What are the basic methods available for Spam control in Flarum?

luceos

gurjyot all requests are throttled to Flarum, unless you use a Master API token, which is for very rare use cases.

gurjyot

luceos Sorry but I couldn't understand what you said. Can you tell about what requests and master key are needed for spam control as I said?

Ralkage

There is a floodgate system within the application itself that can be used/extended when developing extensions. ReFlar utilizes this floodgate for Gamification so that users aren't able to hit the API so much and spam thumbs up or thumbs down up the wazoo (The "Likes" extension can currently be exploited this way and is unfavorable to me, in my own opinion).

Correct me if I'm wrong, @luceos, but isn't there something hard-coded into core to where there is a time limit between posts to prevent spamming? I believe it's 10 seconds between posts.

Edit: Actually, yes, yes there is lol.

gurjyot

Ralkage Can you tell what is floodgate and what restrictions it imposes?

Ralkage

gurjyot To my knowledge, floodgate is used to prevent things such as posting back to back. In its current state, you can only make a post after 10 seconds between each post you make. If you try to reply right after the post you just made, you'll be greeted with a fancy toast message on the bottom left of your screen. Let's test it now, shall we?

Ralkage

As you can see, just right after I replied to you, I wanted to reply again but I was greeted with this fancy message.

I created an issue in the core repo if you want to take a look at it or dig into the discussion at any given time.

flarum/core1302

0E800

Would be cool to have Flarum extension for https://www.stopforumspam.com/

Seems there is an mod for just about every other forum: https://www.stopforumspam.com/mods

API usage: https://www.stopforumspam.com/usage

Other references:
https://github.com/Maikuolan/SFS-Mass-IP-Checker

https://github.com/jgmdev/stopspam

Ralkage

0E800 this is more within the lines of flood management, I think OP was misunderstood.

Kyrne

0E800 User management has SFS built in.

jordanjay29

Ralkage Yes, some interpret 'spam' as multiple posts at the same time. The other definition is unwanted or poor quality posts, generally promoting links or products that have nothing to do with the topic at hand.

To that, look to Askimet.

Ralkage

jordanjay29 Well, they do go hand in hand, but what OP wants as a part 2 does not yet exist. Well, as a setting anyway or extension to limit time between posts/discussions. I still think that this is something that flarum/core should have out-the-box. At least configurable at that.

Askimet just handles the spambot invasion at best, not trollish human behavior ?

gurjyot

@jordanjay29 @Ralkage Basically I am about to start a new forum using Flarum and I want to create multiple user accounts to create a lot of posts and replies at once. Around 4k posts in total and each user will have around 50 posts. So I wanted to know if I can stop all moderation and restrictions for a few days till this much work is done so that we won't have to give time gaps between every post by the same user account.
Finally, when this all is done then I can set back the moderation and restrictions the way they were. Is this possible in Flarum? If so then how?

Sanguine

gurjyot Perhaps write a small script that adds post directly to DB?

luceos

Sanguine

gurjyot

You can safely circumvent the FloodGate using a master token. It's a secure way of running api based (mass) tasks against Flarum.

Ralkage

Kyrne How did I forget this ?

gurjyot

luceos Can you tell how to use master token to circumvent the FloodGate? I also don't know what master token is?

luceos

So you have to create a random string of 40 characters long (this is your master token), add this to your api_keys table in the flarum database using a database administration tool like adminer or phpmyadmin.
During API requests, send a header Authorization with the format Token <token>; userId=<id> where <token> has to be replaced by your master token and <id> has to be replaced by the user you'd like to act on behalf of. Use 1 to act on behalf on the default admin.

Please note that flagrow/flarum-api-client is a primitive implementation of a client able to work with the master token, see https://github.com/flagrow/flarum-api-client.