Lemmy

12557 readers

2 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago

MODERATORS

submitted 1 year ago* (last edited 1 year ago) by sunaurus@lemm.ee to c/lemmy@lemmy.ml

63 comments fedilink hide all child comments

Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.

you are viewing a single comment's thread
view the rest of the comments

[–] PriorProject@lemmy.world 2 points 1 year ago

They can do this, and it is cat and mouse. But...

It generally costs money to stand up an instance. It often requires a credit-card, which reduces anonymity. This will dissuade many folks.
A malicious instance can be defederated, so it might not be all that useful.
People can contact the security team at the host providing infra/internet to the spammer. Reputable hosts will kill the account of a spammer, which again is harder to duplicate if the host requires payment and identity info.
Malicious hosts that fail to address repeated abuse reports can be ip-blocked.
Eventually Lemmy features can be built to protect against this kind of thing by delaying federation, requiring admin approval, or shadow -banning them during a trial period.

Email has shown us that there's a playbook that kind of works here, but it's not easy or pleasant.