Massive spam bot attack

I could volunteer as a moderator if necessary. If not for confirming new accounts at least I could delete all the constant incoming spam threads and posts.

While that’s an option for now I think we should start looking into alternatives to recaptcha as it’s clearly not working as intended. Bots specifically targeted at our site will obviously break through simple security questions, but I doubt that’s the real issue here. Inexistence proposed to use the string “sourceruns” and just leave some letters out for the user to fill in when registering. If possible (I’m sure you able people would find a way) add all possible permutations of missing characters with varying numbers of missing characters, e.g. s_ur_erun_, sourc_r_ns, etc. Should we give this a try? Clearly something needs to be done as the site is getting very unenjoyable to visit with all the spam and appointing moderators whose sole job is to delete bots + their threads is just a workaround in my eyes and nothing we should go for in the long run. Besides, most people would still see spam if it hasn’t been deleted yet and they - like me - mostly use the “show new posts since last visit” option.


We’d have to wait for Cameron to install something since I’m clueless how to add an extra option on these forums. Until then, I’ll continue to delete accounts…


What about having a mandatory field which is something like “favourite valve game” then have a text box.

Then just have a list of games which are accepted however not shown to the user. Obviously it should be quite generous game names.

The valve complete pack would have a list of all those games.

We could even mention how the question is there to stop spam. Having something so unique like that might work.


I read a post somewhere where an admin added an invisible text field somewhere on the site (possibly not even clickable by the user) which was required to be empty when hitting submit. Since bots don’t know that and just fill out every field/form they find, they would constantly fail to register. Now, I don’t know how applicable or doable this is for Cameron, but that didn’t sound like the worst idea to me. Maybe worth a try.

You can integrate a captcha of some form, or even a question like What is 2+4 and some advanced bots can still get through.

I like Fousts idea. Also I google’d the issue and I really like that solution. XD


Another option would be to add a list of radio buttons or check boxes where you ask the user to select one particular button or box to continue with the registration.

and this one.


Fun fact, 74% of the page views on the 28th were from known spam bots (and therefore actually blocked)


That’s upsetting.


But still a fun fact!


The bots are really annoying me now :frowning: I feel like something is wrong with SEO settings. Also, I have one suggestion - How about making a restriction for new members, so they can’t post until they are a member for one day or logged in for at least 30 mins (thats 2 sessions). Since most of the bots are not waiting and spam instantly after 1-2 mins after registration (as you can tell when you look at their profiles) I think it should work.


Since this forum doesn’t deal with people having a question and asking for help, it should be ok. But something still bugs me :confused:


You are indeed really getting a crapload of spam. And although I think the minimum registrated time is a good temporary solution, it’s not a real fix. It’s merely working around the fact that bots can apparently still get accounts. Unless, of course, it’s real people posting that shit.

I think a less extreme yet perhaps more annoying temporary solution would be preventing new users from posting links until they’ve been registered for or have made posts.


I added a question to the registration page (Other admins: you can add/change the questions from here). I’ll see how that goes over the next few days.


I’m going to change the question to who is the sexiest Sourcerunner?
Answer: CooL