A heads up on spam prevention measures

[denise]

Due to recent increases in spam account registration (over and above the already-high baseline levels of spam account registration!) and the amount of our administrative time that dealing with spam is costing us, it's highly likely we will need to start playing around with more aggressive measures to block spammers in the next few weeks. We already use quite a few spam account creation prevention techniques, but there's been a worldwide increase in the amount of abusive/spam traffic over the last six months or so, and we're at the point where we need to start getting much more aggressive about filtering it.

Generally speaking, we try to use the least restrictive measures of spam blocking that we can, because any form of spam blocking can impact legitimate use of the site. If you start getting 403 errors when accessing the site, or you are asked to solve a captcha from our hosting provider (the graphical captcha that shows on a separate page, not the text-based one that shows on the same page) before proceeding to the page you're trying to load, and you are not using a VPN service, please email support@dreamwidth.org with your IP address and let us know. If you don't know your IP address, you can look it up at whatismyip.com.

If you are using a VPN provider and you get these errors, I am incredibly sorry, but we probably won't be able to help. We know that many of our actual-person users use VPNs for privacy and security reasons or to circumvent government restrictions on accessing the site, and we are trying our very best to keep those services able to access Dreamwidth. Unfortunately, VPN services are also a major source of our abusive traffic, especially the free ones, and it's impossible for us to distinguish legitimate traffic from abusive traffic automatically. You are less likely to have problems with paid VPN services, but even those are the source of a lot of spam: our two main VPN sources of abusive traffic are NordVPN and Proton VPN. We're trying very, very hard to not have to block VPN services entirely, but the problem is getting much worse. If you subscribe to either, you may want to contact them and tell them that you've been having problems accessing sites you regularly use because of the amount of abusive traffic that comes from their network.

We will continue to tweak our spam prevention measures as much as we can to avoid interfering with legitimate traffic, and I apologize in advance if we wind up temporarily interfering with your use of the site as we try to stop the garbage we're drowning in.

Comments

[scissorsevered]

Maybe some sort of invitation system would work for curbing spam accounts, similar to how AO3 runs their signups? I know it would place a damper on the number of people signing up at a time but it would seriously reduce the number of accounts being made just to spam.

This isn't me trying to say what you're doing isn't good, because we all really do appreciate the hard work you put into running this site! I'm sure trying to block spam and ensure user privacy at the same time is a pain in the ass lol. But we have faith in you :D

[medusahealing]

Funny enough, DW actually started with an invitation system. You had to have an invite to set up your account.

[jeweledeyes]

I totally forgot about that. I got my account through an invite code!

[the_broken_tower]

Oh wow, how long ago was that? :0 Was there a limited number of times you could send invites?

- Izar (he/him)

[jeweledeyes]

I thought it might have been 2009, but my profile page says it was 2010. 13 years ago, dang!

As for how many codes, I don't remember that much, so I tried searching. I found some posts with people with multiple codes, so it wasn't limited to just one, but I don't remember beyond that 😅 And it looks like they opened registration in December 2011, based on this post and this post.

[denise]

It was back when we were still in beta (2009-2011 or so)! We would generate batches of invite codes semi-regularly based on certain criteria -- like, sometimes we'd send codes to people who'd posted recently, sometimes to people who'd logged in recently, sometimes to people who'd used all their invites, sometimes to people who'd invited people who were active on the site, yadda. We had a bunch of different methods we could use to hand them out and we tried to make sure everybody who was active on the site had at least one or two on hand at all times, plus we could make 'bulk' codes that could be used to create a larger number of accounts (like, if you were starting a new RP game and wanted to make sure all your players could make accounts for it, we could give you a single code that worked to make 50 accounts and not just one, etc). It was a good method for making sure that we didn't overwhelm the site completely when we launched, but it was a lot of administrative overhead and we were glad to finally ditch them!

[denise]

Yes, we had an invite code system when we started to limit growth to what we could support! But it's less effective for curbing spam than you'd think: people generally share invites widely enough that it's easy for spammers to get them, and all it does is put a barrier in front of people who are looking to make legitimate accounts. It's also enough of a pain in the ass, administratively, that we were really happy to ditch it when we could. If it were more effective in curbing spam registration, absolutely we would turn it back on, but the combination of "not great at spam fighting" + "deeply annoying for legitimate use" + "just as much of an administrative burden as the spam fighting" puts it pretty far down on the list. (At most, we'd require invites for creating accounts from one of the six countries that 90% of our spam comes from, but that's 90% of the admin annoyance as requiring them for everyone so we haven't yet.)