Hey all, so as you might have noticed, over the past couple of days, we've been hit by a spambot that created hundreds of accounts, posted hundreds of spam forum messages, and created over 5000 spam wiki pages. Thanks to hard work and diligent efforts of Blondeshell, Eabrace and Codewalker, we've nuked pretty much all of the messages, to our knowledge. We're kind of fortunate in that since we use a custom registration process, we don't get hit often by spammers, and when we do, it's mostly one-off kinds of attacks since someone has to manually create an account through a non-standard interface in order to interact with our web sites. That's protected us pretty well over the years, but this appears to be a case of someone actually writing a custom script to hit against our registration page, and then pointing a botnet at it to create the bogus content.
As a side note, they were undoubtedly mistakenly thinking that either this was a dead community or that we don't actively monitor what's going on with our sites, hoping that search engine crawlers would pick up the spam and process it to boost scam results. Of course, most popular search engines these days don't work that way, but you know how it is; if it manages to boost one search result one spot on one obscure search engine that no one uses, they're willing to deface entire sites and tear down entire communities to do it. Again, thanks to the diligence and hard work of people like Blondeshell, Eabrace, and Codewalker, they didn't get away with it.
However...
To keep them at bay, we have temporarily disabled new registrations. We're going to work on implementing a new registration system, probably using a "CAPTCHA" system and tokens to prevent multiple submissions from a script. From an end-user perspective, you probably won't notice much difference, except possibly having to choose pictures of cats or flowers or something when you register a new account. But I did want to post a message to let everyone know what was going on in case you might have been wondering what we were doing about the situation.
If you notice any spam posts, please let us know and we'll take the necessary steps to delete it and lock the user accounts responsible. If you're a legitimate user whose account was inadvertently locked in the past day or so, reach out to us at admins@cohtitan.com and we'll unlock it. And rest assured, we'll continue taking whatever steps we have to in order to shut these bastards down.
