this post was submitted on 19 Jun 2023
102 points (100.0% liked)

Lemmy.World Announcements

29104 readers
3 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages πŸ”₯

https://status.lemmy.world/

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations πŸ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
 

So some spam signups just happened (all [email protected] format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn't work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let's see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn't that fast in unblocking the domain. Closing signups again because validation mails aren't sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 20 points 1 year ago (1 children)

I ran into the issue on my instance as well, but checking the Captcha option in admin settings, stopped the signups for me.

[–] [email protected] 3 points 1 year ago (1 children)

Thanks for the tip- I’m having the same issue. How do I ban those accounts? I can’t even tell who my users are

[–] [email protected] 3 points 1 year ago (1 children)

I did it in the database, so if you can access your database I can assist.

[–] [email protected] 2 points 1 year ago (2 children)

My instance also experienced this. I'm the only active user (I made it a day ago), but the user count is up to 2K now. It stopped after I enabled captchas, but I want to remove these spam accounts so they don't cause issues elsewhere.

I don't even have a slight clue as to what I should look for in my database.

[–] [email protected] 2 points 1 year ago

Contact me via Matrix if possible @ruud:h-y-p-e-r.space

[–] [email protected] 1 points 1 year ago

If you haven't figured it out yet or got a response yet, hop onto the instance admin group on matrix for Lemmy (details are on the GitHub or join Lemmy page somewhere I believe) and one of the many other folks running instances can probably walk you through it

[–] [email protected] 19 points 1 year ago (3 children)

How about adding a captcha? I was surprised there was none when I signed up.

[–] [email protected] 10 points 1 year ago

Yes the devs should do that. We're currently discussing the the Lemmy matrix chat.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Captchas are laughably easy to get around but they do work against dumb script kiddies which seems this attack is originating from.

[–] [email protected] 1 points 1 year ago (1 children)

I'm down as long as its privacy friendly and doesn't use non-free javascript

[–] [email protected] 1 points 1 year ago

And accessible

[–] [email protected] 18 points 1 year ago (1 children)

I love how transparent you are with the management of this instance. Kudos!

[–] [email protected] 7 points 1 year ago

This, Refreshing πŸ˜€πŸ‘

[–] [email protected] 15 points 1 year ago

can't have anything nice nowadays

[–] [email protected] 6 points 1 year ago

Sounds frustrating. Thanks for doing what you do and letting us join your server! Hope the captcha works out.

[–] [email protected] 4 points 1 year ago (4 children)

I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as "What is 2+3?" and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

[–] [email protected] 2 points 1 year ago

I made one that phrased it as "The sum of 2 and 3". Weeds out bots and less sophisticated people.

[–] [email protected] 2 points 1 year ago (1 children)

Don't just include it as text though. Rather, present the question as text in a picture.

[–] [email protected] 1 points 1 year ago (1 children)

This is very effective but also blocks people who spend on screen readers

[–] [email protected] 1 points 1 year ago

The solution there is to provide a voice over of the captcha.

load more comments (2 replies)
[–] [email protected] 4 points 1 year ago (1 children)

Those usernames are so unimaginative. Who would pick a name like that?

[–] [email protected] 5 points 1 year ago (1 children)

I know, right? That's the kind of thing an idiot would have on their luggage!

[–] [email protected] 2 points 1 year ago (1 children)

12345 is the code to my luggage

[–] [email protected] 1 points 1 year ago

Now, can you tell me where your luggage is?

[–] [email protected] 4 points 1 year ago (1 children)

Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using... then it reports success but doesn't actually create the account or send an email. Spam problem over.

[–] [email protected] 1 points 1 year ago

Very clever, only problem is it's not a general solution.

[–] [email protected] 3 points 1 year ago (3 children)

Becareful with this. There's a clear trend of massive amount of bot accounts flooding lemmy as a whole

load more comments (3 replies)
[–] [email protected] 3 points 1 year ago

Thanks for staying on top of things! Really appreciate your efforts!

[–] [email protected] 2 points 1 year ago (1 children)

I've run into this issue with some of my servers in the past and it's a real PITA to deal with because not only do you have to mitigate the issue, but then you have to make requests to get de-blacklisted, etc. I finally got sick of it all and installed a Barracuda spam firewall in front of the mail server. I have MUCH easier control over IMAP/SMTP now.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

I was trying to open my account just when lemmy.world was closed earlier. When I pressed the button to create it I only got and enless "charging" animation. But when it reopened, I just started the process again, and was as easy as a breeze and extremely fast. Glad to be here! (and this is my first post)

[–] [email protected] 1 points 1 year ago

How to add something to the list if it isn’t advertised on the old sub?

[–] [email protected] 1 points 1 year ago (1 children)

User on kbin here, just tried to sign up to lemmy.world.. looks like everything crashed and burned when tried to sign up there.

[–] [email protected] 1 points 1 year ago

It was you all along!

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

OK that makes sense, I was trying to sign up and couldn't figure out why everything was timing out. Sorry if my attempts looked like spam.

edit: it still doesn't work for me btw

[–] [email protected] 1 points 1 year ago

Wanna recruit a helper who promises nothing but benevolent assistance?

[–] [email protected] 1 points 1 year ago

Lucky me, I guess, since I use a masked email address that looks fake too (anon addy). I really dislike to give my email address when testing Reddit alternatives.

[–] [email protected] 1 points 1 year ago

The spam battles are heating up!

[–] [email protected] 1 points 1 year ago (2 children)

Make sure you use a strong password for accounts

load more comments (2 replies)
[–] [email protected] 1 points 1 year ago

Thank you for working to get signups working once more!

[–] [email protected] 1 points 1 year ago

Wow that was quick, amazing job as always!

[–] [email protected] 1 points 1 year ago

I got in just in time! For the record, the sign up date seems to be broken. My account is less than a day old and it says I've been here since the 14th. Unless maybe it counts cookies or something?

load more comments
view more: next β€Ί