995
submitted 1 year ago* (last edited 1 year ago) by lwadmin@lemmy.world to c/lemmyworld@lemmy.world

Hello everyone,

Recently we have been dealing with a lot of spam from the kbin.social communities. There is a bug in kbin where moderation tasks are not federated to other instances. That means even if a moderator over at kbin removes a post, it will still be visible on Lemmy instances and it's up to the instance admins to clean it up.

There have been talks about this in the Lemmy admin channels with some instances considering defederating from kbin.social - and others who have already made that step.

We don't want to defederate, because we know this would impact the kbin community greatly - but we have to do something. That's why we have currently removed most of the kbin communities from Lemmy World, making them unavailable to our users. But the kbin users can still view and interact with our communities and users.

This means that those spam-accounts will stil be able to post in our communities too, but at least it makes the task of moderation already a little bit lighter on our team. But it was either this or defederation. The moderation tools on kbin are in an even worse state then Lemmy's.

We will keep monitoring the situation and will keep you up to date should anything change.

We hope you understand and support our decision.

The Lemmy World team

you are viewing a single comment's thread
view the rest of the comments
[-] thisisawayoflife@lemmy.world 25 points 1 year ago* (last edited 1 year ago)

How is it so easy to create spam accounts with Kbin? What kind of account validation is implemented? Email? Enforced 2FA? Just a curious dev who hasn't started their own lemmy or Kbin instance yet.

[-] Arotrios@kbin.social 29 points 1 year ago

There's just email verification at the moment. 2FA is on the roadmap, but I'm not sure if it will be in the next release. Here's the kbin codeberg site for more detail.

It's a start, but 2fa can't stop spam.

If one can automate account creation including saving totp secrets, you suddenly have 2fa authenticated bots able to send spam.

Maybe you could get around that to some extent by leveraging sms verification during account creation, but how do you set that up to prevent burner numbers? Or smishing?

These are hard problems to address

[-] elscallr@lemmy.world 7 points 1 year ago

Not to mention there are a lot of fediverse users who moved here because they didn't want to give away personal information like their email and phone number.

[-] Venat0r@lemmy.world 2 points 1 year ago

Also a lot of real people might want to sign up without needlessly giving away personal information like thier phone number...

Here's one (possibly dumb?) idea I just had: implement a shadow ban for a period on new accounts so moderators can check what they're posting before they're allowed to post.

[-] iquanyin@lemmy.world 1 points 1 year ago

i like this one! seems smart.

[-] OpenStars@kbin.social 11 points 1 year ago

When I signed up it was email + captcha. I cannot find even an option for voluntary 2FA.

I don't know the details but people who wanted to work on Kbin and looked into it say that it is a much less developed platform overall (i.e. not fully a beta and more like still in alpha, e.g. lacking a true API), but it does offer benefits socially (to further disconnect from the originators of the Lemmy software) and to have another codebase that offers federation.

[-] anlumo@lemmy.world 13 points 1 year ago

Lemmy is also more of alpha-quality software. The admin tools are pretty much non-existent. On my own instance, I've had to go into the database to fix issues a lot using straight SQL, and I have like ten users on the platform. One of those issues caused my admin account to no longer being able to log in, another caused the whole instance to be down.

[-] OpenStars@kbin.social 5 points 1 year ago

Oh that's interesting. Kbin lacks a formalized API (or at least it did - possibly this next update was going to address that and yet Ernst did say something about shifting priorities so maybe that's bumped now) so I got the impression that Lemmy was further along, but yeah they both have a ways to go to catch up to the decade or so of work put into Reddit. Although the latter manages to find new & innovative ways to break itself constantly anyways so maybe both Kbin and Lemmy will meet it somewhere in the middle sooner than we might think? :-P (and yet slower than most people would like I'm sure:-D)

[-] thisisawayoflife@lemmy.world 5 points 1 year ago

Yeah it seems like it's grown organically from a POC, which I think is sort of what Lemmy did too. I feel like this concept is ripe for a platform which has been designed from the start then implement.

this post was submitted on 18 Sep 2023
995 points (95.4% liked)

Lemmy.World Announcements

28381 readers
4 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

Donations ๐Ÿ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS