Skip to content

[3.0] Implement AntiSpam System #8847

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: release-3.0
Choose a base branch
from
Draft

[3.0] Implement AntiSpam System #8847

wants to merge 3 commits into from

Conversation

@jdarwood007
Copy link
Member

@jdarwood007 jdarwood007 commented Aug 14, 2025

This overhauls the entire AntiSpam system in SMF to provide a modular-based system, which should allow adding and removing methods for handling AntiSpam easily. The design was set up so we could implement solutions like hCaptcha or Cloudflare Turnstile by simply dropping in the needed integration file and adding any needed vendor files.

A first note. The AntiSpam system is currently broken in 3.0. Due to it never verifying the verification questions, it only generates them. I could send a separate PR just to fix that, but I fixed it in this to get my initial testing done.

The old "Verifier" was moved into the AntiSpam namespace and called "Verification" now. It differs from the AntiSpam class itself in that it's a wrapper to provide the GUI to the standardized GenericControls, while the AntiSpam logic itself should be callable by any code that wants to implement its templating handling.

The BlankField Verification method may be better renamed to HiddenField, I haven't decided really. I also thought about making this a required field for verification, because it's a very simple bot check, if they don't check that the CSS is hiding the field.

There is no restriction on having competing agents even if they offer the same deal (i.e., multiple types of CAPTCHA).

I want to work on getting reCAPTCHA V3 to work; we currently only support V2. I don't want to do its enterprise captcha, but we may need to add support for that.

The upgrader does not yet handle converting from the old data to the new.

Looking for feedback to ensure I am going in the right direction here. Things are named properly, and it looks like we can achieve the goal of extending the system.

Current TODO on this PR is

  • Add upgrader steps
  • Add support for reCAPTCHA v3
  • Cleanup extra logic.
  • Improve docs

@jdarwood007 jdarwood007 added this to the 3.0 Alpha 4 milestone Aug 14, 2025
@live627
Copy link
Contributor

live627 commented Aug 14, 2025

The BlankField Verification method may be better renamed to HiddenField, I haven't decided really. I also thought about making this a required field for verification, because it's a very simple bot check, if they don't check that the CSS is hiding the field.

Isn't it supposecd to be required to be blank anyway?

@jdarwood007
Copy link
Member Author

jdarwood007 commented Aug 14, 2025

Yes it should always be empty. A non-empty value is a failure.

@jdarwood007
Merge branch 'release-3.0' into 3.0/AntiSpamSystem
f4696cf 
# Conflicts:
#	Sources/Actions/Admin/AntiSpam.php
#	Sources/Actions/VerificationCode.php
#	Sources/Verifier.php
@jdarwood007
Apply PHP cs fixes
bee869d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Anti-spam Backward compatibility Meta Repository tools/code reorganization New feature Visual verification

Projects

None yet

Milestone

3.0 Alpha 6

Development

Successfully merging this pull request may close these issues.

3 participants

@jdarwood007 @live627 @Sesquipedalian