this post was submitted on 20 Jun 2023
65 points (97.1% liked)

Lemmy

12568 readers
26 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

  • Open sign-ups
  • No captcha
  • No e-mail verification

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

  1. Close sign-ups entirely
  2. Only allow sign-ups with applications
  3. Enable e-mail verification + captcha for sign-ups

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.


Update: on lemm.ee, I have defederated the most suspicious spambot-infested instances.

To clarify: this means small instances with an unnaturally fast explosion in user counts over the past day and very little organic activity. I plan to federate again if any of these instances get cleaned up. I have heard that other instances are planning (or already doing) this as well.

It's not a decision I took lightly, but I think protecting users from spam is a very important task for admins. Full info here: https://lemm.ee/post/197715

If you're an admin of an instance that's defederated from lemm.ee but wish to DM me, you can find me on Matrix: @sunaurus:matrix.org

you are viewing a single comment's thread
view the rest of the comments
[–] db0@lemmy.dbzer0.com 4 points 1 year ago (2 children)

We're trying to capture the reddit refugees as well. It's a fine-line to walk.

[–] Amir@lemmy.ml 4 points 1 year ago (1 children)

Email + Captcha should be doable right?

[–] db0@lemmy.dbzer0.com 1 points 1 year ago

yes, that's the bare minimum until we get better toolset

[–] hightrix@kbin.social 3 points 1 year ago (1 children)

Agreed. An application that must be human reviewed is a very large gate that many people will see and just close the site. Myself included.

[–] nik282000@lemmy.ml 1 points 1 year ago

Nothing against you but that is a good thing. The idea that applications being reviewed by a human could scare off users means less low-haning-fruit trolls and shit-posters.