Skip to main content

Dear Community ⭐️ 

We are happy to announce that we recently worked on improving the way we handle technical content on topic creation 🚀

 

Why? 

Many communities have faced challenges with our firewall identifying technical content as malicious, leading to disruptions in the ability to share desired content and engage within the Community. Our Web Application Firewall was in fact blocking content creation when it detected malicious content. Ultimately, this enhancement will be providing our users with more freedom to publish their technical content.

 

What is changing?

From now on, when our platform detects malicious content due to technical content, this content will not be immediately blocked but will be detected as spam. Moderators will be able to review that content more efficiently, and it will enable their users to publish the technical they want.

 

What about security? 

We've always been committed to offering a secure platform for all our users, and this remain a priority to us. Therefore, we are still doing security checks (AWS WAF and Akismet). But instead of rejecting the content, we are redirecting it as spam so moderators can still approve or reject the content. 

 

What does that mean for me, moderator and /or community managers?

  • You may observe an increase in content classified as spam, since posts that would have previously been blocked will now reach this queue. 
  • Also, note that if the spam check is disabled in the Spam detection settings page, you will not receive this content as spam. If you trust your community and your community is technical, we recommend turning disabling the spam checker. 

We hope that these changes will enable us to maintain our security standards while providing a more fluid user experience for our technical content creators. We are confident that this new process will greatly reduce the incidence of false positives, ensuring that valuable discussions and information are not lost ⭐️

Your feedback is always valuable in driving these improvements, and we're grateful for your continued support 🙌

 

For any questions or further clarification regarding this update, please feel free to reply in comments! 

Hi there! Basic question: what do you mean by “technical content”?

Hi there! Basic question: what do you mean by “technical content”?

I'm asuming it’s IP-addresses and such. That is what we're experiencing.

We experienced this with some terms about servers and the like, terms like localhost and others. 

Hi @Manon , could you provide examples of this update in action?

Aha,

That explains a couple that I had tagged a week ago as spam that had me confused. It would be good if there is a flag or distinction if the thread/reply was spam or malicious content.

It would be nice to have an option to disable the spam filter and these checks as well.

Our community is for enterprise customers who pay for our product. There is very little chance of any spam or malicious content, but our community is 100% technical.

Hi @Daniele Cmty ! Good question, technical content refers to programming syntax or terms like (non exhaustive list):
 

<script>alert("test6</script>, java.lang.RuntimeException, localhost, ../../127.0.0.1, anytext.log, ftp://test

 

@security_lion so if a user creates content with for instance ‘localhost’ in it, prior to this update the topic would have been blocked and would not have even created at all. Now, the topic will go under spam, so it gives the chance to users to create content and to moderators to accept or reject the content. 

 

@dandre yes - our team made an improvement that was shipped today so if you disable the spam filter the content won’t be filtered as spam :) 

 

I hope that answer your questions and concerns! As usual, this is not set in stone and we will continue to work on improving the user experience while satisfying security concerns communities may face.

Hi, @Manon! :)
Does the user who created the suspicious content receive any messages or signals that the content is awaiting moderator approval?

Hi  @Manon - thanks for sharing this update on the community and more importantly for changing the behaviour from block content to redirect to spam. We are running into this today, our community conversations are likely to contain ‘technical’ content and we seem to be having a high False Positive rate.

 

Is it possible to:

  1. Identify which content was marked as spam by akismet versus WAF?
  2. disable/enable akismet and WAF independently? 
  3. disable/enable akismet and/or WAF for certain users (using custom roles)
  4. When a moderator marks a post/reply as “NOT SPAM”
    1. Is akismet learning to not mark such content as spam in future?
    2. Is your WAF module learning to not mark such content as spam in future?
  5. And finally, does the WAF have an allowlist capability that we could manage on our own?
Terms & ConditionsCookie settings