Ask HN: I have so many 'bots' signing up to my site. Why?

by nirkalimi on 4/24/2024, 4:16:20 PM with 6 comments
Hello HN,

Was wondering if anyone else has seen this type of activity on any of the projects they have worked on, and/or know what is going on.

My friends and I have a small community site for content creators to discuss news (think of it like hn but for content creators specifically)[0].

Recently, I have seen a ton of accounts being registered with our email and pw option (the only option). This was very strange considering we are a really small community, and most of our registrations are high quality people at a slow rate through word of mouth. After looking into it, I noticed that all the accounts had usernames like "jDwJeVTQEaP" with a variety of @gmail and @yahoo email's associated to them. There have been 100s of them registered over the course of a week.

These accounts have no activity, mostly because they cannot log in due to needing to be verified via email first. So these accounts are pretty much just shells.

So I am trying to understand what the point of all this is for the account creation spammer? What would you do in my situation to mitigate this?

[0] https://www.cbx.gg/

  • by PaulHoule on 4/24/2024, 6:53:07 PM

    A long time ago I was into what I called "aggressive content syndication" and I wrote a script that (over the course of two months) made several thousand users on an active developer's forum that didn't require email verification to make an account.

    I made a lot of effort to make believable profiles for the users, they had first and last names randomly chosen out of a database and profile pics too, though I made no effort to match the pics with the name of the user (e.g. nationality, gender, etc.)

    I had the users randomly upvote stories so if you looked at the upvote profile of the users it would look pretty normal. However when I finished a blog post I would have the system choose maybe 20-50 users to upvote my post and my post would go right to the top and usually get a large number of what I called "volunteer" upvotes.

    I lost the database that had the users in a hard drive crash so that was the end of that project.

    Note adding users at a high rate (usually many per second) is one of the more efficient ways to crash a web site because the users table in the database is frequently very active.

    ----

    Generally people like to spam links into forums and any place where it is possible to insert links and personally I don't believe it matters much if the links are "nofollow" or not.

    Note it is more of a hassle to do this on a site that supports email verification, I used to set up highly interactive qmail servers that could do things like that but all the sign up emails would be on a limited number of domains that would stick out. I think the pro spammers have methods of creating large numbers of accounts at places like Google and Yahoo which are a great choice if you don't want your email addresses to stick out too much.

  • by pestatije on 4/24/2024, 8:36:31 PM

    their trying to flag your domain as a spam source...once your emails are received they flag them as spam...with enough of those your domain will be in the black list