Chaos Cluster
News => Announcements & Such => Topic started by: Trerro on April 28, 2011, 08:44:36 pm
-
We're currently being hit by spambots that are able to bypass our CAPTCHA. I'm not sure if they actually have an OCR script that can defeat it, or if they're paying sweatshop employees to spawn the accounts, but in either case, they're getting through.
The way the attack works is that they register several accounts, wait a few weeks, and then start sending spam, via PMs, to all non-mods and non-admins. They also like to use names like "Forum Staff" to get you to open it. The only legit CC bot account is messagebot. If you receive anything from a bot account that isn't messagebot, it's spam.
I just purged all known spammer accounts, and I *think* I got them all, but they will of course continue to create them. Please let me know when the next spam wave hits so I can purge it as well.
I'm going to implement a couple of additional measures to halt the spambots. If it becomes necessary, I will switch accounts to require admin approval, but I only want to do that as an absolute last resort, as it makes real people less likely to ever actually use their account.
-
Got spam pms from someone called "forumstaff" that's not even a member
Also, just restrict PM'ing access for new members and problem is solved.
-
*points to shoutbox* Yeah, if you try to send a PM with a <5 post count now, it'll reject with an error. The forum software doesn't actually support that, but I just hard-coded it in.
-
*points to shoutbox* Yeah, if you try to send a PM with a <5 post count now, it'll reject with an error. The forum software doesn't actually support that, but I just hard-coded it in.
What a brag :P
-
Not really a brag. More of a "I completely half-assed it, and didn't follow the flow of the program at all, but it does the job." :P
-
uh oh, chris was hard coding again, if the shoutbox dissappears for all non admin peoples again be sure to let us know :P lol