Thanks to everyone who notified us about the huge spam attack. With a bit of scripting, we removed all the users and their content quickly.
Creation of new users was temporarily disabled while we were working.
You now need trust level 1 before you can post anything. To get to Trust level 1, you need to spend some time on the site.
So far it seems to be holding.
Thanks for your assistance, Plonk. I truly appreciate.
Thanks for spending your Saturday to protect us against these random bots.
There wasn’t really any security risk. It’s the usual thing. The bot creates an account, and it immediately posts some kind of ad as a post.
The forum was set up to make it really easy for new users to start posting. So they got through that one easily.
Sadly I am not much of a Ruby coder (the backend is in Ruby), but AI came to the rescue and helped craft the scripts required to find those user accounts quickly and just trash it all. Which meant we didn’t have to click through it all one by one. So the entire “rescue” was maybe an hour and a half, if that.
The rate at which new accounts appeared I thought something obtained elevated privileges!
For the people that missed the excitement this is what it looked like (also, I think I identified the bot leader… 
).
Guess the aim of the spam is to get people to phone specific phone numbers (premium rate calls and/or phishing ?). Some of the bot accounts had their phone number field filled with a number that pops up all over the place (many, many forums). Even (?) youtube not keeping them out
Btw @plonkster, even though the fight against spam is an important one, we should not lose our humanity. What if some of the bots had a change of heart…
Some of these are particularly interesting too. Take this guy… who registered from India, but then was in The Netherlands soon after:
Ja Ja, was informed early morning by a forum member, jumped online for the first time in a long time, even had to reset my password as i could not remember it. Then got to work while i phoned Plonk to ask for assistance. We spend an hour or two, maybe more and eventually saw some progress. I kept blocking and deleting accounts and posts while plonk were looking for the best solution to keep them out. At some stage the bot were creating accounts faster than i could delete them..
I dont want to mention everything that was changed or put in place to try and stop it from happening again. Saying too much will just tell whoever where to look to find ways around it.
