Hello everyone,

Recently we have been dealing with a lot of spam from the kbin.social communities. There is a bug in kbin where moderation tasks are not federated to other instances. That means even if a moderator over at kbin removes a post, it will still be visible on Lemmy instances and it’s up to the instance admins to clean it up.

There have been talks about this in the Lemmy admin channels with some instances considering defederating from kbin.social - and others who have already made that step.

We don’t want to defederate, because we know this would impact the kbin community greatly - but we have to do something. That’s why we have currently removed most of the kbin communities from Lemmy World, making them unavailable to our users. But the kbin users can still view and interact with our communities and users.

This means that those spam-accounts will stil be able to post in our communities too, but at least it makes the task of moderation already a little bit lighter on our team. But it was either this or defederation. The moderation tools on kbin are in an even worse state then Lemmy’s.

We will keep monitoring the situation and will keep you up to date should anything change.

We hope you understand and support our decision.

The Lemmy World team

  • 𝕽𝖔𝖔𝖙𝖎𝖊𝖘𝖙
    link
    English
    2311 year ago

    Gotta do what you need to.

    Hopefully kbin development can fix their moderation tools and eventually be reconnected!

    • @droans
      link
      921 year ago

      Yep, this feels like a temporary change until things get fixed.

  • Arotrios
    link
    fedilink
    175
    edit-2
    1 year ago

    Hi - mod of a small kbin.social mag here - @13thFloor - and a lemmy.world user. Is there anything we can do on our end to help mitigate the problem, or make it easier to flag spam that makes its way to Lemmy? I’d be more than willing to include a note to the lemmy.world admins if a spam post is deleted off of a mag I mod here- just need to know who to contact.

    Side notes - Ernest (kbin.social admin) just responded on the spam issue here. The community has been actively working over here to flag and remove spam accounts (I’ve personally flagged close to 100). According to the most recent news from @ernest earlier last week, we’ve got a software update incoming, and a magazine cleanup in the works that will hopefully make an impact.

    • Antik 👾
      link
      771 year ago

      Heya! Not really. It’s just a few communities that are being spammed really hard, so only those are removed. I think the work you’re doing by flagging these spam accounts is already very helpful to Ernest and his team. He himself was kind enough to join us in this thread and give us some more information. For now all we can do is wait…

      Thank you for your patience and understanding :)

      • Arotrios
        link
        fedilink
        1
        edit-2
        1 year ago

        Hi - got a note from a user that @13thFloor isn’t federated over there any more as of yesterday. Looks like @scifi, modded by @inkican, was as well. Was there a reason these communities were defederated?

        • Antik 👾
          link
          2
          edit-2
          1 year ago

          Defederated is only on instance-level. A community can not be defederated, but it can be removed or purged. So far the only action we have taken is removing some of the Kbin communities (or magazines as they are called on kbin).

          Your community is still available on https://lemmy.world/c/[email protected]

          If you want to see which instances we are currently defederated from you can look that up here.

          So no, we didn’t block your community. But I do see some posts are not showing up on Lemmy World. Not sure why that happens, there haven’t been any changes on our end. We will update to Lemmy 0.18.5 tomorrow which resolves some federation issues.

          Edit: It actually was removed. now restored. Passed info to other admins.

          • Arotrios
            link
            fedilink
            21 year ago

            Thanks for the update. I’m still getting the following error across multiple browsers when I hit https://lemmy.world/c/[email protected]:

            Error!
            There was an error on the server. Try refreshing your browser. If that doesn’t work, come back at a later time. If the problem persists, you can seek help in the Lemmy support community or Lemmy Matrix room.

            Hoping it gets resolved with the update - was worried we’d screwed something up and gotten on your removed list.

            • Antik 👾
              link
              English
              21 year ago

              Huh. I’m sorry I have to check what happened but the 13thfloor was actually removed. I must have missed the ‘removed’ tag earlier. I restored it and I’ll make sure the other admins know not to remove that community. So it should be ok again.

              • Arotrios
                link
                fedilink
                11 year ago

                Thanks much! That fixed it for the 13thFloor. FYI, looks like @scifi is still blocked, and they’re generally pretty cool without spam issues.

    • @thisisawayoflife
      link
      25
      edit-2
      1 year ago

      How is it so easy to create spam accounts with Kbin? What kind of account validation is implemented? Email? Enforced 2FA? Just a curious dev who hasn’t started their own lemmy or Kbin instance yet.

