New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hold all posts for approval #646
Comments
no |
Dang. CAPTCHAs (hand-rolled or recaptcha) aren't preventing spam of porn/viruses being posted with high frequency, and I need to find a way to curb it that doesn't require someone to be present at their computer 24/7 to watch for it. Any suggestions? |
If you have local chan, allow all IPs from your country and block everything else in htaccess. |
@chanadmins It's not local – posters from at least 6 countries (quick manual tally of a few recent posts) use the board. Spam so far has come from IPs in eight different countries, including some that overlap with countries where legitimate users are from. |
let me know if the ip addresses are coming from vpns, tor, or something else. Is it from the known CSAM bot? I did think about the idea of a system similar to MediaWiki's QuestyCaptcha, as that works to stop 100% of all uncustomized spam, but obviously, it won't do you any good against customized spam. |
I'm using DNSBL settings to block ads and malicious attacks. However, this requires the attacker's IP to be registered on the DNSBL server in order to be blocked. |
@RealAngeleno Just went through the bans and checked. None are from Tor, but all are using VPNs/proxies according to https://ip.teoh.io/vpn-detection. https://www.ipqualityscore.com/tor-ip-address-check/ has all of them rated in the 96–99 range, "abusive IP". I'm sure the spam is automated. QuestyCaptcha integration is a great idea; even if it feels repetitive to users, requiring posters to enter a simple word would prevent most automated spam, I'd imagine. I could probably hardcode this in tonight and see if I can get a basic/naïve implementation working. @virtuelles Thanks for the suggestion! I could also look into denying site traffic via an .https file, since I figure a lot of those IPs are flagged in public lists. Could you let me know how you set this up? |
The settings I'm using are just $config['dnsbl'][] = array('all.s5h.net'); The reason for confirming their effectiveness is that they previously blocked me as well, LAMO. |
@virtuelles Ah, I didn't realize that was a built-in config option – so simple! Thank you. Reading https://github.com/vichan-devel/vichan/wiki/config, though, I'm not sure if I exactly understand the second item in the array, e.g. the |
@RealAngeleno I've tried both above options (DNSBL and manually banning a ton of IPs using .htaccess deny rules) and the CSAM/porn spam is still happening. Would you or anyone else have a solution here? I think the QuestyCaptcha is the best idea, if there's no way to hold posts for auto-approval; let me know if there's already been code written to integrate something like that. |
This is a crucial feature the community needs IMO and the reason I stopped hosting a chan. My dream setup is email notification of a new post along with the ability to hold all posts for moderation by time of day (like the hours I am typically asleep). Seems like most chan sites are run by a single person so moderating assistance is important. |
Is there a way to make posts not show up until they get manually approved by an admin/mod?
The text was updated successfully, but these errors were encountered: