Stack Overflow is somewhat unique in that we encourage participation of essentially anonymous, random programmers. Our idea is to radically reduce the bar for participation, and take one giant leap of faith:
Trusting our users.
That is, until tonight, when we were hit by a malicious user of a type we haven't seen before:
In a way, I suppose I should thank this user for doing this on a Friday night when traffic levels are pretty low. Here's my official response:
How does it feel when we vandalize you, Mr. Tupac Shakur? Eh? Not so good, I bet!
But in all seriousness, the surprising thing here is that this user was not a bot. Our anti-bot stuff would be challenging to get around. It was an actual human being, entering the CAPTCHAs, cutting and pasting text into every post. We verified this by looking at the logs, and the timestamps on the entries. The times are slow and variable, not at all what you'd expect to see from a bot.
Wow. How bored is this guy? (And yeah, it's always a guy, who are we kidding.) I'm not going to name any names, here, but we tracked all the IPs that this activity came from and they were all geographically similar.
As if I needed another reason to hate Kangaroos and Koalas.
I've been thinking for a while that we should have more stringent throttles on new users, rate limits for asking and answering questions. This human spam storm was my excuse to implement them. So, effective immediately...
If you're a new user, with reputation below 100:
- You may only post 1 question every 20 minutes
- You may only post 1 answer every 3 minutes
This is tracked at the IP address level, so multiple posts from the same IP, even as different "users", will still be blocked.
So take that, Australian wanna-be Tupac Shakur!