How To Enable The Spam Filter And Moderate Spam


Fighting spam is a continuous battle. We are constantly putting in effort to improve our tactics and stay ahead of spammers. Here are the 3 main tactics you can apply to your community in the battle against spam:

  1. Spam Filter
  2. Rate Limiting
  3. Registration Approval

 

1. Spam Filter


The Spam Filter protects the community from Spam messages. We make use of Akismet to protect your community from spam. All data sent to Akismet is anonymised. By enabling spam prevention you agree to the Terms of Use of Akismet.


How To Mark A Topic As Spam

  1. Go to ControlContent →  Moderation Overview.
  2. Select one or more topics, and then select ‘Mark as Spam’.
  3. Confirm the action → note: this will ban the authors of the topics immediately.
  4. The topic will now be moved to the spam folder.

How To Mark A Reply As Spam

  1. Go to ControlContent Moderation OverviewOpen a topic.
  2. Find the reply that you want to mark as spam, click ‘Mark As’, and then choose ‘Spam’.
  3. The reply will now be removed from the community.

How To Unmark A Post As Spam

  1. Go to ControlContentSpam.
  2. Select one or more posts (topics/replies) that you want to unmark, then click ‘Mark as not spam’.
  3. The post will now be visible on the community.

How To Clean Up Your Spam Folder

  1. Go to ControlContentSpam.
  2. Select one or more posts (topics/replies) that you want to remove, then click ‘Delete permanently’.
  3. The post will now be visible on the community.

:gear:  Tips, Tricks, and Technical Bits:

  • The spam filter learns as you provide it more information. In particular, we recommend that you frequently check the spam filter in Control and mark posts as ‘not spam’ when the spam filter mistakenly marked as spam (false positives). You should also mark posts as spam when the spam filter misses a genuine spam post (false negative).
     
  • When a post is marked as not spam, this does not trigger ‘new topic’ events in integrations such as Zapier, Salesforce, or Gainsight.
     
  • Members whose posts are marked as spam by the spam filter aren’t automatically banned, in case the filter accidentally marks a valid post. We recommend occasionally checking the spam folder and banning these membersHowever, when you manually mark a member’s post as spam, that member will be automatically banned from the community. Take care not to accidentally ban a legitimate member!
     
  • ​​​​​We sometimes see that users incorrectly are being detected as spammer due to the way they write their posts (e.g. a lot of code and urls), or due to a VPN which they use that our spam detection knows is often being used for spam. This can be prevented by not using such a VPN provider, or by giving the user the a custom user role with ‘Exclude from spam checker’ enabled, or the primary role “Super user” (which automatically excludes them from the spam check).

 

2. Rate Limiting


Rate limiting applies when specific users or actions exceed a defined limit. We've developed the following rate limits:

  • Post Topic limit on userid: New users, younger than 10 days, can only post 3 topics per day (measured per userid)
  • Post Topic limit on IP: post from different users on the same IP is limited to 3 accounts per IP within 10 days
  • Limit on failed registration: visitors from one ip might not do more than 5 tries per hour to register a user
  • Limit on failed login: visitors from one ip might not do more than 5 tries per hour to login a user
  • Limit on password request: visitors from one ip might not do more than 5 tries per hour to request a new password

Rate limiting is enabled on all communities by default. If you would like to disable it, please send Support an email.

 

3. Registration Approval


‘New user registration approval’ allows moderators to approve new user registrations. When this feature is enabled a moderator must approve or deny a registration before the user can post content on the community.

How to enable moderator approval for new registrations:

  1. Go to Control Settings Registration Rules
  2. Enable ‘Registration approvals’
  3. Hit save changes, and you're done!

New community users will see a “Membership requires approval from moderator” message when they activated their account. At this stage the user is part of the community but he/she can’t create topics or reply yet.

Moderators need to approve a registration before the user can create content.

