this post was submitted on 20 Jun 2023
56 points (100.0% liked)

FREEMEDIAHECKYEAH

349 readers
1 users here now

๐Ÿฟ ๐Ÿ“บ ๐ŸŽต ๐ŸŽฎ ๐Ÿ“— ๐Ÿ“ฑ


๐Ÿดโ€โ˜ ๏ธ Wiki / ๐Ÿ’ฌ Chat


Rules

1. Please be kind and helpful to one another.

2. No racism, sexism, ableism, homophobia, transphobia, spam.

3. Linking to piracy sites is fine, but please keep links directly to pirated content in DMs.

founded 1 year ago
MODERATORS
 

Here you can see 2 day old post warning about the danger of not using email/captcha verification: https://lemmy.ml/post/1345031

And here are stats of lemmy platform where it shows that we gained 200 000 lemmy users in 2 days: https://lemmy.fediverse.observer/dailystats

Another tracking site with the same explosion in users: https://the-federation.info/platform/73

What do you think? Is it some sort of a bug or do people run bot farms?

Edit: If you want to track if there's any sudden bump in amount of users on our instance you can do so here: https://the-federation.info/node/details/50294

Edit2: It's been now 3 days and we went from 150 000 user accounts 3 days ago to 700 000 user accounts today making it 550 000+ bot accounts and counting. Almost 80% accounts on lemmy are now bots and it may end up being an very serious issue for lemmy platform once they become active.

One of the admins announced in the comments that they will be defederating bot instances, you can track defederated by us instances here: https://fba.ryona.agency/?reverse=lemmy.fmhy.ml

Edit3: It's now 4th day of the attack and the amount of accounts on lemmy has almost reached 1 200 000. Almost 90% of total userbase are now bots and so far our instance didn't experience any sudden increase in the amount of created accounts.

Edit 3.1: my numbers are outdated, there are currently 1 700 000 accounts which makes it even worse: https://fedidb.org/software/lemmy

top 25 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 17 points 1 year ago (1 children)

There's definitely bot farming. Someone i know on Mastodon posted this yesterdar: Post in spanish

this is a translations made by google and I changed some words: "I set up an instance of Lemmy, to test a few things. I passed it on WhatsApp to a group of people, so they could look at it. I always had the federation turned off because it's a test instance and I don't want to screw anyone in other instances. I had the configuration that it sends me an email if someone asks to register. Eventually trying configurations, I ended up leaving it with open registers. Last night I got about twenty new account registrations, with names that seem to want to imitate subreddits (ragequit, yolo, hype, things like that; I don't know subreddits like that but it sounds like they might exist). And various things:

  1. This instance doesn't connect to anything, nobody (apart from a group of people who reacted with total apathy to the issue) had that domain. It was not published, it was not federating. Registrations came just the same. It occurs to me that since it is lemmy. there is a bot testing that scheme with different domains.
  2. Lemmy sent me an email letting me know that these people applied for registration, but I can't see the registration application anywhere, because there was no application, there was registration. And that email is turned off by default. With a Lemmy instance configured "out of the box" you wouldn't know.
  3. Maybe it's me, but from the UI (at least on the phone) I can't find a way to see the list of users. I know the names from the email that came to me. The only thing I found is the search engine, and there I can search one by one.

All of this seems to me like a nightmare to moderate. And the truth is that I do not blame the instances of Lemmy at all that are blocking the instances that have open registration."

[โ€“] [email protected] 7 points 1 year ago* (last edited 1 year ago) (2 children)

@[email protected] @[email protected] Do we have email verification on our instance?

Edit: sorry for ping but situation may be a bit urgent :x

Edit2: I'm not even sure if I pinged them xD

[โ€“] [email protected] 4 points 1 year ago (2 children)

on lemmy.world they activated captchas which, apparently, is an option.

[โ€“] [email protected] 7 points 1 year ago (1 children)

We have them too but captchas only help so much, using both captchas and email verification makes it harder to do these things than when having only one of those security measurements.

[โ€“] [email protected] 4 points 1 year ago (1 children)

and neither will prevent from spambots coming from other instances

[โ€“] [email protected] 7 points 1 year ago (1 children)

Yes, but limiting the issue is a good practice. And if some instances become basically bot instances we can defederate from them when bots start being active.

[โ€“] [email protected] 2 points 1 year ago (1 children)

Of course. All in all these are things that usually happen when a platform gets traction and publicity. Hopefully better tools to deal with this will come soon.

[โ€“] [email protected] 4 points 1 year ago (1 children)

We already got lots of activity on github so we should have better tools in not far future. For example I saw few minutes ago a pull request on github with sorting options for 1 hour, 6 hours and 12 hours which already makes this platform better than reddit.

[โ€“] [email protected] 1 points 1 year ago (1 children)

Wait that's so cool now I'm hyped

[โ€“] [email protected] 2 points 1 year ago

I also made an issue on github asking for top 3 months, top 6 months, and top 9 months sorting options and someone started working on it within an hour. Now the code is waiting for the merge https://github.com/LemmyNet/lemmy/pull/3226.

[โ€“] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Those captchas don't work properly rn appearently andthe Devs wanna remove them for next update and rewrite them later on from what I've heard

Just a heads up, I think it's in the GitHub issues as well

[โ€“] [email protected] 1 points 1 year ago

There's an issue to bring them back

[โ€“] [email protected] 1 points 1 year ago

AFAIK no, it hasn't been setup yet

[โ€“] [email protected] 14 points 1 year ago (1 children)

I made a ~~subreddit~~ community earlier and within seconds I saw two posts advertising things. (which were gone quickly, thank you admins)

[โ€“] [email protected] -1 points 1 year ago (1 children)
[โ€“] [email protected] 7 points 1 year ago* (last edited 1 year ago) (1 children)

yeah I'm trying to get used to lemmy, and I keep typing subreddit by mistake

[โ€“] [email protected] 10 points 1 year ago (1 children)

Eh, call it community because people dislike "sublemmy" name it seems

[โ€“] [email protected] 3 points 1 year ago

I use the term community too, but because sublemmy just sounds... off to me. Maybe im just not used to the term

[โ€“] [email protected] 13 points 1 year ago* (last edited 1 year ago) (1 children)

So we have captchas already enabed and had decided to enable email verification at the first sign of bot spam. So far I don't think any bot has targeted our instance, but if you find bot activity here in future message me or another admin and we'll turn on email verification.

Thanks for watching out on the situation.

Edit: https://fedidb.org/network/instance/lemmy.elest.io there are some very obvious bot instances setup now it seems.

[โ€“] [email protected] 6 points 1 year ago (1 children)

I guess we will be defederating them just in case?

[โ€“] [email protected] 8 points 1 year ago (1 children)

Yeah I don't think there is anything useful in keeping federation with such instances, we'll block the obvious ones and see how the situation develops.

[โ€“] [email protected] 1 points 1 year ago

80% of the accounts on lemmy are now bots, I think that it's not worth risking getting our instance flooded and start doing email verification. So far we didn't see any sudden inrease in user accounts on our instance though.

[โ€“] [email protected] 9 points 1 year ago

Yesterday I saw the 100k bump of users but dismissed it assuming it was some bug or smth but today I saw that the trend continues and another tracking site also sees this bump. After checking the warning post I noticed that the flood aligns with when the post was posted.

[โ€“] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)
[โ€“] [email protected] 2 points 1 year ago

Doesn't seem like good news

load more comments
view more: next โ€บ