Danbooru

Spam Bot

Posted under General

Unbreakable said:

Just give them a negative that says they are a spambot and they will be banned when an admin/moderator sees it.

Look at the user listing and you will see that there are dozens of bot accounts presently signing up every hour, all of them following the same username pattern of a girls' name followed by a random number. The moderators can't be expected to keep up at this rate.

How long will it take before the situation requires requires a captcha or similar solution to mitigate spambot activity?

iridescent_slime said:

How long will it take before the situation requires requires a captcha or similar solution to mitigate spambot activity?

Well, a few measures have already been enacted to mitigate this issue...

  • Use of Akismet for spam detection
  • Limit account creation to one per IP address per day

This is all a process of balancing security versus ease of use. We don't want to up the security too much and potentially turn away users new or old, nor do we want to just let these malicious users run nilly willy. It's all a balance act.

From what I currently see this spambot is running at least three active accounts at the same time. It transmits about 100 dmails per account before creating a new account. It generally cycles to a new IP address each time, resulting in nearly each account having it's own unique IP address tied to it.

I'm estimating it's already created about 1200 accounts and started within the last 24 hours.

NWF_Renim said:

From what I currently see this spambot is running at least three active accounts at the same time. It transmits about 100 dmails per account before creating a new account. It generally cycles to a new IP address each time, resulting in nearly each account having it's own unique IP address tied to it.

I'm estimating it's already created about 1200 accounts and started within the last 24 hours.

Albert's current solution is to limit one new account, per IP address, per day, which is useless if every account has its own IP address. A CAPTCHA for the sign-up page would largely fix this problem.

iridescent_slime said:

Look at the user listing and you will see that there are dozens of bot accounts presently signing up every hour, all of them following the same username pattern of a girls' name followed by a random number. The moderators can't be expected to keep up at this rate.

How long will it take before the situation requires requires a captcha or similar solution to mitigate spambot activity?

Yeah I've seen it, giving them a negative only works so far but it may be better than nothing.

I searched for this thread as soon as the Dmail notification finally displayed the message. Some blatant spam (user #530916 just in case). At first I thought the notification to be a bug, as the new message was nowhere to be seen in my inbox.
Could this delay be a separate issue or did the spam get so bad that new mail arrives at least twenty minutes after its notification?

Chucu said:

I searched for this thread as soon as the Dmail notification finally displayed the message. Some blatant spam (user #530916 just in case). At first I thought the notification to be a bug, as the new message was nowhere to be seen in my inbox.
Could this delay be a separate issue or did the spam get so bad that new mail arrives at least twenty minutes after its notification?

There is a separate spam folder in your inbox you can access from the second top bar when in your inbox.

Unbreakable said:

There is a separate spam folder in your inbox you can access from the second top bar when in your inbox.

Just visited it. Sorry, didn't quite see it in the mobile version.

Is this spam event bigger than those from past years?

A lot of people have been suggesting a captcha, but they aren't nearly as effective as people think. They're frequently farmed out to sweatshops in third world countries to complete en-masse. If an attacker really wanted to register accounts, it would cost them a little money, but would be trivial to do.

1 2 3 4