submitted 1 year ago* (last edited 1 year ago) by cura@beehaw.org to c/support@beehaw.org

24 comments fedilink hide all child comments

Maybe you guys already know about the bot signup over lemmy.world. Now they are all over the lemmyverse. The top 20 fastest growing instances in the threadiverse are probably suffering from it. The top one, lemmy.podycust.co.uk, has 10k users with 7 total posts. The total user count of threadiverse is now 544k, compared to 270k on June 19. We may be facing 200k+ bots at this point. Also these instances are in the federation. If any admin of these instance abandons ship, this creates huge liabilities to the threadiverse.

Lemmyverse needs to figure out how to deal with this. But before that happens, do you guys think Beehaw should preemptively defederate these affected instances? Or could there be a better solution?

top 21 comments

sorted by: hot top controversial new old

[-] alyaza@beehaw.org 21 points 1 year ago

rest assured: we're aware of it and we're working on it

[-] cura@beehaw.org 7 points 1 year ago

Thanks, that's a relief.

[-] th3raid0r@tucson.social 4 points 1 year ago

Whatever you do, DO NOT upgrade to v0.18 - which drops Captcha support entirely -

https://github.com/LemmyNet/lemmy/issues/2922

[-] Valmond@beehaw.org 4 points 1 year ago

Is that why the comments number on the main page doesn't reflect the actual number in the post itself (much fewer) ?

[-] alyaza@beehaw.org 9 points 1 year ago

probably not. that's a different bug, likely related to duplicate comments

[-] Valmond@beehaw.org 1 points 1 year ago

Wow fastest reply, thanks!

[-] alyaza@beehaw.org 8 points 1 year ago

this is mostly because i'm currently i'm on "clearing our application backlog" duty, and that means in my other tab i get notifications from people replying to my posts (as a pop-up) lol

[-] Valmond@beehaw.org 6 points 1 year ago

Yeah the popup works flawlessly! I think it's the only site in the world where I accepted notifications :-)

Good luck with the work!

[-] th3raid0r@tucson.social 4 points 1 year ago* (last edited 1 year ago)

Also, please please please please PLEASE have the Beehaw admins comment on that issue. Right now everyone seems to agree that spam is bad but no one is expressing that this is urgent back to the devs.

If 1 out of every 10 admins did that, I'm fairly certain the Devs would hold off and fix that before releasing..

Right now I'm incredibly frustrated because the only place this is being communicated is on the fediverse - even amongst admins.

This is open source, we as administrators of project instances have a deep responsibility to communicate back with the devs, and I fear that's not happening.

[-] kool_newt@beehaw.org 12 points 1 year ago

Defederating seems reasonable in this case, until bots can be effectively controlled and are obvious.

[-] Valmond@beehaw.org 3 points 1 year ago

Are they all coming from some shady instance(s) ?

[-] Lowbird@beehaw.org 2 points 1 year ago

Temporarily overtaken by robot overlords counts as shady enough, imo. We can always refederate after the bots ate overthrown again.

[-] anji@lemmy.anji.nl 6 points 1 year ago

Spam will always be a major problem with federated platforms. It was never solved for email either. I predict Fedi will need a SpamAssassin type of platform very soon, with curated blacklists, appeals processes, and lots of heuristics...

[-] lvl100magikarp@lemmy.ml 6 points 1 year ago

Newbie question: what is the motivation of the parties creating these bots? What do they gain out of this? Are they seeking to destabilize lemmy?

[-] cura@beehaw.org 6 points 1 year ago

What spammers want, how they do it, and how to prevent it

What do spammers want? The main motivation for spam is profit. Spam tends to be very lucrative, even when spammers are just peddling questionable products. That said, there are worse ways that spammers use for financial gain. One such way is phishing, that is, to get sensitive personal information, such as passwords or credit card information, from the user, by pretending to be an important or official source, such as a bank or an IT manager, or promoting a fake offer to grab the user’s attention. With the popularity of social media, there are even phishing techniques focused entirely on creating authentic-looking posts for this exact purpose. Another possible motive for spam is to turn your computer into a zombie. In computer science, a zombie is a computer that has been infected by a virus or a hacker and is now controlled remotely by the attacker, without the user being aware. These infected computers are then used for malicious intent, such as by being used to orchestrate distributed denial-of-service (DDoS) attacks or even to spread more spam online via e-mail spam, ultimately getting more profit in the process. There are also spammers that seek to add links back to their own websites or to misleading offers, in a misguided attempt for higher search engine ranks to those websites. These attempts at linkbuilding are non-recommended SEO tactics that are frowned upon by Google, as they are attempts at tricking both search engines and users by dishonest linkbuilding. Whatever the case may be, spam ultimately boils down to malicious intent, either towards you, your site or your users.

[-] furrowsofar@beehaw.org 5 points 1 year ago

I guess lemmy is a success! Bots are kind of an indicator of that.

[-] th3raid0r@tucson.social 4 points 1 year ago

Hi all, this problem is about to get a LOT worse with lemmy version v0.18 - They will be removing captcha support without anything to replace it.

https://github.com/LemmyNet/lemmy/issues/2922

Please, if anyone here has a github account YOU NEED TO COMMENT ON THIS ISSUE.

I'm not joking, every server admin I've talked to does not like this change, yet none of them posted a comment in the issues (and releated issues) to communicate with the devs.

Folks, if we aren't going to stop the Lemmy devs from doing something very dumb, then things are about to get a whole lot worse.