cross-posted from: https://lemm.ee/post/177673

Cross posting this here for visibility since lemmy.ml federation has been very hit or miss the last week. Original post from @[email protected]

Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

  • Open sign-ups
  • No captcha
  • No e-mail verification

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

  1. Close sign-ups entirely
  2. Only allow sign-ups with applications
  3. Enable e-mail verification + captcha for sign-ups

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.

  • @cerevant
    link
    English
    121 year ago

    Right now the instances are working to stifle this by restricting account creation, but we’re just a step away from spammers creating instances on demand, flooding networks with stuff like the crypto spam on Reddit. I’m thinking major instances are going to have to go whitelist federation as a result.

    • marsokod
      link
      English
      81 year ago

      I would not be surprised if at some point you have a few whitelists, or some kind of reputation management for instances. One could even say they can have a karma number associated to them.

      In the end, this is the same problem as for emails and the landscape will probably structure itself around several big actors and countless of smaller actors who will have to be really careful in order to not be defederated.

      • @Zak
        link
        English
        51 year ago

        A reputation system is really important. Open federation may not be viable long term without one.

      • @[email protected]
        link
        fedilink
        English
        2
        edit-2
        1 year ago

        That’s an interesting idea. For each instance give users the ability to mark as spam comments/posts, then make it so each instance keeps track of what the ratio of spam vs not-spam is coming from peer instances and block any that exceed a certain ratio. It could easily be made automatic with manual intervention for edge cases.

        One issue I could see is that it could be used as a way of blacklisting smaller instances from larger instances by using bot accounts on the larger instances to mark the smaller instance’s legitimate traffic as spam. It would likely be necessary to implement a limit on how young/active an account can be to mark comments/posts as spam, as well as rate-limiting for situations where a given smaller community that is a subset of the larger one decides to dogpile on a smaller instance in an attempt to block them from the entire community.

    • Ulu-Mulu-no-die
      link
      English
      41 year ago

      Then we need better tools to detect those.