Hello, I noticed that my user count started going up much quicker than it should have. We probably have no more than 20-30 people on my instance at most, but the user count is now into the thousands.

Screenshot taken last night

Screenshot taken a few minutes ago

I’m not really sure what could be causing this, but it seems like some sort of database issue. I recently upgraded the server plan, since it’s a VPS. Perhaps sending the shutdown signal and not manually stopping the Docker container caused PostgreSQL to shit itself. (Yeah, this was probably a bad idea). While I’m a bit rusty, I did have a semester class on SQL that might come in handy. Any ideas on what I should do?

I suppose it could also be account spammers, so I did try and enable captchas. Unfortunately, email verification is still not an option for me to enable at this point. Assuming this was the issue, is there a way to remove the spam accounts?

The captcha did seem to stop the endless tick of the user count, but I’m not sure how we can get rid of the spam accounts.

  • RuudMA
    link
    English
    62 years ago

    I can help. Message me on matrix if you can @ruud:h-y-p-e-r.space

    • EuphoricPenguinOP
      link
      fedilink
      English
      22 years ago

      I have some experience with SQL queries, so I’ll try and wrangle with the DB to get things ironed out.

  • @[email protected]
    link
    fedilink
    English
    22 years ago

    I had the same issue with spam accounts being created and ended up logging into postgres and deleting user accounts that didn’t have a verified email. My instance is very fresh though and doesn’t have a ton of non-me users so I could safely delete them. Once I enabled captcha and deleted those accounts I don’t have issues with user counts.

  • poVoq
    link
    fedilink
    English
    22 years ago

    Yes, there is a spambot attack ongoing that targets instances with open registration and no email verification, captcha or admin approval.

    • EuphoricPenguinOP
      link
      fedilink
      English
      12 years ago

      Does Lemmy have any tools to mass-delete new accounts within a time-frame?

      • poVoq
        link
        fedilink
        English
        3
        edit-2
        2 years ago

        AFAIK no and I hate to state the obvious, but it is a really bad idea to open a service to the public with no registration checks in place what so ever. Especially in a federated network, where is also effects other servers.

        Right now I think you will have to delete them manually from the database.

        • EuphoricPenguinOP
          link
          fedilink
          English
          22 years ago

          Yeah, I’ve already made a few blunders that I’m learning from. I’ll see what I can do.

  • EuphoricPenguinOP
    link
    fedilink
    English
    22 years ago

    I also don’t know if this is related or expected behavior, but this instance seems to be automatically banning user accounts on other instances. They do seem to be NSFW or related to inappropriate topics, but I had no idea that this was something Lemmy automatically did.

    • poVoq
      link
      fedilink
      English
      12 years ago

      That is unrelated and currently expected behaviour. Could be improved though, I agree.

  • Sens
    link
    fedilink
    English
    12 years ago

    Feddit.uk is also experiencing massive gains in users, I hope it’s real users, I’m not an admin but been keeping an eye on the stats.

    Looping @[email protected] in case he see’s similar spam users

    • EuphoricPenguinOP
      link
      fedilink
      English
      1
      edit-2
      2 years ago

      Do you guys have captchas enabled? That did the trick for me for now. I would be careful about enabling email verification, as that is something that the account spambots are also apparently targeting. If you’re on a free tier of an SMTP relay service, it could quickly burn through your quota.

      • Sens
        link
        fedilink
        English
        12 years ago

        Could this be a DDOS attempt on Lemmy instances, the times you stated match what I see and the instance has started to slow.

        We don’t have captchas right now and our admin is out of office this week😬

        • EuphoricPenguinOP
          link
          fedilink
          English
          12 years ago

          You said that you’re an admin, right? Captchas are something you can easily turn on in the admin panel.

          • Sens
            link
            fedilink
            English
            12 years ago

            Nope not an admin, thinking about setting one up tomorrow though.

            • EuphoricPenguinOP
              link
              fedilink
              English
              12 years ago

              Are you the operator of the server? There is an option in the .hjson file to configure a default admin log-in. It’s pretty easy to edit that and push up changes if you used the Ansible install.