So, lemmy seems to be flooded with spam bot accounts at the moment. Look through the table of servers on fedidb (https://fedidb.org/software/lemmy) and notice how there are these huge instances without any active users (MAU).

Also notice how startrek.website has 9000 users for 276 active users this month.

From memory, when I signed up, there was no email requirement or captcha or anything.

Admins … maybe you want to tighten things up?

  • th3raid0r@tucson.social
    link
    fedilink
    arrow-up
    8
    ·
    2 years ago

    Admin of tucson.social here - I haven’t noticed an attack on my instance yet but I do have Captcha AND Email validation turned on.

    Since my instance is for Arizonan’s only, I could do a geo-ip block if pressed, but obviously that won’t work for places like startrek.website.

    If any admin needs assistance, I recommend enlisting some help over at programming.dev - likely the best instance for collaborating on our lemmy servers.

    • Faceman🇦🇺@discuss.tchncs.de
      link
      fedilink
      arrow-up
      5
      ·
      2 years ago

      geoblocking is also a bit of a blunt instrument, many people either use network wide VPNs or even sometimes the ISPs IP blocks are mislocated (my work ISP has my IP in a different state)

      • th3raid0r@tucson.social
        link
        fedilink
        arrow-up
        2
        ·
        2 years ago

        For sure! If I were running a more general and globally focused instance that would be a larger concern. I understand using a VPN in North America, but not so much from other countries. I guess my vision is that it’s only really locals accessing the site for the most part. If someone is travelling out of the country, they can equivalently use a U.S. based VPN server.

        I suppose my example of Arizona came across as the proposed bounds of my geoblock. I’d probably just say “North America” to avoid the issues of remote workers using a company VPN to access the site (please don’t though, your company probably doesn’t like that - the current version of lemmy is VERY bandwidth inefficient )

        Also, consider that I can use one Geoblock for my signup page, and different, more permissive one for the login page which should make things a bit more reasonable.

    • Freeman@lemmy.pub
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      2 years ago

      I just closed my registration, was onboarding it and syncing up communities in prep for a 7/1 rush. Haven’t seen any attempts yet. But will probably just work out a kbin instance and move on. Too much drama with the lemmy devs.

      • th3raid0r@tucson.social
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        2 years ago

        Agreed, and my one call to action post to get other Admins to give a crap fell on it’s face over on beehaw. It seems that many admins really think that every instance should use manual registration, or other tools. All in all, the message I got was “The devs don’t have to listen to anyone”.

        I’m now of the opinion that most lemmy admins aren’t people I want to associate with, they seem to be all about “open source” until it collides with concepts like “collective responsibility” and you’ll get a response in the individualist line of reasoning of “Oh, just fix it yourself”.

        Kbin is sure lookin’ pretty good these days now.

        • KNova@links.dartboard.social
          link
          fedilink
          arrow-up
          3
          ·
          2 years ago

          I think the tone of your other post and the call to essentially brigade GitHub and demand changes from the devs put a lot of other instances admins in an uneasy position. You also said that instance admins were “abdicating their responsibility” to demand things of the devs.

          Isn’t jumping ship to kbin abdicating your responsibility to stay on and help grow Lemmy…?

          To be fair I have no ill will with you, but that post stunk of open source entitlement. https://tommcfarlin.com/open-source-entitlements-users/

          • th3raid0r@tucson.social
            link
            fedilink
            arrow-up
            1
            ·
            2 years ago

            I find it odd that a lot of people communicating that there is a problem and that they are impacted equates to brigading. To me, how can they know how wide reaching a change was if there is only a couple of comments from more savvy admins? There’s a difference between knowing a decision created a problem, and knowing a decision created a BIG far-reaching problem. From my perspective, sometimes we forget to think about the bigger implications of changes and that’s where community pressure and action can come in.

            Yeah, I could probably work on my tone a bit. The internet echo chamber has trended my communication style to be more bold, but the fediverse does appear to be ever so slightly different.

            Also, haven’t moved to Kbin yet - it’s just tempting - and yes it would be abdicating my responsibility to grow Lemmy and contribute to that project, thus I haven’t done it yet.

            As for open-source entitlement - here’s what irks me - Admins are users, indeed, but we’re not the type of user that blog is admonishing, and I’m not asking other admins to become that. I plan to contribute code to the lemmy code base, make some bots, and generally enrich the ecosystem. So when the ecosystem itself is threatened (by spam), I can’t help but sense that this is something bigger than “open-source entitlement”.

        • Freeman@lemmy.pub
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          2 years ago

          Yeah agree. Like I get their captcha is bad. But why rip out a piece of the puzzle without a solution? Doesn’t seem to be conflicts just “I guess it’s time”. It’s a weird hill to die on. Just defer the removal until a pr for a better alternative. Security is an onion, no one thing is gonna stop spammer and bots.