Here you can see 2 day old post warning about the danger of not using email/captcha verification: https://lemmy.ml/post/1345031

And here are stats of lemmy platform where it shows that we gained 200 000 lemmy users in 2 days: https://lemmy.fediverse.observer/dailystats

Another tracking site with the same explosion in users: https://the-federation.info/platform/73

What do you think? Is it some sort of a bug or do people run bot farms?

Edit2: It’s been now 3 days and we went from 150 000 user accounts 3 days ago to 700 000 user accounts today making it 550 000+ bot accounts and counting. Almost 80% accounts on lemmy are now bots and it may end up being an very serious issue for lemmy platform once they become active.

Edit3: It’s now 4th day of the attack and the amount of accounts on lemmy has almost reached 1 200 000. Almost 90% of total userbase are now bots.

Edit 3.1: my numbers are outdated, there are currently 1 700 000 accounts which makes it even worse: https://fedidb.org/software/lemmy

  • animist
    link
    fedilink
    English
    1231 year ago

    I ONLY SEE OTHER HUMANS WHO EAT FOOD WITH THEIR MOUTH HOLES

    • @[email protected]OP
      link
      fedilink
      English
      32
      edit-2
      1 year ago

      When reddit migration begun we saw a huge bump in users and it was steadly stabilising and less users were joing, then this huge bump happened. You can go browse lemmy instances and see how many instances are ghost instances with 0 posts and comments that have tens of thousands of users.

      • HTTP_404_NotFound
        link
        fedilink
        English
        241 year ago

        Do also note- instances with little activity aren’t that unusual though-

        My instance for example- I don’t really have any communities here, other then a few local to my server. As such, its activity… is pretty low. Everything happens elsewhere.

      • @[email protected]
        link
        fedilink
        English
        121 year ago

        There a new influx in the user migration as well, as some subreddits started pinning lemmy and kbin.social instances on their subs. Also if you go on protest subreddits (such as ModCoord and Save3rdPartyApps) almost every post has a thread/comment redirecting people to the fediverse.

        • @eric5949
          link
          English
          191 year ago

          I love how beehaw defederated lemmy.world because too many people signed up but a bot instance with almost 50k users is fine. Sorry if I come across as harsh but I just increasingly see that instance as a complete joke.

          • @T156
            link
            English
            71 year ago

            In fairness, that instance probably hasn’t started interacting with their communities just yet, or else they would consider defederating. I doubt that they spend enough time to start trying to defederate from every instance over x amount of users, only the troublesome ones. They probably don’t have the manpower to scan for every instance over x amount of people, and to defederate from them, if they were already have enough trouble keeping up with sh.it.just.works and lemmy.world’s userbases.

          • @dystop
            link
            English
            61 year ago

            i pretty much consider beehaw a separate thing of its own at this point.

  • @Badass_panda
    link
    English
    33
    edit-2
    1 year ago

    Where are you getting that 90% figure? I’m seeing stratospherically higher activity than I was a week ago, I’m willing to buy half to 2/3 of those accounts being a combination of alt accounts, duplicate accounts (e.g., people moving off beehaw) and bot accounts, but 90% bots sounds implausible.

    Nobody is making 1.6 million bots to target 100,000 users.

    • @[email protected]OP
      link
      fedilink
      English
      -21 year ago

      The platform has no measures against farming bots that’s why the number of bots is this stupid high, it’s very easy to do at the moment.

      • @minimar
        link
        English
        121 year ago

        You were asked to source the number you’re using.

      • @Badass_panda
        link
        English
        91 year ago

        But everyone’s evidence that it’s happening a lot is that there are lots of new users, and that it’d be easy to make it happen.

        That’s conjecture, not evidence.

  • OpenStars
    link
    fedilink
    281 year ago

    Test: if it says “hey guys, remember how great Reddit was, we should totally go back!?” - then it’s a bot:-P.

      • @[email protected]
        link
        fedilink
        41 year ago

        That’s my theory too. He’s acting like a cornered animal and needs to drive traffic back to reddit. What better way to do that than to break the website power users have been migrating to and advertising on Reddit?

        Then June 30 the straggling migrants still holding out til the end will come over to a broken website.

        I think spez hopes that their broken spirit and desperation will help drive people back to reddit, but a bot influx this huge, he must be legitimately worried.

        It could also be spez bootlickers, but I would be shocked if someone who had the same knowhow to build a bot army was simultaneously stupid enough to not see the bigger picture happening at corporate.

    • @ZcaT
      link
      41 year ago

      hey guys, remember how great Reddit was, we should totally go back!?

      • OpenStars
        link
        fedilink
        3
        edit-2
        1 year ago

        Nice try, bot! :-P

        (Edit: I want to boost your comment, but I don’t want my record to show that I boosted a comment like THAT!:-D)

  • @[email protected]
    link
    fedilink
    English
    271 year ago

    That’s worrying. Though at least it seems they’re mostly confined to a few particular instances. Defederating is a great tool that will definitely mitigate the worst of it, but at the same time this is uncharted water - there’s no real way of knowing what exactly will happen in a large scale attack.

    Just creating accounts isn’t an attack, but it’s going to suck when there actually is one. I wonder if they’ll try to be subtle and use AI or recycled content, or if they’ll just use the accounts for spam or DDoS?

    • @[email protected]
      link
      fedilink
      English
      351 year ago

      Probably they are getting ready for some vote manipulation and astroturfing for the long run.
      You know, in case Lemmy and the Fediverse really get mainstream enough to move the public opinion in some way.

