap of cleanup really easily - click "spam" on a user, choose options, confirm. Options are
- Delete spammer's threads
- Delete spammer's messages
- Delete conversations by spammer
- Ban spammer
- Check spammer's IPs
The last one will see if any other users have used the same ip and give you an option to "spam clean" those users also.
Something like this would at least reduce the pain for when a spammer manages to slip through the system.
luceos They have been notified by FreeFlarum, so for now, the spam has stopped. Once they understand that building a community is not just about creating it with a free platform and spamming their empty forum around expecting people to register and create content for them, they lose enthusiasm. All I wanted was to have them notified that the platform doesn't allow this behavior. I understand and agree that implementing those filters might be a solution, but just partial. Some spammers won't stop, they'll just change tactics, coming back the next day to post images of the URL or something else. They will continue to think that the only thing standing between them and their success are the filters. They will eventually understand that this is not the case, but it will take a while. Meanwhile, the price will be paid by the users who will be disturbed by these negative episodes, which is just a bad experience for our community. Additionally, implementing too many filters risks penalizing some regular users. Thank you, and yes, if we need any help as we consider other filters, we will definitely contact you.
adrianm All of those might be good, and Flarum has something similar. These measures will definitely reduce the problem and are worth implementing. However, once the spammers understand the filters, they usually find workarounds. Some might actually create profiles, post content, and behave like proper users for a few days, only to start spamming once they find the right opportunity. And yes, I agree it's insane. In those cases, a bit of cooperation from the platforms or hosting services is pretty useful. I also agree that some sort of automation to catch these spammers directly on the site that allows them to create their own forums would be great. I don't think these activities are beneficial to them either, so it would be worth trying to put them on the right path as soon as possible.