Page 2 of 2

Re: Bot Busting Thread

Posted: Mon Apr 17, 2023 3:56 pm
by Yukinu
Amelia wrote: Sun Apr 16, 2023 9:07 am This really just shows how dire the Internet's bot problem has become.
It really is a huge problem. I've seen so many forums get overrun by swarms of bots, and its very unfortunate since it discourages people from self hosting in favor of walled garden services. It especially hurts non technical users who want to self host.

One solution for all technical users who want to self host is to create a sort of security through obscurity defense: each site implements their own defense mechanism and then it becomes too economically inefficient for bots to spam all forums since they need to reverse engineer a different mechanism on each site. However, this leaves out non technical users who don't have the ability to dive into the code and implement their own defenses and captchas. Many forums in the past were hosted by non technical users who just wanted to create a space for hobbies and fandoms, and this ultimately lead to so many vibrant communities on the web. These users can't host their forums if they can't stop the bots.
Amelia wrote: Sun Apr 16, 2023 9:07 am Makes me wonder whether the future of the web has no choice but to be invite only.
It's a possible solution. Sites like lobste.rs use an invite only system, and keep track of who invites who. But it can also lead to some problems. For example, people who are more introverted may struggle with asking for invites. I've seen quite a few cases where people lurk forums for years before ever making their first post. I'm afraid that making things invite only might discourage those people from posting.

Re: Bot Busting Thread

Posted: Thu May 04, 2023 4:41 pm
by Yukinu
Ok, modified the captcha a bit. These bots are relentless, and the links go deep. One of the bot posts I deleted was linking to a fluxbb forum on an edu site. The edu site has DDoS protection and a common 3rd party captcha, and still this same bot was able to post on the fluxbb forum (this is why I don't recommend DDoS protection or this common 3rd party captcha, it gives a false sense of security and does not work), and post here a link to the fluxbb forum. The edu forum cleaned up the thread that this bot was linking to, so the post here would have been a dead link, but you can see how deep things are going here. Not only are they trying to post direct links here, they are also trying to create a deep chain of links across many sites.

If the bots get in again after this new captcha, then things have gotten very bad, it would mean they are custom coding bots for every site.

Anyways, we'll see if this stops the bots. There are still a lot more ways I can block the bots without using a 3rd party service, but I would prefer not to go the draconian route such as trying to implement some weird hacks with javascript. It would just cut down the number of viable browsers that can access the web, and I want my sites to work on any browser, even command line browsers like lynx.