        • @HowdWeGetHereAnyways
          link
          61 year ago

          It’s a start, but 2fa can’t stop spam.

          If one can automate account creation including saving totp secrets, you suddenly have 2fa authenticated bots able to send spam.

          Maybe you could get around that to some extent by leveraging sms verification during account creation, but how do you set that up to prevent burner numbers? Or smishing?

          These are hard problems to address

          • @elscallr
            link
            71 year ago

            Not to mention there are a lot of fediverse users who moved here because they didn’t want to give away personal information like their email and phone number.

          • @Venat0r
            link
            21 year ago

            Also a lot of real people might want to sign up without needlessly giving away personal information like thier phone number…

            Here’s one (possibly dumb?) idea I just had: implement a shadow ban for a period on new accounts so moderators can check what they’re posting before they’re allowed to post.

            • iquanyin
              link
              11 year ago

              i like this one! seems smart.

      • OpenStars
        link
        fedilink
        111 year ago

        When I signed up it was email + captcha. I cannot find even an option for voluntary 2FA.

        I don’t know the details but people who wanted to work on Kbin and looked into it say that it is a much less developed platform overall (i.e. not fully a beta and more like still in alpha, e.g. lacking a true API), but it does offer benefits socially (to further disconnect from the originators of the Lemmy software) and to have another codebase that offers federation.

        • @anlumo
          link
          English
          131 year ago

          Lemmy is also more of alpha-quality software. The admin tools are pretty much non-existent. On my own instance, I’ve had to go into the database to fix issues a lot using straight SQL, and I have like ten users on the platform. One of those issues caused my admin account to no longer being able to log in, another caused the whole instance to be down.

          • OpenStars
            link
            fedilink
            51 year ago

            Oh that’s interesting. Kbin lacks a formalized API (or at least it did - possibly this next update was going to address that and yet Ernst did say something about shifting priorities so maybe that’s bumped now) so I got the impression that Lemmy was further along, but yeah they both have a ways to go to catch up to the decade or so of work put into Reddit. Although the latter manages to find new & innovative ways to break itself constantly anyways so maybe both Kbin and Lemmy will meet it somewhere in the middle sooner than we might think? :-P (and yet slower than most people would like I’m sure:-D)

        • @thisisawayoflife
          link
          51 year ago

          Yeah it seems like it’s grown organically from a POC, which I think is sort of what Lemmy did too. I feel like this concept is ripe for a platform which has been designed from the start then implement.

  • 👁️👄👁️
    link
    fedilink
    English
    1281 year ago

    Devs learning in real time why social media (especially decentralized) should be designed moderation first in design.

  • @assassin_aragorn
    link
    611 year ago

    Seems like a very reasonable compromise to deal with the situation.

    Thanks again for the transparency and keeping everyone in the loop.

  • Flax
    link
    fedilink
    English
    501 year ago

    Hopefully this is resolved quickly. We are stronger together.

  • @mechatux
    link
    46
    edit-2
    1 year ago

    deleted by creator

  • Hegar
    link
    fedilink
    451 year ago

    Quick reminder that kbin was still fairly early in development when the reddit exodus began and sped things up much sooner than anticipated. A few teething issues are to be expected and Ernest, the dev, has been open and communicating about what’s going on.

    • @woelkchen
      link
      91 year ago

      Quick reminder that kbin was still fairly early in development when the reddit exodus began and sped things up much sooner than anticipated. A few teething issues are to be expected and Ernest, the dev, has been open and communicating about what’s going on.

      Given that kbin is written in PHP, I honestly don’t see much of a bright future for it. It’s not like hobbyist developers line up to write PHP.

        • @woelkchen
          link
          31 year ago

          Modern PHP is pretty pleasant once you learn the syntax IMO.

          And yet whenever programming languages come up, Rust comes out as a more popular whereas PHP is the “My job requires it but it’s not what I’d do for fun” language.

          • @zeppo
            link
            English
            101 year ago

            Far more people already know PHP than Rust, though. They’re also very different languages. While the syntax for Rust is nicer than other languages used for systems programming, there are people who question whether it is really appropriate for a web app. Certainly nobody questions whether that’s what PHP is good for.

          • @TCB13
            link
            English
            11 year ago

            Only if PHP and Rust could even be compared. lol totally different tools for different jobs.

            • @woelkchen
              link
              21 year ago

              And yet one is used for kbin and one is used for Lemmy and somehow both kinda achieve the same things of a Fediverse Reddit-like.

