Ask HN: Is Hacker News under attack from spam bots?

207 points by joeyhage ↗ HN
Seeing a lot of spam comments in the last few minutes from accounts that all have similar names. Omitting name since it is NSFW.

512 comments

[ 3.2 ms ] story [ 333 ms ] thread
Yep, guess the admins will have a busy day. Seems 10000s of accounts being created and used to spam ai sex bots.
Luckily the accounts are all prefixed with the exact same phrase, which should make cleanup easier.
It sure looks like it; every front page post has a dozen or so comments from unique bot accounts.

Hopefully we don't see a 'Show HN: I created a spam bot service to advertise on every HN post' soon.

Have also seen them. They all have the same name with numbers at the end. Also getting a lot of "sorry we can't service your request responses" this past half hour or so.
This very thread is under attack by spam bots...
(comment deleted)
Interesting that this wasn’t baked in as a preventative method for repeat usernames.

Which is also ironic because why would this guy reuse the same username for his little spam campaign when it can be nuked in one line of code…

Amateur stuff.

Never seen it happen before though!

Really wonder, if this kind of spam is the perfect application for an LLM based agent.
To be fair, this kind of spam seems like you could output it with a shellscript.
Do we lack a captcha here?
I just tried logging in and looks like there is a captcha now. There wasn't one before.
I mean, at least LLMs would have different text in different messages.
I’m also surprised that slurs/slang/foul language in usernames is allowed unless the server is overwhelmed and things are slipping past the validation.
(comment deleted)
I think the "validation" is the mods happening to notice (usually because people who create such accounts get flagged, and dang gets notified of flags) and politely telling the person such usernames aren't allowed.
I like how all of you keep demeaning the spammer as being amateur or less than script kiddie.

And yet, he bested you, the supposedly experts at web dev and hyperscaling. You create trillions of dollars of value. And yet, your social hot spot is beyond laughably bad at handling that "incompetent" attacker.

Since you are othering the parties concerned, mind sharing more info on the attacker?
Is that you? yt/@gertop6402 Just guessing.. anywho, your nick signals SEO knowledge and reasons to hide.
Clearly, I'm surprised there isn't a spam filter that detects this obvious attack.
or the bot is taking advantage of holes in the existing spam filter that haven't been exploited before
Obviously you can't filter for every possibility in advance, but with a hands-on moderator and some regex it should be super-easy to throttle this. And as more than one person has pointed out, just shutting down new account creation/posting for 24 hours would be equally effective. I'm perplexed at how a mature site full owned and catering to network technologists is vulnerable to such a laughably crude attack.
but then you've shut down account creation for 24 hours. The site operators get to choose how they want to play it, but it seems they don't want to do that just yet.

You're right that it's laughably crude though. Says a lot about things that this hasn't happened until now.

but then you've shut down account creation for 24 hours.

But so what? The impact of that would be negligible, almost certainly less than that of having site performance go through the floor/become temporarily unreadable. It's not like a B2C product launch, and the target audience of HN is more or less optimally positioned to understand why one might deliberately interrupt service.

(comment deleted)
Yup. The site being advertised is proxied through Cloudflare, and they're also using Supabase.

Anyone from Cloudflare or Supabase care to remove your abusive customer? Also reported.

Any other possible actions we can take for punishing these sorts of bad actors?
Unfortunately there's no proof that the spam accounts are linked to said site.

If I were a competitor to the linked account and wanted to cause then damage, I could run a bot campaign purporting to be from them in order to get them kicked off their provider.

That’s possible, and is why the providers investigate (using the account history that we don’t have access to). Often, other customer data - or a 5 minute phone call - is enough for the provider to tell the difference.
You say this from experience? As a spammer or service provider investigator?
The founders are "John Smith" and "Jane Doe", and they're incorporated in Malta.

Anyone who does business with this outfit has it coming.

Not all John Smiths are bad, promise.
I'm partial to the John Smith in The Man in the High Castle. I'm sure you are fine too but this spammer is besmirching your family's good name.
So if it is possible with comments, does it mean it is possible with voting? I'm wondering how many posts recently came to main page upvoted by bots
[flagged]
[flagged]
Whatever the techbro religion is, it's seems to be lot less obvious, boring and common (at least on HN) than grandiose fearless-truthteller-of-strident-truths-the-sheeple-refuse-to-hear delusions.
(comment deleted)
HN doesn't have any integrity about voting in general. Look at the "about" text of https://news.ycombinator.com/user?id=pwdisswordfishc for example, and then look at the username.

There is a whole family of pwdisswordfish* accounts btw. The "b" account's "about" text even has a holier-than-thou attitude about it.

That looks like a person, or a pretty good HNGPT. It's not your average spam. (Unless most comments have been deleted.)
When I said "Look at the username", I meant that. You're not going to get anything by analyzing the posting style of a shared account.
you're assuming votes from those accounts are being included in vote counts
You're missing the point that I didn't need to assume it.
if you have a way to map votes to the account that made them, I'm all ears.
If you go to https://news.ycombinator.com/newest , from time to time there apears stories with 50 upvotes in 30 minutes, and perhaps a few sockpuppets/shills comments. If you do the math, they should be in the front page, but misteriously they aren't. So the conclussion is that HN has a secret feature that detect (some of) the tricks. I think I read some coment from pg or dang about voting rings, but it was a long time ago, but it has no details. The details are part of the secret sause.

Also people flag strange threads, so the detection is not only automatic. If you notice something strange, you can send an email to dang: hn@ycombinator.com

It's surely possible but it's not quite that easy, otherwise you'd see it daily in comments. It's similar for front page posts but harder since both users and moderators nuke spam-looking things as they are highly visible.
Yep, I am sure it happens but this is the first time I've actually seen it!
What we need now is the bot to post here and demonstrate a total lack of sense of irony.
This has happened now. I count 20 spam comments at the moment, though I expect they'll get removed shortly.
Per https://news.ycombinator.com/newcomments the flood stopped 2 minutes ago.
It seems to be going in waves, and it also appears they are getting removed in batches.
On this post alone, there are several of those comments after that. So, it's not stopped.
At the end of each spam message there is a unique 15 character string. Anyone know what purpose the string is supposed to serve?
Poor attempt at trying to make the URL unique possibly and prevent it from being blocked. Someone could easily block the domain or use regex to block comments with that domain.