Is this forum under attack, or is discourse compromized?

what's with all these bots in the last hours? is the user database secure?

It looks like they’re all newly created logins, rather than compromised accounts or something like that, so I don’t think there’s any reason to think that the server has been compromised. Instead, I’m guessing a spammer has found a way around Discourse’s spam detection.

yea sorry, took a bit, but it's cleaned up now. new registrations are restricted for a bit

My thanks goes out to the team members dealing with it. Your work is appreciated!

We've been dealing with spam via compromised old accounts on the Arch Linux forums lately, too.
I know what a hassle it is to clean up after those. Thanks for your work here.

We have added a captcha to the registration process for the time being. Registration is otherwise open again for a few hours already now, and it seems like the spam hasn’t come back. I’m unpinning this thread

wait theres botnets going after these forums?

maybe, maybe not, I don't know, I was just saying...

Yeah, it's the C++ guys beginning to panic. The language wars are getting serious.

Only joking. Really.

It doesn’t take any actual botnet to be posting spam content (slightly) faster than humans can comfortably remove it^[1]. Really, it’s not fundamentally anything new that happened in terms of spam – the same kinds of random … most commonly Indian IP-address – off-topic&spam postings that want to place their phone numbers in as many places as possible on the internet to scam people. It looks like it took all these years until this week that one of them for the first time managed to automate their spam process (in a way that involves a VPN or something like that in order to obtain fresh IPs to avoid Discourse’s default rate limits on account creation per IP).

It also looks like more spam was actually becoming/staying publicly visible than should have been; I’ve spotted some Ruby error messages like “Discourse AI: Error in SpamScanner for post 550*** : NameError : undefined local variable or method `monthly_usage' for an instance of LlmCreditAllocation” in the page’s error log that suggest the spam filter might have not worked or not fully worked at the time, presumably a bug introduced by

and fixed by

So maybe the spammers ran their script because they noticed/learned that spam protection was somewhat down – which, if it’s the case, would mean this was even more of a on-off issue

Even with the captcha, we still get the normal (very occasional) spam user now; so it seems like there are – and have been – actual people behind creating such accounts and posts. I can’t really begin to understand the motivation of these people, as there’s no chance that any of it would stay up for any significant amount of time. I guess, it seems that … unfortunately … the scamming business is still pretty lucrative.

1. like a handful or so each minute ↩︎

I have heard (and I'm not sure if this is true), that spammers will reuse captchas from sites they want to target on their own sites, requiring unsuspecting users to solve the captchas to see some content or other (typically sites of p*rn, gambling or similar). These days I guess neural networks might be good for enough to pass some captchas as well. Also these days, there is more than just image decoding in captchas, so not sure how effective such a reuse strategy would be.

just thinking, is there a api of discourse to post things? im going to investigate

test post

Feel free to keep such experimentation either in PMs to yourself or on https://try.discourse.org/

Re. API, see also

and

Apparently the hCaptcha is pretty hostile to vision-impaired users -- see this post: https://dragonscave.space/@TheQuinbox/115630497162544312

Is there some other way such users can sign up?