How to approve new registrations (simple 3 step process):

  1. Go to Control Users Users Overview
  2. Filter on user role: 'Waiting for moderator approval'
  3. Open a user profile page and click 'Approve registration'

Upon approval the user will receive an email that his registration is approved, at this stage he/she can create topics and reply.


19 replies

Hi all,

We’ve just finished cleaning up massive amounts of spam on our Community. We used the mark as spam button for this, but we’d like to know if there is anything we can do that prevents the spam instead of cleaning it up afterwards?

The topics especially pop up in the evening, so we aren’t there to ban the users when they start, which results in an immense amount of spam to be cleaned up in the morning. Additionally, our Superusers (and other customers) are getting quite irritated by all the spam, because they can’t really locate the topics that are from actual customers.

Would something like a Captcha log-in on the platform help with this?

 

Here is a screenshot of a page of marked spam:

 

Userlevel 2
Badge +3

Hi Brian,

sorry to hear that you are facing this issue at the moment, of course I get that this has a negative impact on the general user experience. Especially if this happens outside of office hours and in large quantities it becomes quite annoying.

So as soon as you hit the [mark as spam] button the system should learn how this content is differing from other, regular content on the community. In this specific example I could imagine that topic titles which contain “[1080p]” or “[2020]” will automatically put in quarantine and not be published, as this is something that regularly is not put into the title of a topic on your community. So let’s hope that by this the system will learn and prevent future (similar) spam to be published.

About detecting spammers early:

We also have thought about securing registration or login via a captcha-code, however this has a few downsides: Regular users will be hindered by this, which could result in people not registering. Next to that, non-robotic spam (which most of nowadays spam on our communities is really) will not be stopped by this as the spammer will easiliy tick that box. Also, it is a third-party tool and that would mean we/you would have to include it in e.g. terms & conditions etc.

What we have done is we have implemented something to detect automatic spammers in a different way so that they are not making it to the community in most of the cases: A hidden checkbox (dynamic honeypot) which spambots will use and automatically prevent those from registering. Hence in our view a captcha is not necessarily the best solution or necessary in our opinion.

What I would like to know: Do you see a specific pattern in the email addresses these spammer use? Maybe they all come from a certain (unusual) email provider, or from a domain of a certain country (e.g. “.ru”)? If this is the case, we could also look into blocking these specifically on your community. During the registration our spam protection checks with a list of known spam accounts anyways, however possibly such an individual blacklist could help you keeping them out in the future as well.

Hi Julian,

Thank you for the detailed response. We checked the e-mail addresses but they are all over the place from different sources and domains (private domains, Gmail, etc.) so it might be a botnet type thing. If it continues we’ll button down the hatches for now with manual approval until it stops. 

There seems to be another issue of certain users, including two of our superusers, being banned or losing their ‘role’ as well. I don't know if this related to maybe the anti-spam measures? We've forwarded the accounts to your colleague Tom by e-mail just in case.

Userlevel 2
Badge +3

Thanks for the swift reply. Yeah, if they are registering from gmail or other domains it is tricky, hopefully you will not have to use more drastic measurements to prevent this from happening in the future.

Usually (as described in the starting post of this article) users with the role “Super user” should be excluded from the spam detection, however it could be that some action has triggered the system to cause this. As far as I know Tom is already investigating, I hope this will be resolved quickly!

Userlevel 1
Badge

We’ve had two other bits of feedback to improve this spam mechanic:

 

  1. Links: prevent/flag any ‘newbie’ rank links in content. once they progress to a more regular (trusted) rank, allow users to post links more easily. We’d need some domains whitelisted though. 
  2. As an alternative: allows a certain rank (super users) to ‘hide’ anything they think is suspicious, as part of that flagging. So the potentially malicious link is not public for the time it takes for the ‘flagged’ folder to be looked at. 

 

Thoughts on these? Shall I raise as an idea?

 

 

Badge

@timcavey I believe the second bullet point might be covered by this idea:

The idea basically is: If multiple users flag the same content, it automatically gets quarantined until it was reviewed.

