With the platform's 1.1 release scheduled for next Sunday we're excited to share another set of
improvements and QoL changes that will be added in the next update.
Enhanced Spam Protection
Anyone who's been on the internet for some time knows that it is filled with bots and malicious users. forumify 1.1
adds several new spam protection features.
Google reCAPTCHA configuration
So far our first line of defense on the login and registration pages was Google reCAPTCHA. In forumify 1.1 we will
allow admins to configure the sensitivity of recaptcha by providing a value between 0 and 1. reCAPTCHA always sends
back a value "how likely someone is to be human". Pre-1.1, this value was hardcoded to 0.8, which
we found to be a good balance. Now we put that responsibility with site admins to lower it and accept more bot
traffic at reduced false positives, or vice versa, stricter rules with more chance of false positives.
Cloudflare Turnstile
It's always nice to have options. Cloudflare Turnstile is another captcha service that has been gaining popularity in
recent years, and I'm sure you've come across this box in the past. Turnstile offers a similar experience to
reCAPTCHA. You can enable it instead of reCAPTCHA, or run both at the same time! (although we don't recommend the
latter 😀)
Rate Limiting
The final cherry on the cake for the spam protection features is rate limiting. On forumify 1.0, if a malicious user
were to get in, there's no way to stop them from posting hundreds of comments and spamming all of your users in the
blink of an eye. Causing a massive headache and big cleanup operation by your admin team. Rate limiting will slow
down attacks to a crawl. We've currently set default values that we think are appropriate for most communities, but
for self-hosted communities these values can be overwritten. Super admins are also excluded from any rate limits.
Messages: max 3 every 10 seconds
Forum comments (and topics): max 3 every
10 seconds
Self-Hosted instances can change this values by creating a "rate_limiter.yaml" configuration:
Custom spam protection services can now be created and added to the platform by creating a class that implements
SpamProtectionServiceInterface. You can take a look at TurnstileService or
RecaptchaService for more information.
Closing Words
With these changes, it's always a challenge to find a good balance between not interrupting our real users, while
making it hell for bots to get in. With the rising threat of AI and more advanced bots than ever before, we realize
it's an uphill battle, and even platforms with huge mega corporations behind them struggle with keeping unwanted
traffic out. We hope these features can help, and with some additional moderation tools we can keep our forums
thriving with human interactions 😉
Hi all!
With the platform's 1.1 release scheduled for next Sunday we're excited to share another set of improvements and QoL changes that will be added in the next update.
Enhanced Spam Protection
Anyone who's been on the internet for some time knows that it is filled with bots and malicious users. forumify 1.1 adds several new spam protection features.
Google reCAPTCHA configuration
So far our first line of defense on the login and registration pages was Google reCAPTCHA. In forumify 1.1 we will allow admins to configure the sensitivity of recaptcha by providing a value between 0 and 1. reCAPTCHA always sends back a value "how likely someone is to be human". Pre-1.1, this value was hardcoded to 0.8, which we found to be a good balance. Now we put that responsibility with site admins to lower it and accept more bot traffic at reduced false positives, or vice versa, stricter rules with more chance of false positives.
Cloudflare Turnstile
It's always nice to have options. Cloudflare Turnstile is another captcha service that has been gaining popularity in recent years, and I'm sure you've come across this box in the past. Turnstile offers a similar experience to reCAPTCHA. You can enable it instead of reCAPTCHA, or run both at the same time! (although we don't recommend the latter 😀)
Rate Limiting
The final cherry on the cake for the spam protection features is rate limiting. On forumify 1.0, if a malicious user were to get in, there's no way to stop them from posting hundreds of comments and spamming all of your users in the blink of an eye. Causing a massive headache and big cleanup operation by your admin team. Rate limiting will slow down attacks to a crawl. We've currently set default values that we think are appropriate for most communities, but for self-hosted communities these values can be overwritten. Super admins are also excluded from any rate limits.
Self-Hosted instances can change this values by creating a "rate_limiter.yaml" configuration:
framework:
rate_limiter:
forumify.message:
policy: 'sliding_window'
limit: 3
interval: '10 seconds'
forumify.comment:
policy: 'sliding_window'
limit: 3
interval: '10 seconds'
Plugin Developer Notes
Custom spam protection services can now be created and added to the platform by creating a class that implements SpamProtectionServiceInterface. You can take a look at TurnstileService or RecaptchaService for more information.
Closing Words
With these changes, it's always a challenge to find a good balance between not interrupting our real users, while making it hell for bots to get in. With the rising threat of AI and more advanced bots than ever before, we realize it's an uphill battle, and even platforms with huge mega corporations behind them struggle with keeping unwanted traffic out. We hope these features can help, and with some additional moderation tools we can keep our forums thriving with human interactions 😉