Hi there, Been running my own little Lemmy instance basically to see how it runs with federation and stuff like that. I have had open (email validation) for the odd person or 2 that might want to use it.

Early this morning (my time 4:43am) I had about 15 new users all at the exact same time registering as users with same structure names (random words) followed by 4 numbers. Being all within 1 minute of each other they are obvious bots.

Going through the UI I have not been able to find a way to remove them. I have since changed my registration policy to make the person fill in an application, captcha, email validation etc. to help stop polluting the ecosystem with bots.

Any help would be appreciated. I am running it all under docker

  • b3nsn0w
    link
    fedilink
    English
    9
    edit-2
    1 year ago

    the only mass solution i found to this was that i installed pgadmin, logged into the db, and manually removed all the bot accounts from local_user. you should also remove them from the person table as well (you can easily find them if you do SELECT * FROM person WHERE local = true ORDER BY published DESC in the query tool), that way they don’t show up in your instance stats, but removing them from local_user would be enough to stop them from logging in.

  • @Trapping5341
    link
    English
    71 year ago

    I feel attacked. 😂

    In all seriousness. They probably are bots but I personally just let bitwarden make me a username and this is the default way to generate one.

    • talungOP
      link
      fedilink
      English
      51 year ago

      lol, this made me chuckle… Are you an AI bot?

      • @Trapping5341
        link
        English
        51 year ago

        No fellow human of course I am not an Artificial Intelligence. I have no idea what would make you think I was.

    • @[email protected]
      link
      fedilink
      English
      41 year ago

      Bitwarden is great, takes out all the creativity and you end up with a username like mine.

      • @Trapping5341
        link
        English
        21 year ago

        I guessing you just deleted to numbers and went with the first option like I did 😂

  • @Ricaz
    link
    English
    61 year ago

    This is a problem for any web application. There are many solutions, none are perfect.

    On some sites (like 4chan) you’re required to solve a captcha every single time you post, unless you pay a yearly fee not to.

    To avoid it, you would need people actively monitoring, banning, and setting up bot detection patterns.

    Then again, there are cheap services online where real people are hired to create human accounts and spam you anyway, so…

    • talungOP
      link
      fedilink
      English
      31 year ago

      And How would I do that in the UI? This is the issue, haven’t found a way to even find those users on my system, even though it marks at 15 extra users.

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        Did you find a solution. The above comment with the database query should work. You can access the docker container where the database is running with docker exec -it instancedomain_postgres_1 busybox /bin/sh and then run psql -U databaseuser which by default is ‘lemmy’.

        Check docker ps to know the exact name of the postgres container which in your case likely is lemmytalungorg_postgres_1

        • talungOP
          link
          fedilink
          English
          3
          edit-2
          1 year ago

          Thanks, I have gone through and identified the REAL accounts gathered the ID’s and deleted the rest from local_user and person tables.

          Haven’t really played much with Postgress so took some time to look up all the functionality with that.

          EDIT: yup, made sure the person one was local only :)