While I understand this, there are millions of sites out there, and many MANY that are way more under attack then this one and they do not have this issue. Cloudflare also locks some people out depending on their ISPs, and some browsers. I get we want more protection against the garbage redditors non-stop attacking.... but I am not sure me having to log back in 3 times in 5 minutes is worth me ignoring 10 posts about bone conductive headphones. I know Bot Fight Mode sounds nice, but well this is what it does. It makes the sites nearly unusable as well as causing pages to only partially load.

I am trying to think of solutions, not just bitch, which is so often what people do, and being in IT I know what can easily be done, but the problem is a lot of it requires either people we can trust to do manual labor, or risk going the Reddit way and having tyrant mods. Like for instance, if we had a bunch of well known and like community people be given access to report posts, and if 3 of them report the post it is deleted. That would be not horrible, but that requires manual effort on their part, and then also allows censorship if they get butthurt about something.

It can't just be x reports = deleted, because that could just be bot brigaded. It could be something like members with x months/years + positive posts and above a portiive to negative threshold can report and if there is say 20 reports it is deleted, but that still is open for abuse. Usually POLICY is what fixes this, but that would require people here 24x7 doing it as a job, not likely.

Obviously some small things like a captcha, or shit man, a DAILY captcha/recaptcha or even a captcha for the first few posts per day, would dissuade a lot of bots, though there are services around that, but really redditors are so fucking lazy and poor they could not pay for that ;P There are other services that help with invalid and bot mitigation like CHEQ, but that starts to get spendy when traffic picks up (think like $200 for 100k visitors per day?)

I do not remember needing to verify/validate my email when I signed up, that certainly is a must if that is not already here. RBLs won't work in this age of VPN, so that is out. OBVIOUSLY cannot do trigger word blocks, that would kill real posts.

No clue if it would work or not, but I hear people have some decent luck with https://www.stopforumspam.com, though that is typically for crap like pphb or like wordpress. That service is basically a service that all these sites report spammers/bots to, (not sure what all data is sent) but then they provide that list to others via a plugin so when people sign up if they are on that list, denied. That would block a lot of existing or paid-for-bots and bad actors, but of course they could just make more accounts, but hey this service is free.

I don't know what OS this is hosted on, assuming linux, so something like https://www.imunify360.com might also help, as it is a full security suite, including WAF, that says it can block bots and bad actors, obviously at the firewall level. Think it's like $45 a month.

Anyways, that is what a quick thought is. I really don't want to just complain, but try to be part of the solution.

p.s. I had to rereg with cloudfare 3 times while typing this.

p.p.s. If you keep a single window open on /new, then before you hit post on anything just go to that window and click the new tab again to force re-reg. Refresh DOES NOT always force it.