So, lemmy seems to be flooded with spam bot accounts at the moment. Look through the table of servers on fedidb (https://fedidb.org/software/lemmy) and notice how there are these huge instances without any active users (MAU).

Also notice how startrek.website has 9000 users for 276 active users this month.

From memory, when I signed up, there was no email requirement or captcha or anything.

Admins … maybe you want to tighten things up?

  • EuphoricPenguin@normalcity.life
    link
    fedilink
    arrow-up
    3
    ·
    2 years ago

    Yeah, I heavily modified and expanded upon someone else’s query to seek out and destroy more of the accounts. Theirs is basically pattern-matching some of the Gmail-with-numbers spam, but there’s a subset using junk@junk with no actual .TLD to try and get people’s email verification to bounce. Someone else said that ended up in people getting their email relay account suspended, hence why email verification (at least without CAPTCHAs) is a fairly bad idea. I added a table join and some extra matching to find some of those extra bogus “emails,” which typically results in quite a few more accounts being banned. There are two major caveats with my method: 1) it doesn’t delete the accounts, which is really just a simple modification to the query to “fix,” and 2) it doesn’t deal with spam accounts that have no email attached, although those seem to be a fairly small subset of the account spam. I’ll see if there is an easier way to deal with those, but getting most banned or deleted is still pretty easy.