Require at least 1 active anti-spam plugin or disclaimer checkbox to open registration

[mrclay]

In addition to #5871, I think we should more directly warn site admins that open reg comes with the responsibility to fight spam.

Aside: I see new site owners dealing with this without initial guidance and it seems like a terrible first impression to give them. We should be able to direct them to the essential spam plugins, and maybe consider bringing them into core.

[iionly]

"Requirement" might not fit in any case. Just think of Intranet solutions. "Suggestion" might be better. Maybe a bundled Anti-spam plugin would be useful in any case to make sure all necessary features of such a plugin are working. As I understand the Spam filter plugin as available on the community site is currently not fully working (while a newer version of it is available on github). It would be quite annoying for a user to get suggested to use a plugin when it turns out to fail preventing spam as expected. Maybe a combination of the currently best anti-spam plugins into a bundled anti-spam plugin would be interesting, too. E.g. combine spam throttle, spam login filter and maybe honepot and other plugin's features into one.

[sembrestels]

Honey pots are great but they only work when they are not standard. The same happens with much anti-spam plugins: once they become popular, spam bots become clever enough to penetrate over them.

If we want to provide a bundled anti-spam solution, or almost recommend it, it should be an IP/email blocker. We should download IPs and emails from http://www.stopforumspam.com/ and block them. At the same time we should provide an "I'ts spam" button to send IP and email to the stopforumspam database.

[ewinslow]

Any cooperation with Third Party services needs to happen in a plugin. We dont want to bake dependency on a separate service into core.

But otherwise yes I still agree with this plugin.

How do we determine if a spam plugin is enabled? Just look for category "spam" and/or "anti-spam?"

[iionly]

It's been a while since this discussion was started and still unresolved.

"Requirement" of an anti-spam plugin during installation seems too much (intranet sites won't need it, private sites with registration turned off won't need it). Adding functionality directly to core seems not a choice (especially if 3rd party service involved). An anti-spam plugin with a 3rd party service might not yet be usable during installation (api key required, admin has not yet registered for the service, or the admin wants to use an alternative plugin/service).

How about adding an anti-spam plugin (Spam Login Filter? Or other suggestions...) like it is done for example with the "Login As" plugin as composer requirement? It does not need to be active by default but it would help especially people new to Elgg to have it already included in a basic Elgg installation.

It could be a new "Feature" for Elgg 2.3 to have an anti-spam plugin bundled.

[iionly]

It's been a while since this discussion was started and still unresolved.

"Requirement" of an anti-spam plugin during installation seems too much (intranet sites won't need it, private sites with registration turned off won't need it). Adding functionality directly to core seems not a choice (especially if 3rd party service involved). An anti-spam plugin with a 3rd party service might not yet be usable during installation (api key required, admin has not yet registered for the service, or the admin wants to use an alternative plugin/service).

How about adding an anti-spam plugin (Spam Login Filter? Or other suggestions...) like it is done for example with the "Login As" plugin as composer requirement? It does not need to be active by default but it would help especially people new to Elgg to have it already included in a basic Elgg installation.

It could be a new "Feature" for Elgg 2.3 to have an anti-spam plugin bundled.

[jdalsem]

57ac75e made registration disbled by default. If you need any spam plugin for your site is up to you. Elgg is currently not providing one, so there will be no requirement.