Lemmy

12538 readers

6 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago

MODERATORS

nutomic@lemmy.ml

❗️Admins: REQUIRE E-MAIL VERIFICATION OR A CAPTCHA FOR REGISTRATION (i.ibb.co)

submitted 1 year ago by retiolus@lemmy.cat to c/lemmy@lemmy.ml

15 comments fedilink hide all child comments

cross-posted from: https://lemmy.cat/post/6385

It is currently possible, through Lemmy's API, to create accounts automatically and without limit if verification by email address or captcha is not activated. I'd advise you to activate one or both of them NOW!

After registering x number of accounts (currently I could do thousands), all you have to do is list all the existing communities for each of the account to publishes one new post per community, or more. I'll leave you to picture the mess.

(I apologise to the administrators of sh.itjust.works, I should have done the test with my own server.)

you are viewing a single comment's thread
view the rest of the comments

[–] T156@lemmy.world 1 points 1 year ago (1 children)

Phone number is another solid anti abuse signal. SIM cards are harder to come by in large quantities.

Unless they use something like a VOIP, or just spoof the number. If they can do that to call other people, there's little reason to think that they could not use that information for registration.

The other thing to consider is that in the eventuality of a data breach, you're going to have the phone numbers of a bunch of users floating about, which is not ideal either.

[–] maf@szmer.info 1 points 1 year ago

Right. I meant is the SMS-based verification of phone numbers - it's not spoofable like the VoIP Caller ID. The downside is the cost imposed by the SMS gateway.