Yukinu's Forum

Ok, modified the captcha a bit. These bots are relentless, and the links go deep. One of the bot posts I deleted was linking to a [color=#FFFF80]fluxbb[/color] forum on an edu site. The edu site has DDoS protection and a common 3rd party captcha, and still this same bot was able to post on the [color=#FFFF80]fluxbb[/color] forum (this is why I don't recommend DDoS protection or this common 3rd party captcha, it gives a false sense of security and does not work), and post here a link to the [color=#FFFF80]fluxbb[/color] forum. The edu forum cleaned up the thread that this bot was linking to, so the post here would have been a dead link, but you can see how deep things are going here. Not only are they trying to post direct links here, they are also trying to create a deep chain of links across many sites.

If the bots get in again after this new captcha, then things have gotten very bad, it would mean [b]they are custom coding bots for every site[/b].

Anyways, we'll see if this stops the bots. There are still a lot more ways I can block the bots without using a 3rd party service, but I would prefer not to go the draconian route such as trying to implement some weird hacks with javascript. It would just cut down the number of viable browsers that can access the web, and I want my sites to work on any browser, even command line browsers like lynx.

[quote=Amelia post_id=512 time=1681636066]
This really just shows how dire the Internet's bot problem has become.
[/quote]

It really is a huge problem. I've seen so many forums get overrun by swarms of bots, and its very unfortunate since it discourages people from self hosting in favor of walled garden services. It especially hurts non technical users who want to self host.

One solution for all technical users who want to self host is to create a sort of security through obscurity defense: each site implements their own defense mechanism and then it becomes too economically inefficient for bots to spam all forums since they need to reverse engineer a different mechanism on each site. However, this leaves out non technical users who don't have the ability to dive into the code and implement their own defenses and captchas. Many forums in the past were hosted by non technical users who just wanted to create a space for hobbies and fandoms, and this ultimately lead to so many vibrant communities on the web. These users can't host their forums if they can't stop the bots.

[quote=Amelia post_id=512 time=1681636066]
Makes me wonder whether the future of the web has no choice but to be invite only.
[/quote]

It's a possible solution. Sites like lobste.rs use an invite only system, and keep track of who invites who. But it can also lead to some problems. For example, people who are more introverted may struggle with asking for invites. I've seen quite a few cases where people lurk forums for years before ever making their first post. I'm afraid that making things invite only might discourage those people from posting.

This really just shows how dire the Internet's bot problem has become. Makes me wonder whether the future of the web has no choice but to be invite only.

The never ending stream of link bots is at it again, and this time more aggressive, creating 200+ posts.

More bots, seems to be the same link bots.

My bots today, this time posting in cyrillic characters. Seemed to be selling products and affliate links. Could be a similar bot script to the first set of bots, since they stop posting after a few topics and beat the captcha.

[quote=Galladite post_id=119 time=1671366296 user_id=60]
[url=http://wakaba.c3.cx/s/web/wakaba_kareha]Kareha[/url] is a message board, and if you want a fairly unique captcha you can use its "captcha.pl" which generates the captchas locally and so lets you change all the settings for how they are generated to increase or decrease complexity.

The settings you can change are height, scribble, scaling, rotation and spacing.
[/quote]

Thanks Galladite, I'll have to to look into this. I'm currently using the default phpBB captcha and have been looking into other locally generated captchas or tweaking the phpBB captcha to make it a bit more difficult for bots.

Also think I've actually come across this website before, looks familiar.

[url=http://wakaba.c3.cx/s/web/wakaba_kareha]Kareha[/url] is a message board, and if you want a fairly unique captcha you can use its "captcha.pl" which generates the captchas locally and so lets you change all the settings for how they are generated to increase or decrease complexity.

The settings you can change are height, scribble, scaling, rotation and spacing.

There was another bot, this one offering a phpBB captcha buster, intersting bot

[quote=Grafo post_id=115 time=1669847690 user_id=59]
Glad to see you were able to get rid of the bots!
[/quote]

yep, so far so good!

[quote=Grafo post_id=115 time=1669847690 user_id=59]
A while ago I had a similar problem on my guestbook, it's really annoying :(
[/quote]

annoying indeed, really makes you wonder how bots find sites in the first place. There are billions of web sites and web pages, but they still manage to find and try every single page on the entire internet it seems.