this post was submitted on 18 Jun 2023
16 points (94.4% liked)

Lemmy

12542 readers
85 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

cross-posted from: https://lemmy.cat/post/6385

It is currently possible, through Lemmy's API, to create accounts automatically and without limit if verification by email address or captcha is not activated. I'd advise you to activate one or both of them NOW!

After registering x number of accounts (currently I could do thousands), all you have to do is list all the existing communities for each of the account to publishes one new post per community, or more. I'll leave you to picture the mess.

(I apologise to the administrators of sh.itjust.works, I should have done the test with my own server.)

you are viewing a single comment's thread
view the rest of the comments
[–] PenguinLover@lemmy.ml 3 points 1 year ago (1 children)

This is indeed not an ideal situation, but I guess on most instances this isn't possible. I agree instances should require a captcha of some sort for signing up.

[–] zeerooth@lemmy.antemeridiem.xyz 3 points 1 year ago (2 children)

Unfortunately lemmy devs removed captchas recently https://github.com/LemmyNet/lemmy/issues/2922 so email verification and/or rate limiting is probably the only real option for protection.

[–] Pekka@feddit.nl 2 points 1 year ago

With tools like this (https://nopecha.com/) existing they might be right. This is not even the only tool, it really looks like captchas are no longer useful because of AI.

[–] EthicalAI@beehaw.org 2 points 1 year ago

That’s a major bad call. Companies like Google who maintain Captcha know the state of AI and will update captcha continuously to adapt.