sh.itjust.works Main Community

7584 readers

1 users here now

Home of the sh.itjust.works instance.

founded 1 year ago

MODERATORS

TheDude@sh.itjust.works

manifex@sh.itjust.works

biela@sh.itjust.works

imaqtpie@sh.itjust.works

179

PSA: Many Lemmy instances are currently experiencing massive automated sign-ups (bots)! If you run an instance with open sign-ups, please read! (sopuli.xyz)

submitted 1 year ago by DivergentHarmonics@sopuli.xyz to c/main@sh.itjust.works

45 comments fedilink hide all child comments

cross-posted from: https://lemm.ee/post/177673

Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

Open sign-ups

No captcha

No e-mail verification

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

Close sign-ups entirely

Only allow sign-ups with applications

Enable e-mail verification + captcha for sign-ups

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.

you are viewing a single comment's thread
view the rest of the comments

[–] imaqtpie@sh.itjust.works 9 points 1 year ago (1 children)

Captcha is seemingly what is protecting this instance. Although it is bypassable in theory, it's working for us right now.

As the other commenters mentioned they are planning to remove Captcha in the next update but also other people have created an issue on GitHub to keep Captcha.

[–] themoonisacheese@sh.itjust.works 4 points 1 year ago

Bypassing captcha is technically possible but very hard, hard enough that it doesn't make sense financially to do it. Keeping it is a must. If they do end up removing it, we need to add it back in (actually not that hard to do)