Hello, I noticed that my user count started going up much quicker than it should have. We probably have no more than 20-30 people on my instance at most, but the user count is now into the thousands.
Screenshot taken last night
Screenshot taken a few minutes ago
I’m not really sure what could be causing this, but it seems like some sort of database issue. I recently upgraded the server plan, since it’s a VPS. Perhaps sending the shutdown signal and not manually stopping the Docker container caused PostgreSQL to shit itself. (Yeah, this was probably a bad idea). While I’m a bit rusty, I did have a semester class on SQL that might come in handy. Any ideas on what I should do?
I suppose it could also be account spammers, so I did try and enable captchas. Unfortunately, email verification is still not an option for me to enable at this point. Assuming this was the issue, is there a way to remove the spam accounts?
The captcha did seem to stop the endless tick of the user count, but I’m not sure how we can get rid of the spam accounts.
I can help. Message me on matrix if you can @ruud:h-y-p-e-r.space
I have some experience with SQL queries, so I’ll try and wrangle with the DB to get things ironed out.
I had the same issue with spam accounts being created and ended up logging into postgres and deleting user accounts that didn’t have a verified email. My instance is very fresh though and doesn’t have a ton of non-me users so I could safely delete them. Once I enabled captcha and deleted those accounts I don’t have issues with user counts.
Yes, there is a spambot attack ongoing that targets instances with open registration and no email verification, captcha or admin approval.
Does Lemmy have any tools to mass-delete new accounts within a time-frame?
AFAIK no and I hate to state the obvious, but it is a really bad idea to open a service to the public with no registration checks in place what so ever. Especially in a federated network, where is also effects other servers.
Right now I think you will have to delete them manually from the database.
Yeah, I’ve already made a few blunders that I’m learning from. I’ll see what I can do.
I also don’t know if this is related or expected behavior, but this instance seems to be automatically banning user accounts on other instances. They do seem to be NSFW or related to inappropriate topics, but I had no idea that this was something Lemmy automatically did.
That is unrelated and currently expected behaviour. Could be improved though, I agree.
Feddit.uk is also experiencing massive gains in users, I hope it’s real users, I’m not an admin but been keeping an eye on the stats.
Looping @[email protected] in case he see’s similar spam users
Do you guys have captchas enabled? That did the trick for me for now. I would be careful about enabling email verification, as that is something that the account spambots are also apparently targeting. If you’re on a free tier of an SMTP relay service, it could quickly burn through your quota.
Could this be a DDOS attempt on Lemmy instances, the times you stated match what I see and the instance has started to slow.
We don’t have captchas right now and our admin is out of office this week😬
You said that you’re an admin, right? Captchas are something you can easily turn on in the admin panel.
Nope not an admin, thinking about setting one up tomorrow though.
Are you the operator of the server? There is an option in the .hjson file to configure a default admin log-in. It’s pretty easy to edit that and push up changes if you used the Ansible install.