Basic real-time bot protection relies on simply testing if user sent invisible input form field and then login is rejected as it's known to be a bot.
More sophisticated mechanism is discussed in the issue #754 but not yet implemented.
cleanup command run, spam comments are detected and removed (if
--dry-run parameter was not specified). Reaching score of 50 is considered as spam, and here are the scores:
- 12.5 points for each occurrence of the provided bad words (so that 4 bad words will result in 50 points)
- 10 points if user is in the provided list of bad users
- 10 points if comment has any links, and another 10 if there are more than 5 of them
- 20 points if comment score is 0 (e.g. nobody voted for it)