Link
Running Discourse

This site uses Just the Docs, a documentation theme for Jekyll.

Search

\newpage

New Chapter

In the last few days, we have also had a huge increase in other Spam profiles, all Polish, and all fitting such exact patterns that they look like bots to me. I understand the argument that bots can’t click the activation link in an e-mail, but the utter consistency of these looks bot-like to me. In my experience, humans creating multiple accounts invariably have occasional odd discrepancies - inconsistent capitalisation, typos, even clicking the odd post or the welcome message. These do not. Each matches its “type” exactly, and all have read 0 posts and spent less than 1 minute reading. None has a profile picture; all use default system letter. Unfortunately, we have no IP addresses recorded for these, but I would be most interested to know if anybody else recognises these patterns.

In addition to those mentioned above, in the space of three days we had 24 of this pattern:

  • Username is a capitalised first name plus four random letters.
  • E-mail name is a first name which does not match the username
  • E-mail domains: subdomain.securemail.co.pl
  • Name: “Proper” name, correctly capitalised. e.g. Kyle Guido, Raisa Seidensticker, Marcus Haefner. Does not match either username or e-mail.
  • Profile text: URL plus single sentence. English, but has an air of “spun” about it.

(We have since blocked securemail.co.pl, and had no further sign-ups of that pattern, although we’re not sure if blocked e-mail domains work with SSO.)

In the same three days, 27 accounts of this pattern:

  • Username is a capitalised first name plus two random letters.
  • E-mail name is a name (surname?) which does not match the username, plus two digits
  • E-mail domains: 4**.e90.biz
  • Name: “Proper” name, correctly capitalised. e.g. Dennis Balle, Lenny Lyas, Todd Lleras. Does not match either username or e-mail.
  • Profile text (all posted in “About Me”): URL which redirects. Fake “bio” which appears to be created from stock phrases. Last line is generally a proverb, or spun version thereof, with “new” replacing one word. English, but has an air of “spun” about it.

A further 10 accounts for this pattern, over the same period:

  • Username is 9 random lower-case characters plus two digits.
  • E-mail name is short word or name followed by two digits, the first of which is 0. Repeating patterns: e,g. risk01@, risk02@, risk05@
  • E-mail domains: Multiple; mostly lengthy German or Polish.
  • Name: “Proper” name, correctly capitalised. e.g. Maksymilian Sikora, Adrian Wisniewski
  • Profile text: 20 - 23 words, including URL; German nonsense text.

And the latecomer to the party - in the past two days, 17 of these:

  • Username is 5 random lower-case characters plus two digits.
  • E-mail name matches username.
  • E-mail domains: wnmail.top, tpmail.top, xtmail.win
  • Name: “Proper” name, correctly capitalised. e.g. Blandyn Kwoka
  • Profile text: 250 characters, nonsense text with occasional “male sexual health” terms; mixed languages

So that’s over 100 Spam accounts in three days (not counting the handful of “normal” Spam accounts I’ve seen).

So far, thankfully, none of these has posted, but if these are automated or semi-automated accounts, that could get very messy.

As before, I’m interested in these specific patterns of sign-up, and whether anybody else has seen the same or something similar. \newpage

New Chapter

this is test content \newpage

New Chapter

Continuing the discussion from "Chopped" Spam in New User Profiles:

As mentioned in the linked topic, we started to get a lot of accounts with 250-character Spam profiles after we switched to SSO. Six days ago, the language of the Spam, and the associated e-mail addresses, changed to Polish, and since then we’ve had 30 Polish and only one English (with a Polish e-mail address) - 24 of them in the last three days.

In the last few days \newpage

New Chapter

Continuing the discussion from "Chopped" Spam in New User Profiles:

As mentioned in the linked topic, we started to get a lot of accounts with 250-character Spam profiles after we switched to SSO. Six days ago, the language of the Spam, and the associated e-mail addresses, changed to Polish, and since then we’ve had 30 Polish and only one English (with a Polish e-mail address) - 24 of them in the last three days.

\newpage

New Chapter

, we have also had a huge increase in other Spam profiles, all Polish, and all fitting such exact patterns that they look like bots to me. I understand the argument that bots can’t click the activation link in an e-mail, but the utter consistency of these looks bot-like to me. In my experience, humans creating multiple accounts invariably have occasional odd discrepancies - inconsistent capitalisation, typos, even clicking the odd post or the welcome message. These do not. Each matches its “type” exactly, and all have read 0 posts and spent less than 1 minute reading. None has a profile picture; all use default system letter. Unfortunately, we have no IP addresses recorded for these, but I would be most interested to know if anybody else recognises these patterns.

In addition to those mentioned above, in the space of three days we had 24 of this pattern:

  • Username is a capitalised first name plus four random letters.
  • E-mail name is a first name which does not match the username
  • E-mail domains: subdomain.securemail.co.pl
  • Name: “Proper” name, correctly capitalised. e.g. Kyle Guido, Raisa Seidensticker, Marcus Haefner. Does not match either username or e-mail.
  • Profile text: URL plus single sentence. English, but has an air of “spun” about it.

(We have since blocked securemail.co.pl, and had no further sign-ups of that pattern, although we’re not sure if blocked e-mail domains work with SSO.)

