SPAM Issues May 2026
-
We suffered a SPAM attack from May 1-6, which unfortunately corresponded with time off for lots of IT staff, including a Monday holiday. We declared an incident early on 6 May and started working on the problems. We have taken the following actions, which may disrupt some legitimate users, but hopefully few:
- We've invalidated all existing logged in sessions, to force all users to re-authenticate
- We've invalidated all passwords for users who have not logged in for over a year, forcing them to reset their password (and by doing so, validate that they still control the email address associated with the account)
- We now ban and invalidate users logging in with curl or wget in their user agent string, and mark any existing posts by that user as spam
- We've mass-spammed some thousands of existing posts / topics, though there's more still to tidy up
We will be continuing to try and add some defenses agaisnt this and clean up SPAM As we find it.
Our apologies for any interruption and hopefully we have minimized the problem
-
One way or another, they're still at it
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply