this post was submitted on 19 Jun 2023
108 points (99.1% liked)

Lemmy.World Announcements

29098 readers
320 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages πŸ”₯

https://status.lemmy.world/

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

Donations πŸ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
 

So some spam signups just happened (all username12345678@gmail.com format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn't work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let's see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn't that fast in unblocking the domain. Closing signups again because validation mails aren't sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

top 50 comments
sorted by: hot top controversial new old
[–] lemmy@endlesstalk.org 22 points 1 year ago (1 children)

I ran into the issue on my instance as well, but checking the Captcha option in admin settings, stopped the signups for me.

[–] admin@thegarden.land 3 points 1 year ago (1 children)

Thanks for the tip- I’m having the same issue. How do I ban those accounts? I can’t even tell who my users are

[–] ruud@lemmy.world 3 points 1 year ago (1 children)

I did it in the database, so if you can access your database I can assist.

[–] aranym@lemmy.name 2 points 1 year ago (2 children)

My instance also experienced this. I'm the only active user (I made it a day ago), but the user count is up to 2K now. It stopped after I enabled captchas, but I want to remove these spam accounts so they don't cause issues elsewhere.

I don't even have a slight clue as to what I should look for in my database.

[–] ruud@lemmy.world 2 points 1 year ago

Contact me via Matrix if possible @ruud:h-y-p-e-r.space

If you haven't figured it out yet or got a response yet, hop onto the instance admin group on matrix for Lemmy (details are on the GitHub or join Lemmy page somewhere I believe) and one of the many other folks running instances can probably walk you through it

[–] AlmightySnoo@lemmy.world 19 points 1 year ago (3 children)

How about adding a captcha? I was surprised there was none when I signed up.

[–] ruud@lemmy.world 9 points 1 year ago

Yes the devs should do that. We're currently discussing the the Lemmy matrix chat.

[–] drmoose@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Captchas are laughably easy to get around but they do work against dumb script kiddies which seems this attack is originating from.

[–] possiblylinux127@lemmy.world 1 points 1 year ago (1 children)

I'm down as long as its privacy friendly and doesn't use non-free javascript

load more comments (1 replies)
[–] ghariksforge@lemmy.world 18 points 1 year ago (1 children)

I love how transparent you are with the management of this instance. Kudos!

[–] phil299@lemmy.world 8 points 1 year ago

This, Refreshing πŸ˜€πŸ‘

[–] Magrid@lemm.ee 14 points 1 year ago

can't have anything nice nowadays

[–] Sorenchu@lemmy.world 6 points 1 year ago

Sounds frustrating. Thanks for doing what you do and letting us join your server! Hope the captcha works out.

[–] flint5436@lemmy.world 5 points 1 year ago (1 children)

Those usernames are so unimaginative. Who would pick a name like that?

[–] samus12345@lemmy.world 5 points 1 year ago (1 children)

I know, right? That's the kind of thing an idiot would have on their luggage!

[–] Crackhappy@lemmy.world 2 points 1 year ago (1 children)

12345 is the code to my luggage

[–] 0uterzenith@lemmy.world 1 points 1 year ago

Now, can you tell me where your luggage is?

[–] rastilin@kbin.social 4 points 1 year ago (1 children)

Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using... then it reports success but doesn't actually create the account or send an email. Spam problem over.

[–] AtomicPurple@kbin.social 2 points 1 year ago

Very clever, only problem is it's not a general solution.

[–] chaosppe@lemmy.world 3 points 1 year ago (3 children)

Becareful with this. There's a clear trend of massive amount of bot accounts flooding lemmy as a whole

load more comments (3 replies)
[–] CynicalStoic@lemmy.world 3 points 1 year ago

Thanks for staying on top of things! Really appreciate your efforts!

[–] fsk@lemmy.world 3 points 1 year ago (4 children)

I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as "What is 2+3?" and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

[–] kargarocP4@startrek.website 2 points 1 year ago (2 children)

Don't just include it as text though. Rather, present the question as text in a picture.

load more comments (2 replies)
[–] Sir_Kevin@lemmy.world 1 points 1 year ago

I made one that phrased it as "The sum of 2 and 3". Weeds out bots and less sophisticated people.

load more comments (2 replies)
[–] EvilMonkeySlayer@kbin.social 2 points 1 year ago (1 children)

User on kbin here, just tried to sign up to lemmy.world.. looks like everything crashed and burned when tried to sign up there.

[–] minimar@lemmy.world 1 points 1 year ago

It was you all along!

[–] ThesePaycheckAvenging@kbin.social 2 points 1 year ago (1 children)

Lucky me, I guess, since I use a masked email address that looks fake too (anon addy). I really dislike to give my email address when testing Reddit alternatives.

[–] Distributed@lemmy.world 1 points 1 year ago

Just buy a cheap domain to point to anonaddy or simplelogin so you dont need to use one of their domains

[–] Argyle13@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

I was trying to open my account just when lemmy.world was closed earlier. When I pressed the button to create it I only got and enless "charging" animation. But when it reopened, I just started the process again, and was as easy as a breeze and extremely fast. Glad to be here! (and this is my first post)

[–] halo5@lemmy.world 2 points 1 year ago (1 children)

I've run into this issue with some of my servers in the past and it's a real PITA to deal with because not only do you have to mitigate the issue, but then you have to make requests to get de-blacklisted, etc. I finally got sick of it all and installed a Barracuda spam firewall in front of the mail server. I have MUCH easier control over IMAP/SMTP now.

[–] wiz@lemm.ee 2 points 1 year ago

FYI looks like registration still doesn't work - send button spinning, no request in ff network monitor. Tried ff & chrome, gmail and proton. I went with a different server eventually, but you might wanna do something in case this is not intentional

[–] MyOpinion@lemmy.world 1 points 1 year ago

The spam battles are heating up!

[–] Exusgu@lemmy.world 1 points 1 year ago

Thank you for working to get signups working once more!

[–] ulu_mulu@lemmy.world 1 points 1 year ago

Wow that was quick, amazing job as always!

[–] possiblylinux127@lemmy.world 1 points 1 year ago (2 children)

Make sure you use a strong password for accounts

load more comments (2 replies)
[–] stux@geddit.social 1 points 1 year ago

Same on Geddit.social

Also fixed now!

[–] scottywh@lemmy.world 1 points 1 year ago

Wanna recruit a helper who promises nothing but benevolent assistance?

[–] rm_dash_r_star@lemm.ee 1 points 1 year ago

Damn bots, hope the Lemmy community can figure out a good way to deal with that.

People are setting up instances to serve as bot farms. I think they should add instances to Lemmy through some kind of vetting process, or maybe publish an official blacklist.

A lot of sign-ups are coming from bots on established instances, but the application method of screening is somewhat off-putting. I hope the community can devise a better one to replace it with at some point. I mean it's no skin off my nose since I have three good login instances now, but better to make sign-ups as attractive as possible for actual human beings.

[–] pragma@kbin.social 1 points 1 year ago* (last edited 1 year ago)

OK that makes sense, I was trying to sign up and couldn't figure out why everything was timing out. Sorry if my attempts looked like spam.

edit: it still doesn't work for me btw

load more comments
view more: next β€Ί