So some spam signups just happened (all [email protected] format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn’t work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let’s see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn’t that fast in unblocking the domain. Closing signups again because validation mails aren’t sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

  • Philip
    link
    fedilink
    832 years ago

    I ran into the issue on my instance as well, but checking the Captcha option in admin settings, stopped the signups for me.

  • @Emanresu
    link
    16
    edit-2
    1 year ago

    deleted by creator

    • RuudOPMA
      link
      492 years ago

      Yes the devs should do that. We’re currently discussing the the Lemmy matrix chat.

    • Dr. Moose
      link
      36
      edit-2
      2 years ago

      Captchas are laughably easy to get around but they do work against dumb script kiddies which seems this attack is originating from.

    • @possiblylinux127
      link
      62 years ago

      I’m down as long as its privacy friendly and doesn’t use non-free javascript

  • @ghariksforge
    link
    472 years ago

    I love how transparent you are with the management of this instance. Kudos!

    • Phil
      link
      172 years ago

      This, Refreshing 😀👍

  • Sorenchu
    link
    202 years ago

    Sounds frustrating. Thanks for doing what you do and letting us join your server! Hope the captcha works out.

  • @flint5436
    link
    182 years ago

    Those usernames are so unimaginative. Who would pick a name like that?

    • @samus12345
      link
      182 years ago

      I know, right? That’s the kind of thing an idiot would have on their luggage!

    • @lwuy9v5
      link
      22 years ago

      yea! gosh! who would just randomly generate a username? The nerve…

  • rastilin
    link
    fedilink
    182 years ago

    Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using… then it reports success but doesn’t actually create the account or send an email. Spam problem over.

  • @fsk
    link
    132 years ago

    I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as “What is 2+3?” and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

        • @joyjoy
          link
          English
          72 years ago

          The solution there is to provide a voice over of the captcha.

    • Sir_Kevin
      link
      52 years ago

      I made one that phrased it as “The sum of 2 and 3”. Weeds out bots and less sophisticated people.

    • @lwuy9v5
      link
      42 years ago

      fwiw - there’s always an arms race between spammers and people trying to not get spammed. It’s often better to use off-the-shelf captcha’s or something as there are people who are able to put a LOT MORE resources into it (like Google, who has billions of dollars on the line to prevent ad-fraud and identify bots)

      • @fsk
        link
        62 years ago

        I used a custom captcha for my personal WordPress blog. It eliminated all the spam. (Fun fact: The spammers know how to work around most anti-spam WordPress plugins. If you roll your own, they aren’t going to update their spambot for one blog.)

        I also used a custom captcha at work. We couldn’t use 3rd party filters because it was marking our customers’ comments as spam! The custom captcha also eliminated all the spam.

        There’s also a problem with using 3rd party spam services. You have to give them all your data. You also usually have to pay for it, which can be a problem when you’re working for people with a tiny budget.

  • Salamander
    link
    fedilink
    92 years ago

    Uff, that’s annoying. Thank you for the warning. I have re-instated a signup application for my instance to prevent this.

  • Argyle13
    link
    9
    edit-2
    2 years ago

    I was trying to open my account just when lemmy.world was closed earlier. When I pressed the button to create it I only got and enless “charging” animation. But when it reopened, I just started the process again, and was as easy as a breeze and extremely fast. Glad to be here! (and this is my first post)

  • NataliePortland
    link
    fedilink
    English
    92 years ago

    Thanks for the tip- I’m having the same issue. How do I ban those accounts? I can’t even tell who my users are

    • RuudOPMA
      link
      English
      102 years ago

      I did it in the database, so if you can access your database I can assist.

      • @[email protected]
        link
        fedilink
        English
        2
        edit-2
        2 years ago

        My instance also experienced this. I’m the only active user (I made it a day ago), but the user count is up to 2K now. It stopped after I enabled captchas, but I want to remove these spam accounts so they don’t cause issues in the future.

        I don’t even have a slight clue as to what I should look for in my database.

        • RuudOPMA
          link
          English
          52 years ago

          Contact me via Matrix if possible @ruud:h-y-p-e-r.space

        • @[email protected]
          link
          fedilink
          English
          32 years ago

          If you haven’t figured it out yet or got a response yet, hop onto the instance admin group on matrix for Lemmy (details are on the GitHub or join Lemmy page somewhere I believe) and one of the many other folks running instances can probably walk you through it

  • Chaos
    link
    82 years ago

    Becareful with this. There’s a clear trend of massive amount of bot accounts flooding lemmy as a whole

    • @lwuy9v5
      link
      4
      edit-2
      2 years ago

      Becareful with this. There’s a clear trend of massive amount of bot accounts flooding lemmy as a whole

      I am not sure there’s anything in that that denotes “massive amount of bot accounts”. Seems more like “a lot more people made lemmy accounts than stuck around” which is unsurprising.

      Why would a bot account show up in one of your graphs and not the other?

      • @gyro
        link
        3
        edit-2
        2 years ago

        they’re waiting to use the bots when the community is large, over a long period of time. This way it’d be hard to detect the bots.

        • @lwuy9v5
          link
          11 year ago

          I take my comment back, you are totally right. There are a few ghost town instances with 80k users. Super obvious if you look at the active users vs users, or users vs comments. My bad -_-

  • ThesePaycheckAvenging
    link
    fedilink
    72 years ago

    Lucky me, I guess, since I use a masked email address that looks fake too (anon addy). I really dislike to give my email address when testing Reddit alternatives.

    • @Distributed
      link
      32 years ago

      Just buy a cheap domain to point to anonaddy or simplelogin so you dont need to use one of their domains