Registration for new accounts has been temporarily closed due to the high amount of spam accounts in the last 2 days. We invite you to give suggestions on how to deal with this by commenting in this thread:
https://www.mangaupdates.com/showtopic.php?tid=60366


________________
A just ruler amongst tyrants

There was one that got through.

Guess was registered earlier but was quiet.
https://www.mangaupdates.com/members.html?id=505330

Thanks, took care of it

________________
A just ruler amongst tyrants

I think there's another bot? https://www.mangaupdates.com/members.html?id=505563

________________

Dealt with

________________
A just ruler amongst tyrants

This keeps on, intermittently, as of Oct. 23. I wouldn't be surprised to learn that the Japanese manga industry has hired someone to do this in an effort to undermine scanlation.

A few torrent sites as Demonoid allow you to only register on specific times, which is what i would normally suggests but that would defeat the point of MU in the end.
Which brings me to my question. What if you could only unlock your account´s forum privileges on specific and set dates. All "new users" could only do so much spam damage that way, unless someone uses that time to set up multiple accounts and only employs them if the ones before get banned. Any other smart ideas?

________________
I also read EU/US comics and am a librarian.
Manga-Masters, My ANN-Lists + Imdb

Perhaps this is what residentgrigo was saying, but only allowing accounts older than x months to post might help.

Bot https://www.mangaupdates.com/members.html?id=506250

Bot https://www.mangaupdates.com/members.html?id=506278

Bot https://www.mangaupdates.com/members.html?id=506281

And I'm starting to sound like a bot...

Last edited by spiderbait at 5:14 pm, Oct 24 2017

Ok, this actually is a bot (army) as no human can post this fast. So how about limiting how fast one can post and trying to freezing out people who multiple times a minute automatically.

________________
I also read EU/US comics and am a librarian.
Manga-Masters, My ANN-Lists + Imdb

Close registration again.

https://www.mangaupdates.com/members.html?id=506375

And, even more now...

https://www.mangaupdates.com/members.html?id=506400
https://www.mangaupdates.com/members.html?id=506404
https://www.mangaupdates.com/members.html?id=506401

Not sure if closing registration is the right way to solve this. Are all these accounts posting from the same IP?

For starters, dynamically generate the names for the form fields names based off of a hash of the current server timestamp (needs to have millisecond resolution for the timestamp) rather than have a form field name that looks something like "username" or "password". Instead, you just check the form field names, which are hashes themselves, against your cached hash to see if it's a username or password. This prevent your run of the mill bots looking for form field names like "username", "password_1", "password_2", etc. It'll force them to have to rely on DOM structure patterns to navigate, which is a bit harder.

Also, recently Google recaptcha's been bypassed with 85% accuracy when bots use the audio option.

How about a reputation system? Does the user use the sites features? Ever interacted with Control panel features? Submitted releases? How long has the user been active on the site?

Maybe scaling back post-limits on inactive accounts (or notify mods / block accounts temporarily). This could also trigger on surpassing the average daily post-count of that account in the last week.

Putting nofollow on outgoing forum links seems workable too?

How about white-listing common outgoing forum links and notifying mods (and imposing temporary post timers) if a unknown link gets posted? This would maybe need some differentiation to apply even to URL-parts after the domain like reddit.com/r/manga/ on a white-list for example (because there are even spammy subreddits).