Passive and active anti spam and abuse mechanisms
The issue in #1476 (closed) brought this up, but the idea is more general, so I'm making this new issue to deal with it.
Pleroma is quick to install and efficient, but that also makes it easy to misuse it for spam or other kind of abuse. The problem is twofold:
- An instance can be abused for spam because of lacking security mechanisms for registering and posting
- An instance can be overwhelmed by spam because it just accepts it all.
Here are a few ideas how to deal with this. Please add to them with things you can come up with.
Active spam protection
Use a captcha by default. This has been done in the most recent release.
During installation, suggest to enable email confirmation if the admin has an email server
Rate limit posting / registrations. I'm not sure about the state of this.
Have some special rate limits for new users.
Passive spam protection
Have a rate limit of posts per remote user
Have a rate limit per instance