Instance Meta - Is this instance getting flooded with spam bot accounts? (startrek.website)

submitted 1 year ago by maegul@startrek.website to c/startrek@startrek.website

17 comments fedilink hide all child comments

So, lemmy seems to be flooded with spam bot accounts at the moment. Look through the table of servers on fedidb (https://fedidb.org/software/lemmy) and notice how there are these huge instances without any active users (MAU).

Also notice how startrek.website has 9000 users for 276 active users this month.

From memory, when I signed up, there was no email requirement or captcha or anything.

Admins ... maybe you want to tighten things up?

top 17 comments

sorted by: hot top controversial new old

[-] Admin@startrek.website 4 points 1 year ago

Just a quick update for everyone, yes OP is right and a bunch of bots signed up. We've purged them from our user count and enabled CAPTCHA. Email verification is coming soon as a secondary deterrent.

For the record nobody told us that it's not safe out here. We were aware that self-hosting was wondrous, with treasures to satiate desires both subtle and gross; but has NO IDEA that it wasn't for the timid. 😉

[-] maegul@startrek.website 1 points 1 year ago* (last edited 1 year ago)

Ooh … how did you purge them from your user numbers? Many other admins might not know how to do that … maybe worth sharing?

[-] williams_482@startrek.website 2 points 1 year ago

We deleted them from the local_user database table outright based on some sketchy shared attributes, and then manually updated the user count in site_aggregates to the correct figure so our stats wouldn't look so sketchy.

Pretty simple for anyone comfortable in SQL who knows where to look (a helpful user DM'd and gave us a hand here), but not something anybody should try willy nilly if they don't know what they are doing. Editing production data on the fly is not to be done casually.

[-] maegul@startrek.website 1 points 1 year ago

There are pricy probably admins who might appreciate this, as dangerous as it is.

Care if I post it into the lemmy community or even made the support community?

[-] williams_482@startrek.website 2 points 1 year ago

Sure, go for it.

Include a mention that even running queries against the database won't necessarily be easy if you don't know what you're doing. where it is located and (separately) how best to access it will depend on how it was installed.

[-] StillPaisleyCat@startrek.website 2 points 1 year ago

Just a member here, but given the recent rapid growth in the past 10 days as folks migrate over from a 600k subreddit (myself included), and the normal 90% lurker rule-of-thumb, this is actually a fairly reasonable monthly active user ratio.

I genuinely understand the concern to avoid bots and trolls, but have admins in other instances actually documented a significant number of bots originating through this instance?

[-] maegul@startrek.website 1 points 1 year ago

You have a point, especially as lemmy defines "active" as a user that has at least posted once within the relevant time period. So yes, lurkers definitely wouldn't count toward the active user count (mastodon and the like use different metrics AFAIU).

[-] ValueSubtracted@startrek.website 0 points 1 year ago

There is some Verified Suspicious Activity^TM^. We're hoping to get it sorted out soon.

[-] StillPaisleyCat@startrek.website 2 points 1 year ago

Thank you for your care of this place, and due diligence.

With the instance growing so quickly, aggregate stats can flag but are vulnerable to aliasing.

I very much appreciate the path to lemmy membership that you offered to us in the final hours before many of the subreddits went dark.

The there is a ratcheting chain of new members to this and other Lemmy instances is still happening. I have the sense that there’s still a lot of private chat on Reddit as folks looking for a new place to be are enquiring of those who’ve already migrated.

All to say, when it is sorted, it would be great to have an updated sticky with the details so those of us here can support the less tech adept among us make the transition.

[-] briongloid@aussie.zone 0 points 1 year ago

rabbitea.rs appears to be entirely made for spam accounts and I have suggested to my instance that we ban it only because it has no genuine activity that I can see.

[-] russjr08@outpost.zeuslink.net 1 points 1 year ago

They might've cleaned up their instance, from what I can see when I bring it up now according to the stats there is only one user there.

[-] th3raid0r@tucson.social 0 points 1 year ago

Admin of tucson.social here - I haven't noticed an attack on my instance yet but I do have Captcha AND Email validation turned on.

Since my instance is for Arizonan's only, I could do a geo-ip block if pressed, but obviously that won't work for places like startrek.website.

If any admin needs assistance, I recommend enlisting some help over at programming.dev - likely the best instance for collaborating on our lemmy servers.

[-] Faceman2K23@discuss.tchncs.de 1 points 1 year ago

geoblocking is also a bit of a blunt instrument, many people either use network wide VPNs or even sometimes the ISPs IP blocks are mislocated (my work ISP has my IP in a different state)

[-] freeman@lemmy.pub 0 points 1 year ago

I just closed my registration, was onboarding it and syncing up communities in prep for a 7/1 rush. Haven’t seen any attempts yet. But will probably just work out a kbin instance and move on. Too much drama with the lemmy devs.

[-] th3raid0r@tucson.social 1 points 1 year ago* (last edited 1 year ago)

Agreed, and my one call to action post to get other Admins to give a crap fell on it's face over on beehaw. It seems that many admins really think that every instance should use manual registration, or other tools. All in all, the message I got was "The devs don't have to listen to anyone".

I'm now of the opinion that most lemmy admins aren't people I want to associate with, they seem to be all about "open source" until it collides with concepts like "collective responsibility" and you'll get a response in the individualist line of reasoning of "Oh, just fix it yourself".

Kbin is sure lookin' pretty good these days now.

[-] knova@links.dartboard.social 1 points 1 year ago

I think the tone of your other post and the call to essentially brigade GitHub and demand changes from the devs put a lot of other instances admins in an uneasy position. You also said that instance admins were “abdicating their responsibility” to demand things of the devs.

Isn’t jumping ship to kbin abdicating your responsibility to stay on and help grow Lemmy..?

To be fair I have no ill will with you, but that post stunk of open source entitlement. https://tommcfarlin.com/open-source-entitlements-users/

[-] freeman@lemmy.pub 1 points 1 year ago* (last edited 1 year ago)

Yeah agree. Like I get their captcha is bad. But why rip out a piece of the puzzle without a solution? Doesn’t seem to be conflicts just “I guess it’s time”. It’s a weird hill to die on. Just defer the removal until a pr for a better alternative. Security is an onion, no one thing is gonna stop spammer and bots.

this post was submitted on 20 Jun 2023

3 points (100.0% liked)

Star Trek

10523 readers

10 users here now

r/startrek: The Next Generation

Star Trek news and discussion. No slash fic...

Maybe a little slash fic.

New to Star Trek and wondering where to start?

Rules

1 Be constructive

All posts/comments must be thoughtful and balanced.

2 Be welcoming

It is important that everyone from newbies to OG Trekkers feel welcome, no matter their gender, sexual orientation, religion or race.

3 Be truthful

All posts/comments must be factually accurate and verifiable. We are not a place for gossip, rumors, or manipulative or misleading content.

4 Be nice

If a polite way cannot be found to phrase what it is you want to say, don't say anything at all. Insulting or disparaging remarks about any human being are expressly not allowed.

5 Spoilers

Utilize the spoiler system for any and all spoilers relating to the most recently-aired episodes, as well as previews for upcoming episodes. There is no formal spoiler protection for episodes/films after they have been available for approximately one week.

6 Keep on-topic

All submissions must be directly about the Star Trek franchise (the shows, movies, books etc.). Off-topic discussions are welcome at c/quarks.

7 Meta

Questions and concerns about moderator actions should be brought forward via DM.

Upcoming Episodes