Skip to content

Passive and active anti spam and abuse mechanisms

The issue in #1476 (closed) brought this up, but the idea is more general, so I'm making this new issue to deal with it.

Background

Pleroma is quick to install and efficient, but that also makes it easy to misuse it for spam or other kind of abuse. The problem is twofold:

  1. An instance can be abused for spam because of lacking security mechanisms for registering and posting
  2. An instance can be overwhelmed by spam because it just accepts it all.

Here are a few ideas how to deal with this. Please add to them with things you can come up with.

Active spam protection

  • Use a captcha by default. This has been done in the most recent release.
  • During installation, suggest to enable email confirmation if the admin has an email server
  • Rate limit posting / registrations. I'm not sure about the state of this.
  • Have some special rate limits for new users.

Passive spam protection

  • Have a rate limit of posts per remote user
  • Have a rate limit per instance
Edited by lain