In the same three days, 27 accounts of this pattern:

  • Username is a capitalised first name plus two random letters.
  • E-mail name is a name (surname?) which does not match the username, plus two digits
  • E-mail domains: 4**.e90.biz
  • Name: “Proper” name, correctly capitalised. e.g. Dennis Balle, Lenny Lyas, Todd Lleras. Does not match either username or e-mail.
  • Profile text (all posted in “About Me”): URL which redirects. Fake “bio” which appears to be created from stock phrases. Last line is generally a proverb, or spun version thereof, with “new” replacing one word. English, but has an air of “spun” about it.

A further 10 accounts for this pattern, over the same period:

  • Username is 9 random lower-case characters plus two digits.
  • E-mail name is short word or name followed by two digits, the first of which is 0. Repeating patterns: e,g. risk01@, risk02@, risk05@
  • E-mail domains: Multiple; mostly lengthy German or Polish.
  • Name: “Proper” name, correctly capitalised. e.g. Maksymilian Sikora, Adrian Wisniewski
  • Profile text: 20 - 23 words, including URL; German nonsense text.

And the latecomer to the party - in the past two days, 17 of these:

  • Username is 5 random lower-case characters plus two digits.
  • E-mail name matches username.
  • E-mail domains: wnmail.top, tpmail.top, xtmail.win
  • Name: “Proper” name, correctly capitalised. e.g. Blandyn Kwoka
  • Profile text: 250 characters, nonsense text with occasional “male sexual health” terms; mixed languages

So that’s over 100 Spam accounts in three days (not counting the handful of “normal” Spam accounts I’ve seen).

So far, thankfully, none of these has posted, but if these are automated or semi-automated accounts, that could get very messy.

As before, I’m interested in these specific patterns of sign-up, and whether anybody else has seen the same or something similar. \newpage

New Chapter

Want to use Discourse Webhooks to trigger a task via Zapier? Let’s get started!

Zapier requires a trigger and an action. In this howto the trigger will be a Discourse Webhook and the action will be to send an email.

Send an Email on any User event

We will now set up a Zap to send email on any user event (i.e when a user is created, approved or updated). To trigger on a specific user event, see Trigger on a specific user event below.

Create a Discourse Webhook

  • Create a new Discourse Webhook for user event

    We will update the “Payload URL” once the webhook URL is generated in next steps.

Create a new Zap

Look for this button on Zapier dashboard:

Set up Trigger

  • Select Webhook as Trigger. Look for:

  • Choose Trigger

    You want to select “Catch Hook”

  • You can skip “Set up Webhooks by Zapier Hook” step.

    Just press “Continue”.

  • Test Trigger

    Copy the custom webhook URL generated and paste it in “Payload URL” section of Discourse Webhook originally created.

    Now try creating/updating/approving a user on your Discourse instance.

    If you successfully followed all the steps and created/updated/approved a user, you will see a success message on Zapier:

    Clicking on “view your hook” hyperlink will show the parsed data.

Set up Action on Zapier

  • Select Email as Action. Look for:

  • Press “Save + Continue”

  • Set Up Email Template

    Further modify the email template as per your requirement. Note that you can use the + button to add more data parsed via JSON response.

    Now test the action, you should receive an email from Zapier.

Turn on the Zap

That’s it, now you will receive an email for every new user event (i.e when a user is created, approved or updated). :tada:

<h2 id=heading–specific-event>Trigger on a specific user event</h2>

Want to only send emails for a specific user event, perhaps only on account creation, but not on update? Use the “Catch Raw Hook” trigger.

  1. Click “show less common options”

\

  1. Click “Catch Raw Hook”

\

  1. Follow the remaining steps to configure the trigger normally.

Once the trigger is configured, add a filter.

  1. Click “Add a Step”

\

  1. Click “Filter”

\

  1. Click “Save and Continue”
  2. Select “Headers Http X Discourse Event” from the first dropdown.

\

  1. Select “(Text) Exactly matches” from the second dropdown.
  2. Enter the complete header you want to filter for (for example, user_logged_out).
  3. If you want Zapier to run on multiple headers, click “+OR” and add them just like the first.
  4. Click “Test & Continue”
  5. Review the filter test, then click “Continue”

Once the filter is configured, configure your preferred action. \newpage

New Chapter

So, I’ve just launched my site to my patrons. And something that I had enthusiastically promoted to them is the awesome discobot greeting and tutorial. But, for some reason, it doesn’t look like it’s being sent out to my new users.

I’ve disabled email/password login so the only way to log in is with Patreon. I just watched a friend who’s subscribed to my Patreon click the “Sign Up” button, log in with his Patreon credentials, and then get prompted to create a new user on my site. So far, so good.

He did so (changing his name and nickname) and then I was hoping to see the screen darken and for the discobot tutorial to start.

But nothing…

We went to his PM inbox. Nothing there. No “:robot: Greetings!” No PM at all. :frowning:

I checked my Admin settings, and they looked ok:

\

My friend had to go, so I went back to my account and tried to trigger discobot for myself with the discobot “start new user” command in a PM and it launched and ran the tutorial for me just fine (after I realized I needed to add a garbage subject to be able to send the PM).

I even tried the advanced tutorial. Loved that.

But none of my new users signing in with Patreon seem to be getting the tutorial. And it’s already a big ask to for them to give a tutorial a try—trying to convince them to run it themselves by creating their own PM or by replying to a topic when they aren’t familiar with Discourse at all is an even bigger ask. Yet, I really think Discobot is a wonderful introduction to Discourse.

Any idea why Discobot might not be launching the tutorial for my Patreon users when they create a new account? When I created an email/password user in testing last week, the tutorial launched just fine…