Hold all posts for approval

[frozenpandaman]

Is there a way to make posts not show up until they get manually approved by an admin/mod?

[ctrlcctrlv]

no

[frozenpandaman]

Dang. CAPTCHAs (hand-rolled or recaptcha) aren't preventing spam of porn/viruses being posted with high frequency, and I need to find a way to curb it that doesn't require someone to be present at their computer 24/7 to watch for it. Any suggestions?

[chanadmins]

Dang. CAPTCHAs (hand-rolled or recaptcha) aren't preventing spam of porn/viruses being posted with high frequency, and I need to find a way to curb it that doesn't require someone to be present at their computer 24/7 to watch for it. Any suggestions?

If you have local chan, allow all IPs from your country and block everything else in htaccess.

[frozenpandaman]

@chanadmins It's not local – posters from at least 6 countries (quick manual tally of a few recent posts) use the board. Spam so far has come from IPs in eight different countries, including some that overlap with countries where legitimate users are from.

[RealAngeleno]

let me know if the ip addresses are coming from vpns, tor, or something else.

Is it from the known CSAM bot? I did think about the idea of a system similar to MediaWiki's QuestyCaptcha, as that works to stop 100% of all uncustomized spam, but obviously, it won't do you any good against customized spam.

[virtuelles]

I'm using DNSBL settings to block ads and malicious attacks. However, this requires the attacker's IP to be registered on the DNSBL server in order to be blocked.

[frozenpandaman]

@RealAngeleno Just went through the bans and checked. None are from Tor, but all are using VPNs/proxies according to https://ip.teoh.io/vpn-detection. https://www.ipqualityscore.com/tor-ip-address-check/ has all of them rated in the 96–99 range, "abusive IP". I'm sure the spam is automated.

QuestyCaptcha integration is a great idea; even if it feels repetitive to users, requiring posters to enter a simple word would prevent most automated spam, I'd imagine. I could probably hardcode this in tonight and see if I can get a basic/naïve implementation working.

@virtuelles Thanks for the suggestion! I could also look into denying site traffic via an .https file, since I figure a lot of those IPs are flagged in public lists. Could you let me know how you set this up?

[virtuelles]

The settings I'm using are just

$config['dnsbl'][] = array('all.s5h.net');

The reason for confirming their effectiveness is that they previously blocked me as well, LAMO.
Additionally, are the tor.dnsbl.sectoor.de, bl.spamcannibal.org, dnsbl.dronebl.org, and dnsbl.httpbl.org provided by the wiki still useful? I encountered connection failures when testing them.

[frozenpandaman]

@virtuelles Ah, I didn't realize that was a built-in config option – so simple! Thank you. Reading https://github.com/vichan-devel/vichan/wiki/config, though, I'm not sure if I exactly understand the second item in the array, e.g. the 4 in the default $config['dnsbl'][] = array('rbl.efnetrbl.org', 4); line.

[frozenpandaman]

@RealAngeleno I've tried both above options (DNSBL and manually banning a ton of IPs using .htaccess deny rules) and the CSAM/porn spam is still happening. Would you or anyone else have a solution here? I think the QuestyCaptcha is the best idea, if there's no way to hold posts for auto-approval; let me know if there's already been code written to integrate something like that.

[MtnXfreeride]

Is there a way to make posts not show up until they get manually approved by an admin/mod?

This is a crucial feature the community needs IMO and the reason I stopped hosting a chan. My dream setup is email notification of a new post along with the ability to hold all posts for moderation by time of day (like the hours I am typically asleep). Seems like most chan sites are run by a single person so moderating assistance is important.