this post was submitted on 23 Jun 2023
2176 points (96.7% liked)

Lemmy

12506 readers
11 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

Please. Captcha by default. Email domain filters. Auto-block federation from servers that don't respect. By default. Urgent.

meme not so funny

And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not "thousands of dollars" spent.

you are viewing a single comment's thread
view the rest of the comments
[–] mlaga97@lemmy.mlaga97.space 9 points 1 year ago (1 children)

Obviously biased, but I'm really concerned this will lead to it becoming infeasible to self-host with working federation and result in further centralization of the network.

Mastodon has a ton more users and I'm not aware of that having to resort to IRC-style federation whitelists.

I'm wondering if this is just another instance of kbin/lemmy moderation tools being insufficient for the task and if that needs to be fixed before considering breaking federation for small/individual instances.

[–] Raiden11X@programming.dev 7 points 1 year ago (2 children)

He explained it already. It looks for a ratio of number of users to posts. If your "small" instance has 5000 users and 2 posts, it would probably assume a lot of those users would be spam bots. If your instance has 2 users and 3 posts, it would assume your users are real. There's a ratio, and the admin of each server that utilizes it can control the level at which it assumes a server is overrun by spam accounts.

[–] mlaga97@lemmy.mlaga97.space 2 points 1 year ago

Okay, so how do you bootstrap a new server in that system?

What do you do when you just created a server and can't get new users because you aren't whitelisted yet?

But what if you do handful of users to start out, or just yourself? How do become 'active' without being able to federate with any other servers? Talk with yourself?

[–] Irisos@lemmy.umainfo.live 2 points 1 year ago* (last edited 1 year ago)

The issue is that it could still be abused against small instances.

For example, I had a bit less than 10 bots trying to signup to my instance today (I had registration with approval on) and those account are reported as instance users even though I refused their registration. Because of this my comment/post ratio per user got a big hit with me being unable to do anything (other than delete those accounts directly from the db).

So even if you don't allow spam accounts to get into your instance, you can easily get blacklisted from that list because creating a few dozen thousands account registration requests isn't that hard even against an instance protected by captcha.