15 comments

[ 3.0 ms ] story [ 48.0 ms ] thread
I can't believe that they haven't got a captcha (or similar) anti bot system upon account creation. I these spammy days, it's a must. And even more for such popular website. Anyway I bet this will be fixed in the following days. Afaik, most captcha system are crackable, and if not, will be in the next few months/year. Google has been working on a new captcha system: http://googleresearch.blogspot.com/2009/04/socially-adjusted...

This is kind of old, I wonder how it has progressed.

I believe they probably never needed a captcha before this and for a few extra webpage hits these guys have inconvenienced the rest of the people who otherwise wouldn't have to prove themselves human
As you noted, most captchas are crackable. This is the reason we have decided not to implement one. It's common thought that captchas reduce spam -- which they do -- but they do so by reducing total signups (human and robot).

Personally, I'd rather deal with spam in craftier ways than prevent legitimate people from signing up.

Thanks for replying. But I have a hard time understanding how filling a captcha can make people willing to signup run away.

Either you're offering a lightweight service with one single and simple functionnality (like instapaper.com for instance, which only requires a username for registration (not even a password !)); either you offer a multi purpuse service like github and if someone begins the registration process on a site like this and runs off because he doesn't want to fill a captcha.. maybe it's better he doesn't register after all.

Anyway what I really want to know is your numbers and how you got them :)

I don't really understand why you would have your bot spam a site that's dedicated to developers and software engineers.
one spams github because github.com has a high google page rank.
The project links are rel="nofollow", though. There really is no benefit to spamming it.
That doesn't prevent the pages themselves from ranking.
I thought that at first too, but then I picked apart the link. They are javascript redirects to another site that then forwards the traffic on to a referal system for another site. Also, I'm not totally sure every search engine completely honors rel='nofollow'
I understand that, but why would you risk pissing off a group of developers, engineers, and hackers? Unless this system is totally automated, I can't see why any reasonable person would think "Oh yeah. This is perfect. Let me put my spam here."
"Reasonable people?" They're spammers, asshats by definition.
They get the same benefit whether the site is for software developers, materials engineers, scrapbookers, the satanist chapter of La Leche League, or the Skifree Yeti. It's about search engines, not the site audience.
We're aware of the problem and sorry about the annoyance. It's a targeted attack, so normal solutions to prevent this aren't going to work. We'll figure it out, though.

edit: the spam listings should be gone within the hour.