I heard that CAPTCHA/security code verification was implemented on the Battle.net forums to try and combat the SPAM that is occurring on the forums for their free 2 play games as well as the Diablo 3 console boards. Welcome to 10+ year old technology (I am not talking about 2-factor authentication that relies on a mobile device – what I’m talking about is using that tech with an e-mail address) that doesn’t work Blizzard. Even the more sophisticated ones have been busted and for those that haven’t, guess what?
There are actually countries based in developing countries that have been offering bulk CAPTCHA/code verification services for the better part of the last decade. Yes, they actually have an army of workers who will manually enter in the CAPTCHA for those spam bots. And what about the basic “send some form of code to the e-mail address associated” to use as verification? Exact same thing. The spammers constantly update their backend to deal with it and in cases where it doesn’t work, they just farm out the task (along with their disposable e-mail accounts) to one of these bulk services.
Such outdated technology inconveniences actual live users. Most of their forum already has restrictive posting and requires having a valid game key to post. This system should be prioritized for the ones that have had those restrictions removed. Users for their paid titles should not even have to deal with this except when the forum code begins noticing what looks like a spamming pattern. This again is just another sign of the fail and running joke known as the web team/IT team at Blizzard (these folks are even more incompetent and clueless than I gave them credit for). And sure enough, the spam botters are still prolific on their site.
These forums require less posting restrictions since anyone playing their free games like Hearthstone and Heroes of the Storm can create a Battle.net account using any e-mail address. The console games aren’t specifically tied to Battle.net either so it is the same deal. That is what being cheap and lazy with not implementing any system gets you since with the console versions, they should have made it where these games are able to generate a code that a user would need to enter into their Battle.net account management. That code would act like a game key which would allow the restrictive posting to remain intact.
A slightly more sophisticated version of this would need to be implemented for their free 2 play titles since any spammer could simply generate those from the games as needed. Part of this can be addressed via the usual security mechanisms in place (like a game key that was generated from a game client on a specific IP range which doesn’t match the IP range for where those forum post logins are coming from). And in the case of posts that end up having pretty much the same subject and content, there are ways to automatically detect and flag those (at which point, you just automatically throttle the posting capabilities until an actual human moderator can look at them). Then again, this same web team and the folks that created this P.O.S. forum that can’t even re-thread a users previous posts on a BattleTag change can’t be expected to handle such designs since they lack the competence to do just that.
