Have also seen them. They all have the same name with numbers at the end. Also getting a lot of "sorry we can't service your request responses" this past half hour or so.
I’m also surprised that slurs/slang/foul language in usernames is allowed unless the server is overwhelmed and things are slipping past the validation.
I think the "validation" is the mods happening to notice (usually because people who create such accounts get flagged, and dang gets notified of flags) and politely telling the person such usernames aren't allowed.
I like how all of you keep demeaning the spammer as being amateur or less than script kiddie.
And yet, he bested you, the supposedly experts at web dev and hyperscaling. You create trillions of dollars of value. And yet, your social hot spot is beyond laughably bad at handling that "incompetent" attacker.
Obviously you can't filter for every possibility in advance, but with a hands-on moderator and some regex it should be super-easy to throttle this. And as more than one person has pointed out, just shutting down new account creation/posting for 24 hours would be equally effective. I'm perplexed at how a mature site full owned and catering to network technologists is vulnerable to such a laughably crude attack.
but then you've shut down account creation for 24 hours. The site operators get to choose how they want to play it, but it seems they don't want to do that just yet.
You're right that it's laughably crude though. Says a lot about things that this hasn't happened until now.
but then you've shut down account creation for 24 hours.
But so what? The impact of that would be negligible, almost certainly less than that of having site performance go through the floor/become temporarily unreadable. It's not like a B2C product launch, and the target audience of HN is more or less optimally positioned to understand why one might deliberately interrupt service.
Unfortunately there's no proof that the spam accounts are linked to said site.
If I were a competitor to the linked account and wanted to cause then damage, I could run a bot campaign purporting to be from them in order to get them kicked off their provider.
That’s possible, and is why the providers investigate (using the account history that we don’t have access to). Often, other customer data - or a 5 minute phone call - is enough for the provider to tell the difference.
Whatever the techbro religion is, it's seems to be lot less obvious, boring and common (at least on HN) than grandiose fearless-truthteller-of-strident-truths-the-sheeple-refuse-to-hear delusions.
If you go to https://news.ycombinator.com/newest , from time to time there apears stories with 50 upvotes in 30 minutes, and perhaps a few sockpuppets/shills comments. If you do the math, they should be in the front page, but misteriously they aren't. So the conclussion is that HN has a secret feature that detect (some of) the tricks. I think I read some coment from pg or dang about voting rings, but it was a long time ago, but it has no details. The details are part of the secret sause.
Also people flag strange threads, so the detection is not only automatic. If you notice something strange, you can send an email to dang: hn@ycombinator.com
It's surely possible but it's not quite that easy, otherwise you'd see it daily in comments. It's similar for front page posts but harder since both users and moderators nuke spam-looking things as they are highly visible.
Poor attempt at trying to make the URL unique possibly and prevent it from being blocked. Someone could easily block the domain or use regex to block comments with that domain.
512 comments
[ 3.2 ms ] story [ 333 ms ] threadHopefully we don't see a 'Show HN: I created a spam bot service to advertise on every HN post' soon.
Claimed at the time to be working on HN support
Which is also ironic because why would this guy reuse the same username for his little spam campaign when it can be nuked in one line of code…
Amateur stuff.
Never seen it happen before though!
And yet, he bested you, the supposedly experts at web dev and hyperscaling. You create trillions of dollars of value. And yet, your social hot spot is beyond laughably bad at handling that "incompetent" attacker.
You're right that it's laughably crude though. Says a lot about things that this hasn't happened until now.
But so what? The impact of that would be negligible, almost certainly less than that of having site performance go through the floor/become temporarily unreadable. It's not like a B2C product launch, and the target audience of HN is more or less optimally positioned to understand why one might deliberately interrupt service.
Anyone from Cloudflare or Supabase care to remove your abusive customer? Also reported.
If I were a competitor to the linked account and wanted to cause then damage, I could run a bot campaign purporting to be from them in order to get them kicked off their provider.
Anyone who does business with this outfit has it coming.
https://news.ycombinator.com/item?id=40117443
There is a whole family of pwdisswordfish* accounts btw. The "b" account's "about" text even has a holier-than-thou attitude about it.
Also people flag strange threads, so the detection is not only automatic. If you notice something strange, you can send an email to dang: hn@ycombinator.com
For historical purposes
Edit: nope, it's still ongoing, there are spam comments on this very thread from 2 minutes ago. The new comments link doesn't show dead comments.
https://en.wikipedia.org/wiki/Hash_buster