this post was submitted on 20 Jun 2023
179 points (100.0% liked)

sh.itjust.works Main Community

7584 readers
1 users here now

Home of the sh.itjust.works instance.

Matrix

founded 1 year ago
MODERATORS
TheDude@sh.itjust.works
manifex@sh.itjust.works
biela@sh.itjust.works
imaqtpie@sh.itjust.works
179
PSA: Many Lemmy instances are currently experiencing massive automated sign-ups (bots)! If you run an instance with open sign-ups, please read! (sopuli.xyz)
submitted 1 year ago by DivergentHarmonics@sopuli.xyz to c/main@sh.itjust.works
45 comments fedilink hide all child comments
 

cross-posted from: https://lemm.ee/post/177673

Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

  • Open sign-ups
  • No captcha
  • No e-mail verification

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

  1. Close sign-ups entirely
  2. Only allow sign-ups with applications
  3. Enable e-mail verification + captcha for sign-ups

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.

you are viewing a single comment's thread
view the rest of the comments
[–] Demigodrick@lemmy.zip 22 points 1 year ago (4 children)

This happened to me, although luckily I managed to turn off registration after about 80 signups. I did have email verification enabled but noticed that every single email address was fake/the email bounced, so they havent been able to verify the accounts and post.

I have now enabled applications (along with email verification) - does anyone have any opinion on using captcha instead of applications? I feel like captcha has already been defeated by bots.

[–] blayde@lemmy.blahaj.zone 11 points 1 year ago (1 children)

Fwiw the captcha support in lemmy is probably going away soon. It needs to be reimplemented into another database table (or something like that) anyway. Given that it is too hard for many humans, too easy for many bots, and devs are slammed with work, makes more sense to delete as a first step

[–] hoshikarakitaridia@lemmy.fmhy.ml 3 points 1 year ago* (last edited 1 year ago)

I don't have the time right now but someone should double check if captcha rework is in the GitHub issues as well so that they not only remove it but keep track of redoing it later as well...

load more comments (2 replies)