      Having a thousand accounts that can upvote a seemingly innocent post made by an active and “real” account is always useful.

      • @[email protected]
        link
        fedilink
        English
        131 year ago

        Yeah good point. I think these particular bot instances are being way too obvious to do any major damage - not when it’s as simple as it is to defederate them - but what’ll happen when it’s not 100k bots on one instance, but 1000 instances with 100 bots apiece?

        Let’s hope Lemmy gets the tools needed to deal with this. I wonder how Mastodon does it? They’ve been around a while, I’m sure they’ve had similar issues.

        • @T156
          link
          English
          41 year ago

          It might not even be a case of 1000 instances. The nature of Lemmy is such that they could get around a defederation by simply firing up a new instance.

          There’s not much in the Lemmy toolkit that can deal with people firing up a brand new instance to spam with. You can defederate from them after the fact, but it doesn’t stop them making a new one, and continuing.

      • @[email protected]
        link
        fedilink
        41 year ago

        These things are always going to be an issue on Lemmy though. Alt detection will basically be impossible.

      • Dick Justice
        link
        English
        1
        edit-2
        1 year ago

        Or worse, like Twitter aand Facebook misinformation campaigns.

  • @eric5949
    link
    English
    241 year ago

    Are they doing anything to solve this? Because if not this platform will die

    • @[email protected]
      link
      fedilink
      English
      171 year ago

      More robust instances will have to defederate instances with high concentration of bots and monitor their own new users. Maybe also implement email verification or captchas

      • @[email protected]OP
        link
        fedilink
        English
        7
        edit-2
        1 year ago

        Instances already have an ability to turn on both captchas and email verification.

        • @ewe
          link
          English
          91 year ago

          There are almost 1000 lemmy instances already. Getting individuals to fix their signup settings so that they mandate CAPTCHA likely will have to be driven from the lemmy product update level and an agreed upon defederation list for non-conformant instances.

          And bot farms would be able to spin up new instances themselves, so being able to do a blacklist based federation model (federate with all by default except x, y, and z) isn’t going to be viable. There’s going to have to be a whitelist (federate only with a, b, and c) and maintaining that as new instances get added will be problematic without an overarching way of pushing updates of known “good” instances automatically.

          • @gyro
            link
            English
            1
            edit-2
            1 year ago

            yeah. this is exactly what has to be done and ASAP. hope people on github have the same mindset.

            • @[email protected]
              link
              fedilink
              English
              11 year ago

              I do not, and that comment might put you on the list of people behind this attack.

              As well it can put me behind it.

              Are bots creating accounts? Yeah, most definitely. Do we have the tools to fight it, no we do not.

              The only tool would be predicting behavior and, for example, adding additional question/action few days after registering.

    • @[email protected]
      link
      fedilink
      English
      4
      edit-2
      1 year ago

      Anyone can spin up an instance and create a bajillion bots. That doesn’t matter at all. You cant solve that while being open source.

      The question is: is whoever doing this USING the bots? Doesnt seem like it yet. And doing it this way would be stupid as well, those bot instances would just get insta-blocked.

    • mycus
      link
      fedilink
      1
      edit-2
      1 year ago

      01101001
      10010110
      10010110
      01101001


      edit: lmao got’em

      • @[email protected]
        link
        fedilink
        11 year ago

        Are you referring to a separate thread I commented on yesterday with a totally separate user where I said “Nazi punks fuck off?”

        If you took offense to that brother I’m sorry I stand by my words. Even moreso today, even.

        What I’m curious in is why you commented on an unrelated comment in a different thread, with either a secondary account or you weren’t connected to it at all?

        • @Endlessvoid
          link
          11 year ago

          Bro I’m pretty sure they were just playing off your binary joke by pretending that it reads “fuck off” in binary.

  • soft_frog
    link
    fedilink
    181 year ago

    I work in tech, this wouldn’t surprise me.

    Where there are eyeballs there is spam. People even put spam in the Google Analytics referral field and that’s only ever going to get seen by the site owner.

    It really says nothing about the health of the ecosystem, if it’s moderated and not filling the frontpage it’s only an issue for the server admins.

    I’ve fought spammers and one alone could create these numbers in a day.

  • @[email protected]
    link
    fedilink
    English
    171 year ago

    Drivel. We are normal meat units filled with flesh. Now if you will excuse me, I am off to absorb nourishment from organic matter.

    • @PaulieDied
      link
      English
      31 year ago

      I love to sit on the… the thing and just, you know, shoot one out

      • @chaos
        link
        English
        21 year ago

        Sir, are you aware you’re leaking coolant at an alarming rate?

    • xbhaktapur
      link
      English
      81 year ago

      That is something a bot would say.

      Hmmmm

    • @[email protected]
      link
      fedilink
      English
      51 year ago

      I used to think I wasn’t a bot but then I failed a bunch of captchas and now I’m not so sure.

      • Ledditor
        link
        fedilink
        English
        01 year ago

        ha ha. I got tired solving google captchas when using VPN and switched to BING.which surprisingly is not bad. I feel Bing is much responsive than google.

        • @[email protected]
          link
          fedilink
          English
          21 year ago

          My issue is Cloudfare makes me solve them often when I’m using a vpn and I swear 90% of the internet uses Cloudflare.

  • Bilb!
    link
    fedilink
    English
    141 year ago

    I’ve yet to see any of them start posting. On my instance none of them could pass email validation because the emails were fake. I imagine this is true for many instances with a ton of bot sign-ups.

    I think just reporting sign-ups as “users” is misleading. The user count on lemmy should reflect only approved/activated accounts, imo.