Userlevel 1
Badge

Nice one, @bjoern_schulze that’s cool feature that is just as good. :sunglasses:

Hi @Jeanie Lee follow up question here – is there a “remove as ham” feature on InSided? For instance, if something is in the spam filter, and we want it to stay removed, but it isn’t technically spam and we don’t want to train the filter / ban the user. 

 

(pinging you because I saw you suggested someone else do so about this topic, hope that’s okay!)

Badge +1

Hi @cris! We don’t have a single feature to achieve this, but can be achieved with a few quick steps.

If a post was marked as spam, but it isn’t spam and the author should not be banned for it, then the post can be unmarked as spam and then it can be ‘trashed’. In this way, the post will not be visible on the community, and can be found later/retrieved from the Trash can, if needed. 
You would need then to manually ‘unban’ the user (on their profile page). 

Hope this helps! 

 

Userlevel 2
Badge +3

Just for completion: The “Trash” button sits under each post within a thread. If you trash a post, it will be greyed out in the thread in Control (so you can still see it from there) but of course will be hidden in the frontend.

You can also trash entire topics. They will be moved to a seperate trash bin (you can find that in the moderation overview menu). From there you can also fully delete content.

Thanks @Julian and @Cristina. It’s a bit clunkier than preferred (assuming I’m doing it right). Can definitely deal with it, but if I’m understanding, these would be the steps:

  • Need to make sure to open the user’s profile in a new tab before hitting “not spam” 
  • Once marking not spam, finding the topic in the user’s profile (as it disappears from view on spam queue). 
  • If a comment, scrolling through the topic to find it, then hitting trash. 

I’m sure we might find a more efficient way to do this as we get a better handle on the tools.

Userlevel 2
Badge +3

Yes, that seems to me as the correct order of steps to follow.

Usually this does not happen as often, at least it should not happen that often. I think I do this maybe once in a quarter, if even... So you should keep an eye on it for now and if it keeps happening, we should properly investigate this with our support team.

It could be that, due to the context of your community, potentially suspicious keywords (e.g. money) could result in a higher chance of false positives. But this is merely speculation at this point.

Aha makes sense. We might have just gotten unlucky on our first day, with a comment in our longest discussion. Thanks Julian!

Userlevel 3

What happens when a registration is blocked by the spam filter?  Where does it go?

How do I find it to approve it?

This is through the registration page, I also tried to invite him through imported contacts and he didn’t even get the email. And I received no notifications of spam or failure.

Badge

Hi @juan.delrio , I’m Blastoise186, a forum volunteer elsewhere and a bit of a prankster over here!

From memory, if a registration is blocked by the spam filter, it is completely banned and doesn’t show up anywhere. The user you’re trying to invite may need to use a different email address for now to get into the community and then have them change it to their preferred one later.

Badge +1

Hi @juan.delrio! The spam checks during the registration process are automatic verifications of the submitted emails address and the IP used during the registration. If the emails seems to be invalid or the IP is one flagged for spam activity, the registration will be stopped. We are aware that false positives can happen, so my recommendation would be to reach out to our support team and ask for their assistance.

If the email address is the culprit. and you are certain it is a working inbox, they could add it to the allow list and the user can retry the registration. If the IP is suspicious, the only thing we can advice is for the user to retry using a safe network and avoid public VPNs. Hope this helps! 

Userlevel 3
Badge +1

User posted to our community and it went as a spam. User got this message:

Your post has been submitted. It will be published after a review by our moderators.

 

Where to translate this message to Finnish? I cant find it from phrases.

Userlevel 2
Badge +3

Good question!

I was able to locate this phrase for you, please add it manually (via [Customization] -> [Phrases], just for the record):

Module Forum

 

Key spam_moderation.reviewbymoderator.message
Userlevel 3
Badge +1

Good question!

I was able to locate this phrase for you, please add it manually (via [Customization] -> [Phrases], just for the record):

Module Forum

 

Key spam_moderation.reviewbymoderator.message

Thanks @Julian 👍

Reply