The vast majority of the instances in that screenshot have known jumps from 1~50 users to tens of thousands in less than a day. These instances also happen to not require a captcha on sign up.
It may very well be that instance owners are innocent as some have really been victims of bot attacks and simply forgot that you could enable captchas for sign-ups, nevertheless I think instance directories like Lemmyverse.net should start disincentivizing anyone from inflating his own instance with tens of thousands of bots in order to get on top of those “leaderboards”.
That’s certainly another theory why these bot accounts don’t actually seem to do anything (so far). But it doesn’t fit to the picture that lots of naive instance admins seem to ask for help against this.
I am starting to think that it is either some test run or a greyhat that wants to force instance admins to improve registration security before actual bad actors exploit them.
I like the greyhat theory! The bots have indeed been inactive.
deleted by creator
It’s a spam attack: https://lemm.ee/post/177673
It has nothing to do with instance owners inflating numbers, it’s unsophisticated instance owners getting attacked when they’re not paying attention.
Wow talk about thinking the worst of people right off.
How would it benefit an instance to be on the top of the leaderboard. Having more people on your instance means higher server costs. The optimal situation is to have a small group of people on each instance but just more instances.
The vast majority of the instances in that screenshot have known jumps from 1~50 users to tens of thousands in less than a day. T
I think that’s taking it too far and jumping to conclusions. I cannot think of a single instance of an instance admin inflating their numbers with bot accounts or in any other artificial way, and I’ve been on fedi before it was called fedi.
This is almost certainly external bad actors taking advantage of captcha-less open signups.
