We’re sorry we inconvenienced 42 people today—a record number—who had to complete a challenge on the main site. Please know that this is down to a record number of “AI” theftbots and cybercriminals trying to hack Autocade (as well as Lucire). As they up their ante, we’ve had to broaden the challenges and blocks we issue. This has evidently affected the ISPs of those 42 users. Through no fault of their own, those ISPs also host thieves and hackers.
Note that this is 42 out of 5,460 questionable entries over the last 24 hours, or 0·77 per cent. Prior to yesterday, we would be looking at two or three people, and not every day. And prior to last week, the proportion was 0 per cent: no human was inconvenienced.
We do not take the blocking or challenging of all addresses at a single ISP lightly. It is often after thousands of hits in a short space of time, sometimes through multiple IP addresses, that we mark an ISP as suspicious.
There are some major blocks or challenges in place for users at Alibaba, Tencent, Google (namely googleusercontent.com), Microsoft (particularly bad), and Digital Ocean. A number of “SEO” bots are also blocked, since some have ignored our robots.txt directives (e.g. Semrush). In all cases, unscrupulous users struck first and we responded.
Once the challenge is solved, we hope you had a useful browsing session.
Our aim is to cut down on theftbots and hacking while letting humans experience our websites freely.
It’s sad that most days are about analysing the logs and seeing what hacking or scraping attempts took place overnight.
Sadly, this is nothing new: when Autocade was a wiki, there would be fake sign-ups and those users would then post spam to vandalize the website. In 2011, we ceased making it a wiki, the site having attracted a minuscule number of contributors.
In 2025, the attacks are relentless. We experienced an extraordinary amount of “AI” scraping in 2023 but nowadays, even regular users are doing it and using Google, Microsoft or Tencent servers to mount their thefts or hacking.
We would normally look at ways of whitelisting humans, but given the scale of the problem, we don’t know if your particular IP address might be shared with unethical parties. But if the number of theft or hacking attempts falls, then we’d be happy to make our block or challenge criteria narrower again.
