As you probably have noticed, we’ve had serious issues with massive amounts of spam, typically in the forums, since last week. We’re still working on this, but I wanted to provide a quick update so you at least know what’s happened.
First of all, there are no security issues. There is nothing wrong with your site, or your accounts. And as a reminder, we don’t have, and we have never had, access to your credit card information if you’re a Premium member.
The issue is that someone, or some entity, is creating hundreds of accounts and plastering our forums with spam. What’s weird about this is that it’s working: We literally have multiple layers of spam protection, and none are catching any of this despite how obvious it is.
The spam is mostly in the form of new forum threads, though I did see a few spam comments from these same accounts over the weekend.
Given the severity of the spam—literally thousands of forum threads created over two days last weekend—we removed the forum link and widget from the home page, and we implemented various new anti-spammer tools, including Stop Spammer, Google Captcha, Askismet.
This actually worked for a few days. But as of today, the spammers are back. And they’re bypassing all of our measures, including the ones noted above.
So now we’ve temporarily removed the ability to create a new forum thread until we can figure this out. We’re reaching out to experts at WordPress, CleanTalk, and elsewhere in the hopes that someone will stop passing the buck and actually help.
Users can now post new topics again as of 10/5/18. We may have to reverse this in some sort of emergency -Tim
Anyway, sorry for the disruptions here in the forums. We’re working on it. And I will provide a more detailed account of what happened whenever we do get past this.
A quick update from Tim (10/5/18 @ 12EST)