Maybe you guys already know about the bot signup over lemmy.world. Now they are all over the lemmyverse. The top 20 fastest growing instances in the threadiverse are probably suffering from it. The top one, lemmy.podycust.co.uk, has 10k users with 7 total posts. The total user count of threadiverse is now 544k, compared to 270k on June 19. We may be facing 200k+ bots at this point. Also these instances are in the federation. If any admin of these instance abandons ship, this creates huge liabilities to the threadiverse.
Lemmyverse needs to figure out how to deal with this. But before that happens, do you guys think Beehaw should preemptively defederate these affected instances? Or could there be a better solution?
rest assured: we’re aware of it and we’re working on it
Thanks, that’s a relief.
Whatever you do, DO NOT upgrade to v0.18 - which drops Captcha support entirely -
Also, please please please please PLEASE have the Beehaw admins comment on that issue. Right now everyone seems to agree that spam is bad but no one is expressing that this is urgent back to the devs.
If 1 out of every 10 admins did that, I’m fairly certain the Devs would hold off and fix that before releasing…
Right now I’m incredibly frustrated because the only place this is being communicated is on the fediverse - even amongst admins.
This is open source, we as administrators of product instances have a deep responsibility to communicate back with the devs, and I fear that’s not happening.
Is that why the comments number on the main page doesn’t reflect the actual number in the post itself (much fewer) ?
probably not. that’s a different bug, likely related to duplicate comments
Wow fastest reply, thanks!
this is mostly because i’m currently i’m on “clearing our application backlog” duty, and that means in my other tab i get notifications from people replying to my posts (as a pop-up) lol
Yeah the popup works flawlessly! I think it’s the only site in the world where I accepted notifications :-)
Good luck with the work!
Defederating seems reasonable in this case, until bots can be effectively controlled and are obvious.
Are they all coming from some shady instance(s) ?
Newbie question: what is the motivation of the parties creating these bots? What do they gain out of this? Are they seeking to destabilize lemmy?
What spammers want, how they do it, and how to prevent it
What do spammers want? The main motivation for spam is profit. Spam tends to be very lucrative, even when spammers are just peddling questionable products. That said, there are worse ways that spammers use for financial gain. One such way is phishing, that is, to get sensitive personal information, such as passwords or credit card information, from the user, by pretending to be an important or official source, such as a bank or an IT manager, or promoting a fake offer to grab the user’s attention. With the popularity of social media, there are even phishing techniques focused entirely on creating authentic-looking posts for this exact purpose. Another possible motive for spam is to turn your computer into a zombie. In computer science, a zombie is a computer that has been infected by a virus or a hacker and is now controlled remotely by the attacker, without the user being aware. These infected computers are then used for malicious intent, such as by being used to orchestrate distributed denial-of-service (DDoS) attacks or even to spread more spam online via e-mail spam, ultimately getting more profit in the process. There are also spammers that seek to add links back to their own websites or to misleading offers, in a misguided attempt for higher search engine ranks to those websites. These attempts at linkbuilding are non-recommended SEO tactics that are frowned upon by Google, as they are attempts at tricking both search engines and users by dishonest linkbuilding. Whatever the case may be, spam ultimately boils down to malicious intent, either towards you, your site or your users.
Spam will always be a major problem with federated platforms. It was never solved for email either. I predict Fedi will need a SpamAssassin type of platform very soon, with curated blacklists, appeals processes, and lots of heuristics…
Also being discussed over at lemm.ee.
Hi all, this problem is about to get a LOT worse with lemmy version v0.18 - They will be removing captcha support without anything to replace it.
https://github.com/LemmyNet/lemmy/issues/2922
Please, if anyone here has a github account YOU NEED TO COMMENT ON THIS ISSUE.
I’m not joking, every server admin I’ve talked to does not like this change, yet none of them posted a comment in the issues (and releated issues) to communicate with the devs.
Folks, if we aren’t going to stop the Lemmy devs from doing something very dumb, then things are about to get a whole lot worse.
To be fair, the developer said they welcome pull requests of alternative captcha implementations that’s better than current implementation.
Also the admin had voiced their concern on GitHub.
I guess lemmy is a success! Bots are kind of an indicator of that.
Removed by mod