Recent coordinated spam attack

[Paint_Ninja]

We were recently hit with a significant amount of spam that included inappropriate or illegal content. Here's what happened, what we've done and the changes made to avoid this from happening again...

---

Last month we noticed an massive uptick in spam, at one point approaching an alarming rate of multiple new accounts being made every couple of hours on a daily basis, across multiple time zones. This included things such as ads for online casinos, black market pharmaceuticals and sexual solicitations, among other things.

In our early response to this, moderators monitored the forums more regularly, banned accounts and removed individual threads as and when they were seen or reported. We initially thought these were bots, but later discovered based on their behaviour that they were commissioned "workers" from a handful of third-world countries.

Unfortunately, the spam got increasingly hard to keep up with our current approach. As part of Forge's new transparency efforts, we reached out to Lex about this publicly on the new Discord server, which he promptly responded to once awake (time zone differences) and performed a number of measures, including updating our week-old anti-spam and bot protection plugins, trained us on the spammer flagging feature and increased the sensitivity on restricting suspicious account sign-ups - any stricter and nobody could register.

The spammer flagging feature allowed us to ban an account and have all of their posts automatically removed within a matter of minutes without needing to manually remove them. This was a great step in the right direction and significantly reduced the workload for moderators in situations like this.

Overtime I worked with Lex to further refine and improve our measures to counter the ever-growing rate of spam on the forums. We quietly rolled out various efforts behind the scenes: promoting more moderators, IP bans, automated keyword blocking that notified moderators, registration blocking for certain email domains and more.

Overall, we banned nearly 600 obvious spam accounts and removed tens of thousands of unacceptable threads, excluding automated measures.

---

Part of the delay in completely solving this was two-fold - a lack of familiarity with the forum software (due to the scale of this spam attack not being seen here before so as to not warrant a need in the past) and wanting to avoid sudden disproportional actions that could affect real users.

I would like to personally apologise on behalf of the team if you were affected by the spam and would like to thank those involved in mitigating it. We have a small but fantastic team on the forums and hope this helps convey our level of care and commitment to the forum community.