cross-posted from: https://lemmy.world/post/358415
The vast majority of the instances in that screenshot have known jumps from 1~50 users to tens of thousands in less than a day. These instances also happen to not require a captcha on sign up.
It may very well be that instance owners are innocent as some have really been victims of bot attacks and simply forgot that you could enable captchas for sign-ups, nevertheless I think instance directories like Lemmyverse.net should start disincentivizing anyone from inflating his own instance with tens of thousands of bots in order to get on top of those “leaderboards”.
What incentive is there to have a ton of users registered to a particular instance?
The larger instances get featured on websites like lemmyverse.net and get more visibility. The owners of those instances can then get free traffic which they can redirect wherever they want.
Redirect to what tho? They gonna redirect me to Amazon? Pornhub? Malware?
Crypto scams, viagra or literally anything they want to advertise. Same reason blog comments spamming is a thing.
And 99% of those people are just gonna click that X and stop going to the site that redirects them. If it’s not a Lemmy instance they are getting to, then what would make them stick around?
The blame should be more on the sites like lemmyverse.net for not vetting the links they are advertising.
A clever scammer could create scam/phishing/advertisement posts on their instance that are artificially upvoted to the top. They could even have ChatGPT make a bunch of comments to make them seem real.
Hopefully, other instances would catch on and defederate from them, but if they’re subtle or just wait until they have a bunch of users it would probably be enough to scam quite a few people.