Abuse Mitigation⚓︎
As with any public-facing service, there are several abuse scenarios that Confab administrators must be aware of. This page will outline these scenarios, alongside instructions on how to utilise the built-in mitigation techniques that have been implemented in Confab.
Tip
Regular backups of your Confab instance is recommended to easily recover from various abuse scenarios, as you can simply restore the state of your Confab instance at an earlier point in time. See backup guide for more info.
Content Abuse⚓︎
As with any public-facing service that hosts user-generated content, users may generate content that you do not wish to associate with your website.
The first option for mitigating this risk is keeping Admin comment notifications enabled. If you decide to not use the Manual Moderation Queue, this will ensure that you receive immediate notifications of any new edits/comments, so that you may take action in a timely manner.
If you want to be certain that any content that you do not deem acceptable will not be presented on your website at all, or your website is a high-traffic site where visitors may see unacceptable content before you have a chance to remove it, it is recommended that you enable the Manual Moderation Queue using the backend configuration, where all comments will require Admin approval before becoming publicly visible on the site.
Note
If you have a high traffic site, Confab may not be the right choice for you. See design philosophy.
Custom Usernames⚓︎
Users are able to set custom usernames which replace the default randomly generated username. Admins do not have any moderation functionality for custom usernames beyond banning offending users.
As such, if you prefer, custom usernames can be disabled altogether using the backend configuration.
Resource Abuse⚓︎
Comment Spam⚓︎
To prevent a bad actor from flooding your comments with spam, Confab has features to limit the number of comments that a user can post at one time. Two options are available, depending whether or not you have chosen to use the Manual Moderation Queue.
In this scenario, all new comments will be sent to the Manual Moderation Queue. A maximum limit on the number of comments by each user that can be in the Manual Moderation Queue can be set using the backend configuration.
To limit the number of comments that a user can generate within a given timespan, use the backend configuration to set a comment rate limit.
Email Spam⚓︎
Emails are sent to users for various reasons. To prevent your sending addresses being used for spam, and to prevent your SMTP quota being used up, Confab lets you set limits on the number of emails that can be sent.
To prevent large numbers of login authentication code emails being sent (to email addresses that may not even belong to the user requesting the authentication code), use the backend configuration to set limits on both the maximum number of consecutive auth code emails that can be sent to a single address, and the maximum number of unfulfilled user sign ups (1).
- New account creations where first auth code email has been sent to user, but user has not yet logged in.
Confab also sends reply notifications to users when their own comments receive replies. To prevent this feature being used to generate spam emails, you may choose to turn this feature off, or, implement measures to prevent comment spam, as outlined above.