It’s no secret the bots have arrived on Lemmy.
I’ve been monitoring https://fedidb.org/software/lemmy and it seems that a number of instances with open sign-ups are getting thousands of new user registrations but have very, very little user activity to show for it.
To stay ahead of potential problems, I’m preemptively defederating several instances that appear to be used for bot signups. If there are instances that contain legitimate content that end up blocked I will be more than happy to consider removing them off of the list. The intent is not to remove access to legitimate content, the intent is to make it more difficult for bad actors to propagate spam to communities hosted here.
Current criteria I’m looking at:
- Little/No mention of the instance on popular social media sites – I don’t want to defederate an instance that became popular overnight for legitimate reasons
- Large number of accounts (>5000)
- Very little local posts/comments (<25)
- Few/No subscribed communities elsewhere (<5)
- Very low active user count in the past day/week (<20)
I really fear that they all awake at the same time and flood / attack our instances… This seems to be a temporary solution but time consuming for you. Beehaw defederated too from a list of instances. Maybe this list could help you :
lemmy.k6qw.com,lemmy.podycust.co.uk,waveform.social,bbs.darkwitch.net,cubing.social,lemmy.roombob.cat,lemmy.jtmn.dev,lemmy.juggler.jp,bolha.social,sffa.community,dot.surf,granitestate.social,veenk.help,lemmyunchained.net,wumbo.buzz,lemmy.sbs,lemmy.shwizard.chat,clatter.eu,mtgzone.com,oceanbreeze.earth,mindshare.space,lemmy.tedomum.net,voltage.vn,lemmy.fyi,demotheque.com,thediscussion.site,latte.isnot.coffee,news.deghg.org,lemmy.primboard.de,baomi.tv,marginalcuriosity.net,lemmy.cloudsecurityofficehours.com,lemmy.game-files.net,lemmy.fedi.bub.org,lemmy.blue,lemmy.easfrq.live,narod.city,lemmy.ninja,lemmy.reckless.dev,nlemmy.nl,lemmy.mb-server.com,rammy.site,fedit.io,diggit.xyz,slatepacks.com,theotter.social,lemmy.nexus,kleptonix.com,rabbitea.rs,zapad.nstr.no,feddi.no
based on the list of instances made by @sunaurus here - Thank you again for that work, it’s highly appreciated.
This is a preventive measure against massive amounts of accounts being created for botting purposes. Most instances banned appear to be 1 user instances so we don’t think this will have a great effect on anyone’s usage of Beehaw. If you are an admin of one of those instances, feel free to contact us at [email protected]
here the original post :
https://beehaw.org/post/701910and this one that built a tool to identify bots’ instances:
https://kbin.social/m/[email protected]/t/78131/Vote-Use-the-Fediverse-Overseer-to-pre-emptively-defederate-from-suspected
Unfortunately even as a guy who wants to let people speak and who doesn’t want to spend time moderating, systemic risks like spam really don’t leave me much choice but to intervene. I set a hard captcha and signup review on my Lemmy instance because I saw what started happening to my peertube instance. Lots of sign-ups, but most of them couldn’t provide a working email address.
Wish people would leave our toys alone. :/