Hi everyone,
I am seeking advice on dealing with persistent automated spam on my Flarum instance. Despite having specific security measures in place, bots are still able to submit content.
The Facts:
FoF Filter: I have configured a set of keyword and regex rules. These rules are working correctly; when a post matches a blocked keyword, it is intercepted as expected.
Cloudflare Turnstile: This is enabled on the forum (via plugin), but it is not stopping these automated posts. The bots are successfully navigating the registration/posting flow.
Spam Characteristics: The spam consists of repetitive advertisements for "QQ groups" and "escort services" (e.g., QQ群175588685 出售全国各个城市...). These are clearly automated.
My Questions:
Why would Cloudflare Turnstile fail to prevent these automated submissions while the keyword filter remains the only line of defense that actually catches them?
Beyond manually updating a blacklist of keywords in FoF Filter, are there more efficient or structural methods within the Flarum ecosystem to prevent these bots from successfully posting?
Are there known configurations or common oversights that render Turnstile ineffective against this type of automated content?
I am looking for a more sustainable way to manage this than constantly expanding my keyword list. Thank you for any insights.
