Ask HN: Is Hacker News under attack from spam bots?

Nature of the Incident

  • Commenters widely agree HN is under a large-scale spam bot attack.
  • Thousands of new accounts are posting nearly identical “AI girlfriend” ads, often with crude or offensive usernames and a short random string appended.
  • Spam appears across most front-page posts, sometimes dozens of comments per thread, in visible “waves.”

Impact on Site and Users

  • Many report slow page loads, timeouts, and HN feeling like a mini-DDoS.
  • Some users try to manually flag hundreds of comments but say it feels futile at this volume.
  • The attack is described as the worst or first of its kind seen on HN by several participants.

Account Creation, Captchas, and Security

  • The spam seems to rely on rapid creation of new accounts with predictable name patterns.
  • Some users observe that captchas appear on login/creation now; others note this is new or inconsistent.
  • Debate over mitigations:
    • Temporarily disabling new account creation or delaying new users’ ability to post.
    • Regex/string-based filters or banning specific username patterns/domains.
    • Captchas vs. phone verification vs. proof-of-work; concern about privacy and “Orwellian” friction.

HN Infrastructure and Moderation Philosophy

  • HN is described as using early-2000s-style tech with minimal upfront friction (no 2FA, light validation).
  • Some argue that historically low spam implies an effective but not perfect spam filter plus active moderation.
  • Others think the site was unprepared for such a crude, high-volume attack and should have had basic rate-limiting and pattern blocking ready.

Voting Integrity and Bot Abuse

  • Users wonder whether similar bot activity could also manipulate upvotes.
  • Examples are given of posts with many votes that never reach the front page, suggesting hidden anti-abuse mechanisms (e.g., detecting voting rings or ignoring certain accounts’ votes).
  • Exact details of these defenses are unknown and intentionally opaque.

Attacker Motives and Quality of Spam

  • Speculation ranges from a low-effort teenager/script-kiddie to someone just aiming for chaos rather than real marketing.
  • Some note that more sophisticated, LLM-written spam could be far harder to detect; this incident is seen as very crude by comparison.