cross-posted from: https://lemm.ee/post/177673
Cross posting this here for visibility since lemmy.ml federation has been very hit or miss the last week. Original post from @sunaurus@lemm.ee
Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.
For now, it seems that the bots are especially targeting instances that have:
- Open sign-ups
- No captcha
- No e-mail verification
I have put together a spreadsheet of some of the most suspicious cases here.
If this is affecting you, I would highly recommend considering one of the following options:
- Close sign-ups entirely
- Only allow sign-ups with applications
- Enable e-mail verification + captcha for sign-ups
Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!
Please comment below if you have any questions or anything useful to add.
I think there is a gold rush going on here - a race to register usernames and community names in the event that a mass migration starts.
This seems to be an issue on reddit aswell currently. Someone was guessing it may have to do with the presidential elections next year?
You should make the spreadsheet private, otherwise botters will find it. Don’t make their job too easy.
Not my spreadsheet, this is a crosspost. Also it looks like the content is being auto-generated and the sheet is read-only. There’s nothing they could really do by having this information.
Why wouldn’t an instance require an email and a captcha? Seems like such an easy add that’s totally worth if it even just reduces bot traffic.
I can see a reason for email in that people might want to minimize storing personal data.
A captcha seems pretty harmless in any case.
anonaddy or simplelogin are your friend.
Friends? I never heard of them.
I’ll have a look though.
