I am trying to at least delete the posts asap but we need Teebs to stop them completely.

i don't think that stops them, i think guest accounts shouldn't be allowed to post or comment until they fully register & verify their account.
also, having moderator(s) at different time zones allows around the clock filtration of these pests. (i personally would volunteer for such task ! as i live in the EU )

i don't think that stops them, i think guest accounts shouldn't be allowed to post or comment until they fully register & verify their account.
also, having moderator(s) at different time zones allows around the clock filtration of these pests. (i personally would volunteer for such task ! as i live in the EU )

They have normal accounts, not guests. Maybe better veryfication would work.

Ok I was just trying to think of a solution to all the spam messages

List of the bots I see:

Sharzonmef
PhiplipgeX

I would suggest at least level 3 (or equivalent of 5 to 10 posts) to be required for making new threads.

I would suggest at least level 3 (or equivalent of 5 to 10 posts) to be required for making new threads.

but they can just spam comments then spam threads when they unlock them.

I am sure Teebs will come up with elegant idea how to stop them. :smile:

Maybe better veryfication would work.

Fairly certain this is the key here.
Let us summon teebling!

TeebTeebTeebTeebTeebTeebTeebTeebTeebTeebTeebTeebTeebTeebTeebTeeb
༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ༼ つ _ ༽つ

Make them click on ALL of the buses and fire hydrants and crosswalks and traffic lights and oh my God I hate those things.

what can be done is implement a wow-eque questions that change in each form/wrong entry in the registration form as anti automated bot measure
like this picture

would be funny if one of those questions was Where's Mankrik's Wife ?!
or where is the Argent Dawn located ?!
or what does MC stand for ?!
or Where is Karazhan ?!
or what weapons do hunters use ?! answer = yes

We already have something like this, but the question (and the answer) is static, which is what's causing the issue.
The questions / answers cannot be static because it just takes one correct reply to redirect a whole lot of bots to one forum, which can easily be done by someone at their desk looking for a place to send the bots.

Make them click on ALL of the buses and fire hydrants and crosswalks and traffic lights and oh my God I hate those things.

believe me, this isn't difficult to circumvent, as a software engineer, i can tell you it is quite easy to train a python AI script that uses CNN(convoluted neural networks) to distinguish each object in a picture and choose the correct answer.

would be funny if one of those questions was Where's Mankrik's Wife ?!

We know where she is, but not who killed her.

i saw one spamming mobile game hacks and free gift cards earlier today. was going to respond with something along the lines of "i need my free iphone first" but it got removed

We already have something like this, but the question (and the answer) is static, which is what's causing the issue.
The questions / answers cannot be static because it just takes one correct reply to redirect a whole lot of bots to one forum, which can easily be done by someone at their desk looking for a place to send the bots.

hmm you're right, its quite simple one too, but i think adding more questions, that require specific answers that require actual game knowledge will hinder the bots greatly, though am not sure if it's possible with phpBB, if MAC address bans are possible but those would help allot, as changing MAC address isn't straightforward.

teebling i think it's quite possible to have a small check query when A client opens the registration form it fetches the IP address and queries a blacklist database and if the ip is there it'd block the registration, while IP is easy to change, but with bots i think they'd use the same source. sadly fetching MAC address isn't possible in PHP as it'd be an extra check.

It's actually pretty frustrating. I definitely think there needs to be some better gatekeeping going on. Bad enough we get guest trolls, but being able to easily make accounts and start threads for advertising just kind of sucks.

Yeah, all the ad spam is almost as bad as RedridgeGnoll's PvP posts

With all these bots posting spam at the moment, maybe we should get a report poster function to stop them?

This exists already.
i don't think that stops them, i think guest accounts shouldn't be allowed to post or comment until they fully register & verify their account.
also, having moderator(s) at different time zones allows around the clock filtration of these pests. (i personally would volunteer for such task ! as i live in the EU )

Guest accounts currently can't make new topics but can reply to threads, so it doesn't affect spamming new topics.

Also the spam recently has been coming from registered accounts as has been pointed out.
I would suggest at least level 3 (or equivalent of 5 to 10 posts) to be required for making new threads.

I don't want to implement this. It's a huge disincentive for people joining. People often join because they have a question they want answered. If they can't do that immediately they will go away forever, or make 5 shitty replies to threads contributing nothing at all just to reach the post count required - trust me on that.
Make them click on ALL of the buses and fire hydrants and crosswalks and traffic lights and oh my God I hate those things.

That's why I don't have CAPTCHA anymore, because it wasn't even working that well and it's annoying as hell for everyone involved.
what can be done is implement a wow-eque questions that change in each form/wrong entry in the registration form as anti automated bot measure
like this picture

would be funny if one of those questions was Where's Mankrik's Wife ?!
or where is the Argent Dawn located ?!
or what does MC stand for ?!
or Where is Karazhan ?!
or what weapons do hunters use ?! answer = yes

This is actually what is already in place.

The problem is that bots nowadays are so sophisticated that they can google answers, and even google image answers (if you provide the question in the form of a image). So the question has to be changed occasionally.

Make them click on ALL of the buses and fire hydrants and crosswalks and traffic lights and oh my God I hate those things.

believe me, this isn't difficult to circumvent, as a software engineer, i can tell you it is quite easy to train a python AI script that uses CNN(convoluted neural networks) to distinguish each object in a picture and choose the correct answer.

Yep.
teebling i think it's quite possible to have a small check query when A client opens the registration form it fetches the IP address and queries a blacklist database and if the ip is there it'd block the registration, while IP is easy to change, but with bots i think they'd use the same source. sadly fetching MAC address isn't possible in PHP as it'd be an extra check.

This is already in place too! It queries a DNS blackhole for all registrations. Often times this is a false flag however and normal people email me all the time asking for an account because their 'IP is marked as spam' - it's not as simple as that, IPs change all the time and everyone eventually ends up on a 'blacklisted' IP whether they like it or not.
It's actually pretty frustrating. I definitely think there needs to be some better gatekeeping going on. Bad enough we get guest trolls, but being able to easily make accounts and start threads for advertising just kind of sucks.

I am literally doing everything I can dude, read above.

People just assume that I don't know about basic website security and haven't implemented anti-spam measures already lol.

The simple fact is that fighting forum spam bots is a constant battle that me and s1at have to deal with every day - the majority don't see it because we are quick to rid bad posts before anyone notices. It doesn't become noticeable until a huge flood of them arrive when we're both asleep. There have been worse spam invasions than this in the past - it's all part of the game.

These particular bots from last day or two are new types which I haven't seen before - they're very smart - they have human-esque names and email addresses, dynamic IP locations, and the worst thing of all? They sign up and then lie dormant for 2-3 days before they start posting, unlike normal bots which start straight away having registered.

They cracked the Q+A security so a few have signed up since then, and we can expect more spam accounts to be revealed over the next day or two. Don't worry about it.

I am doing what I can guys but please remember that it is not as simple and easy as you think to stop bots - it really isn't. If you want to help me out when stuff like this inevitably happens, then please don't reply to spam threads (this means an extra step for me to delete them) and have a little patience.