      • @Anonymousllama
        link
        81 year ago

        The system is based on the bleeding edge of the PHP stack, using PHP 8.3x and Symfony 6 as the framework. There’s plenty of devs out there, especially symfony ones. The main issues I’ve found is pulling in people who are interested in the ActivityPub side of the project.

        I think a few more months and most of the user-facing UI/UX issues will be improved. The moderation side, along with quality of life admin tools are definitely lacking though.

  • @petunia
    link
    421 year ago

    Spam has consistently been the death of the open internet, even the big tech silos struggle with spam (Instagram for example – despite having incredibly invasive techniques for identifying “genuine” users – is STILL inundated with spam commenters). I think instances on the fediverse should reconsider their open registration policy, either totally close registrations when you reach an agreed upon critical mass of users, or adopt some form of invitation or application system for new users. I believe Mastodon supports both in the software.

    • @Candelestine
      link
      English
      14
      edit-2
      1 year ago

      I agree. A hard limit would be a good idea, it’d nip a lot of problems in the bud.

      I’m as idealist as the next guy, but I was also a hellacious misfit once, so I know what it feels like to be a hate-fueled asshole. I really hope these Fediverse idealists have started to understand that assholes do exist, and they must take measures to defend themselves.

      Combat is a part of life. Violence is an aspect of competitive biology. You’re gonna have to deal with attacks here. Forever. Just get the fuck used to it, you’re at war and will be until you die or leave this place. Largely due to politics and the way open communication has not just empowered good people to create good things, but has also empowered extremists and criminals too. And they exist and have goals too, in case any of you people fucking forgot.

      • @theangryseal
        link
        61 year ago

        Well, shit. I had totally forgotten.

        I’m making a note now.

        For real though. You’ve summed it up pretty good here.

      • @[email protected]
        link
        fedilink
        English
        31 year ago

        I saw a punnet of really big grapes today. It was very cool; I’ve never seen grapes that big! Do you reckon they would’ve been like, suuuper juicy?

  • @JackSkellington
    link
    371 year ago

    I also noticed there was a lot of spam from kbin regarding the online sales of pharmacy drugs that require prescriptions.

      • @PmMeFrogMemes
        link
        181 year ago

        i mean theres so many kbin communities, which one???

  • Elevator7009
    link
    fedilink
    321 year ago

    Thanks for not cutting us off. I sub and post to a lot of lemmy.world communities, some of them small, and wouldn’t want to have to stop contributing or make a new Lemmy account.

  • Seraph
    link
    fedilink
    271 year ago

    Thanks for not defederating us! -Kbin users

    Ernest is working on a major update for Kbin but it might be still a couple weeks out.

    • @lwadminOPMA
      link
      571 year ago

      We are well aware of what’s going on with kbin and the development team. That’s why we don’t defederate because we have hope that they will fix things soon.

      • ernest
        link
        fedilink
        921 year ago

        I apologize for causing you trouble. I’m trying to resolve the situation as quickly as possible, but apart from the usual spammers, there have also been organized campaigns where, for an hour on Sunday mornings, our instance was flooded with spam from hundreds of accounts. This, of course, is causing federation issues. I’ve changed my priorities regarding the roadmap, and additional tools will be released soon. I will also ensure additional moderation. I will also get in touch with admins from other instances - my absence was due to personal issues I mentioned recently. Thanks for your understanding, and best regards.

        • Antik 👾
          link
          63
          edit-2
          1 year ago

          Hey Ernest,

          Having dealt with spam waves ourselves we are certainly understanding of the situation! I read your status updates and what has been going on. That is also why we choose to close the problematic communities/magazines instead of defederating.

          We really hope that you find the time and peace to resolve these things. There is no bad will here, we know that these things need time. If there is anything we can do to help feel free to reach out.

  • @Gabu
    link
    271 year ago

    So that’s why the modlogs were going ballistic. Oh, well, I hope things are fixed soon.

  • @Anonymousllama
    link
    241 year ago

    There’s been a heap of development going on with kbin recently, with a release upcoming. Overall the development process has been a bit slow with Ernest (the guy who owns the project) having personal issues to resolve.

    Definitely the moderation process needs to be improved so that we have better ways of addressing spam so it doesn’t bother other instances.

    Personally I’m of the opinion that we should be using a metric based system where we weigh in the users date or creation, overall interactivity, upvote / downvote ratio and other data to potentially flag spam users. But honestly fighting spam is really hard and all of that would have to be built (plus it’s a public repo so bad actors could look for how this is pieced together and find new ways to get past)