this post was submitted on 27 Jul 2023
313 points (97.9% liked)

Fediverse

27745 readers
757 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
313
Update: Pushing back against the wave of bot accounts on Lemmy (sh.itjust.works)
submitted 1 year ago by kersploosh@sh.itjust.works to c/fediverse@lemmy.world
77 comments fedilink hide all child comments
 

cross-posted from: https://sh.itjust.works/post/1823812

This is an update to my previous post about suspicious inactive accounts on a handful of instances: (https://sh.itjust.works/post/998307).

I ended up messaging the admins at the 16 instances show in the attached image. I pointed out their wild user numbers, and referenced the lemmy.ninja post detailing how that instance scrubbed suspicious accounts from their user database.

6 admins responded. They had all noticed the odd accounts and either thought the numbers were wrong, or weren't sure how to purge the suspicious accounts without nuking their databases. In the end they managed to delete a combined total of about 338k dormant accounts from their instances. (One of the instances seems to have gone down since then.)

I never received a reply from the other 10 instance admins, though 8 of those 10 instances appear to be down (as of 27 July 2023). 2 instances are still up and unchanged.

Between the actively removed accounts and the downed instances, this represents a loss of 930,004 inactive Lemmy accounts!

You can see the drop in the graphs on The Federation. The total number of Lemmy accounts has been cut in half over the past 3 weeks, from a peak of 2.18M to today's 1.09M. The change is mostly from these 16 instances.

I have to admit, I did not expect such a large change when I started this! Hopefully this bodes well for Lemmy's future as a place where actual humans interact, rather than a cesspool of automated comments and upvote/downvote brigading.

That's all I have for now. Keep your stick on the ice; we're all in this together.

top 50 comments
sorted by: hot top controversial new old
[–] Fantomas@lemmy.world 29 points 1 year ago (1 children)

Great to see the transparency with which this is handled

[–] kionay@lemmy.world 16 points 1 year ago (2 children)

The transparency may be my very favorite part of Lemmy. It's almost feels like these people are invested in it's success instead of it's profit.

[–] Fantomas@lemmy.world 7 points 1 year ago

It's a very early internet mindset where success == profit.

[–] Hextic@lemmy.world 5 points 1 year ago

Open source vs we're a business mentality

Early internet grassroots collaboration stuff.

[–] FeelzGoodMan420@eviltoast.org 22 points 1 year ago

Unfortunately no website is safe from the cancer of AI/bots. The Internet is truly in trouble.

[–] Moracrema@lemmy.world 19 points 1 year ago* (last edited 1 year ago) (1 children)

Those are crazy numbers... WTF?

If that's is the reality for Lemmy, I can’t imagine the number of bots giant social networks have. Crazy.

Thank you for your work.

[–] UdeRecife@lemmy.sdfeu.org 11 points 1 year ago (1 children)

That's the thing, right? Those giant networks' admins surely know how inflated their userbase is. They surely know that a lot of the activity is bot faked/manipulated.

But since the end goal of those networks is generate traffic to sell something (ads, user data), they never purge the bots. They need fake engagement. They might even promote it. The human user is just being used (Cf. Stallman's use of this term).

[–] UdeRecife@lemmy.sdfeu.org 12 points 1 year ago

I want to celebrate two things. 1. Your awareness of the potential dangers looming over the fediverse. 2. Your proactive attitude curtailing the problem at its root. From one human to another, thank you!

[–] FlashMobOfOne@lemmy.world 11 points 1 year ago

I don't think I've ever upvoted something more enthusiastically in my life.

Cheers and thank you.

[–] WarmSoda@lemm.ee 8 points 1 year ago* (last edited 1 year ago)

What are qualifications for being an active account? I didn't see any details in the other thread about it either, just the graphs. Is it just post/comment creation? Is it page views? Log ins? Does voting up or down register an account as Active?

If it's only post/comments then you're possibly deleting a bunch of lurkers too.

[–] Blaze@sopuli.xyz 8 points 1 year ago

Thank you for your work!

[–] hmancuso@lemmy.world 8 points 1 year ago (2 children)

Thank you for your efforts to keep this place clean and civil, and especially for the transparency in describing how you've dealt with such annoyances. You have my respect.

load more comments (2 replies)
[–] Blaubarschmann@feddit.de 8 points 1 year ago

Very nice, let's try to keep this place as clean as possible

[–] toiletobserver@lemmy.world 7 points 1 year ago (1 children)

If the women don't find you handsome, they'll at least find you handy.

  • Red Green
load more comments (1 replies)
[–] arc@lemm.ee 7 points 1 year ago

When an account is signed up, is there information such as client ip address that could also be used to spot more inauthentic activity? And more generally, sign up should probably be made resistant to automated bots by randomizing HTML layout & ids and using captchas so it's not so easy to drive sign up through scripts.

[–] z00s@lemmy.world 7 points 1 year ago

>actual humans interact, rather than a cesspool of automated comments and upvote/downvote brigading.

Thank you! That's why I left the other place. You're doing God's work, anon.

[–] SmoothSurfer@lemm.ee 7 points 1 year ago

May I politely ask how did you realize those inactive accounts

[–] mrmanager@lemmy.today 6 points 1 year ago* (last edited 1 year ago) (1 children)

That's actually really interesting. What's the purpose of so many inactive accounts at once?

Seems to be enough to have a few of them, and not a million accounts since it clearly will rise suspicion... :)

Very good that you found them. Fascinating.

