Recent wave of spambots; temporary security measures

Started by namida, July 16, 2025, 10:32:17 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

namida

July 16, 2025, 10:32:17 PM
We had an incident the other day involving a large (by our standards) wave of spambots.

As a temporary measure to combat this, I have changed the question when registering an account to one where the answer cannot be found in public - instead, it's basically a "password" that must be obtained from site staff (possibly via another member). To be clear - this is purely an anti-spambot measure, and the password will pretty much be given to anyone as long as we're sure they're a human and not a spambot. When the site prompts people for this, it will advise them to ask on either the Lemmings Forums Discord or the #lix IRC channel.

Staff members who are not already aware of the password can find it in the topic about the spam wave on the staff board. If a non-staff member needs the password for the sake of passing on to a friend who is trying to register, you are welcome to ask any of us for it - again, it's purely a spambot filter, and I have no issue with humans sharing it with each other. However, please do NOT post it publicly. If sharing it with someone, do so via a private communications channel (eg. DMs on a social media site, or email).

On a side note, it was brought to my attention that users with no posts were being hit with this prompt every time they tried to send a PM. This should no longer be happening; nor should new users have to answer the question a second time when making their first post. It should now appear once during registration, and never again after that. (However, the wording for SMF's setting regarding this was a bit ambiguous, and it may in fact have the opposite result - now making everyone, except mods / admins, answer the question every time they post, even if they've posted before. My testing suggests this is not the case, and that it's working as intended, but please let me know if this is not the case.)

I will be looking into a better means of dealing with this - there are a few good open-source anti-spam solutions out there that go way beyond just a security question (viable but annoying) or a captcha (basically useless these days), and I'd be surprised if SMF doesn't have plugins to integrate with them. The password-style security question is just a temporary measure until that happens.
My projects
2D Lemmings: NeoLemmix (engine) | Lemmings Plus Series (level packs) | Doomsday Lemmings (level pack)
3D Lemmings: Loap (engine) | L3DEdit (level / graphics editor) | L3DUtils (replay / etc utility) | Lemmings Plus 3D (level pack)
Non-Lemmings: Commander Keen: Galaxy Reimagined (a Commander Keen fangame)
Print
Go Up Pages1
User actions