Maybe an attempt to try and make the fediverse look more active than it was back then, to get headlines about how it has explosive growth etc. It was June and everything really took off then.

[–] kersploosh@sh.itjust.works 8 points 1 year ago (7 children)

> What’s the purpose of so many inactive accounts at once?

That really is the million dollar question. I don't know. My fear is that they were intended to sit unnoticed until someone had a malicious use for them. Maybe to mass upvote/downvote certain content to make it more visible. Or to become active at an opportune time to make divisive posts and comments. I saw many accounts like that on Reddit; they show no activity for years and then suddenly come alive and spew garbage. I'm sure we'll see some of that on Lemmy next year since there will be a major election in the US. Though hopefully less since a bunch of suspicious dormant accounts are now gone.

[–] muelltonne@feddit.de 9 points 1 year ago

It's a smart move for a spammer to create a lot of accounts in the early days of a platform, before more restrictive signups with mail verification, phone verification or captchas are in place. Look at how difficult it has become to register on Twitter or Facebook.

[–] salient_one@lemmy.villa-straylight.social 3 points 1 year ago* (last edited 1 year ago)

Perhaps something akin to this, sleeper cells for some nefarious purpose, e.g. influencing elections.

load more comments (5 replies)
[–] A2PKXG@feddit.de 5 points 1 year ago

Can Lemmy even protect itself against spam while being open?

[–] yoz@aussie.zone 5 points 1 year ago (1 children)

We need to find a way to get indexed on Google, Duckduckgo and other search engines.

[–] thessnake03@lemmy.world 2 points 1 year ago

Probably happening to some degree already, unless no robots is checked. No way lemmy jumps as high as reddit in seo for random things for a long while

[–] SerotoninSwells@lemmy.world 3 points 1 year ago (4 children)

Well done. I for one appreciate the effort you're putting into making this a better place by keeping the bots out. Any thoughts on what can be done to keep bots from signing up to begin with or is the plan to continuously purge inactive accounts? I know from experience that a lot of these bad actors are going to pivot and redouble their efforts. This is unfortunately a cat and mouse game that will continually need to be addressed. But, again, thank you for your work on this!

[–] kersploosh@sh.itjust.works 3 points 1 year ago

Instances should enable verification to create accounts (email or captcha). I think everyone learned that pretty quickly last month. Other than that, it's up to users to diligently flag content and moderators to be responsive. Maybe there are good automod tools coming to Lemmy someday, but those are an arms race, too.

load more comments (3 replies)
[–] ulu_mulu@lemmy.world 3 points 1 year ago

Good job!

[–] giddy@aussie.zone 3 points 1 year ago

Looks like a bunch of personal instances that forgot to turn off self-registration. The down ones likely crumbled under the load

[–] SmoothSurfer@lemm.ee 2 points 1 year ago (1 children)

Dude wtf, there are relatively many fucking servers which have well over thousands of inactive users. I checked some and it seems the mods of them are just posting under 5 posts on some other servers and than creating some communities in their own server and then leave quietly. Thats too sus... It may be too much paranoiac to think that there is more going about those servers but I just cant stop thinking it is too absurd

[–] nutomic@lemmy.ml 4 points 1 year ago* (last edited 1 year ago) (1 children)

Some of them are probably lurkers. Might be good for Lemmy to store the last login time, so admins can consider that when purging accounts.

[–] SmoothSurfer@lemm.ee 5 points 1 year ago

This is a possibility, but I think a lurker wouldn't sign up to those servers, they are literally randomly named empty servers. They would prefer more known servers, or they may just look up which server to choose and eventually end up on registering to known server.

[–] Blackmist@feddit.uk 2 points 1 year ago (4 children)

Does Lemmy have a way to link to a post that anyone can use?

I can click the links up there, but it takes me to sh.itjust.works and that's not where I am in the Fediverse, so when I get there I'm no longer logged in.

And if so, can we have it so "wrong" links are corrected into the right format?

load more comments (4 replies)
[–] kitsuneofinari@yiffit.net 2 points 1 year ago

Amazing and thank you!

[–] SouthFresh@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

Awesome work, and thank you for all of this, it is appreciated!

[–] dreikelvin@lemmy.world 2 points 1 year ago (2 children)

Suggestion: what if there was a lemmy instance solely for reporting malicious lemmy/fediverse servers? I've read some stuff about FBI crackdown and mastodon instances containing questionable material. Wouldn't it be gret to have some kind of federated "registry" of all the bad actors out there? I am pretty clueless, but would that help?

[–] gabe@literature.cafe 2 points 1 year ago

Might work. Like a lemmy admin coordination hub instance? On mastodon there is "fediblock," which is what you're describing.

I do know that there is lemmyadmin.site currently, but it's not extremely active as far as I can tell.

load more comments (1 replies)
[–] tyfi@wirebase.org 2 points 1 year ago (1 children)

Can you link to a process for purging bot accounts?

[–] kersploosh@sh.itjust.works 2 points 1 year ago

https://lemmy.ninja/post/30492

I referred the instance admins to this post.

[–] yoz@aussie.zone 2 points 1 year ago

Naa..I think instance admins have to let the crawlers index the content. Not sure if Admins have enabled it

[–] Drunemeton@lemmy.world 2 points 1 year ago

WOOO!

Thanks for keeping Lemmy healthy. ❤️

load more comments
view more: next ›