Maybe you guys already know about the bot signup over lemmy.world. Now they are all over the lemmyverse. The top 20 fastest growing instances in the threadiverse are probably suffering from it. The top one, lemmy.podycust.co.uk, has 10k users with 7 total posts. The total user count of threadiverse is now 544k, compared to 270k on June 19. We may be facing 200k+ bots at this point. Also these instances are in the federation. If any admin of these instance abandons ship, this creates huge liabilities to the threadiverse.

Lemmyverse needs to figure out how to deal with this. But before that happens, do you guys think Beehaw should preemptively defederate these affected instances? Or could there be a better solution?

    • Valmond@beehaw.org
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 years ago

      Is that why the comments number on the main page doesn’t reflect the actual number in the post itself (much fewer) ?

          • alyaza [they/she]@beehaw.orgM
            link
            fedilink
            English
            arrow-up
            6
            ·
            2 years ago

            this is mostly because i’m currently i’m on “clearing our application backlog” duty, and that means in my other tab i get notifications from people replying to my posts (as a pop-up) lol

            • Valmond@beehaw.org
              link
              fedilink
              English
              arrow-up
              6
              ·
              2 years ago

              Yeah the popup works flawlessly! I think it’s the only site in the world where I accepted notifications :-)

              Good luck with the work!

    • th3raid0r@tucson.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 years ago

      Also, please please please please PLEASE have the Beehaw admins comment on that issue. Right now everyone seems to agree that spam is bad but no one is expressing that this is urgent back to the devs.

      If 1 out of every 10 admins did that, I’m fairly certain the Devs would hold off and fix that before releasing…

      Right now I’m incredibly frustrated because the only place this is being communicated is on the fediverse - even amongst admins.

      This is open source, we as administrators of project instances have a deep responsibility to communicate back with the devs, and I fear that’s not happening.

  • Parsley
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 years ago

    Newbie question: what is the motivation of the parties creating these bots? What do they gain out of this? Are they seeking to destabilize lemmy?

    • cura@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 years ago

      What spammers want, how they do it, and how to prevent it

      What do spammers want? The main motivation for spam is profit. Spam tends to be very lucrative, even when spammers are just peddling questionable products. That said, there are worse ways that spammers use for financial gain. One such way is phishing, that is, to get sensitive personal information, such as passwords or credit card information, from the user, by pretending to be an important or official source, such as a bank or an IT manager, or promoting a fake offer to grab the user’s attention. With the popularity of social media, there are even phishing techniques focused entirely on creating authentic-looking posts for this exact purpose. Another possible motive for spam is to turn your computer into a zombie. In computer science, a zombie is a computer that has been infected by a virus or a hacker and is now controlled remotely by the attacker, without the user being aware. These infected computers are then used for malicious intent, such as by being used to orchestrate distributed denial-of-service (DDoS) attacks or even to spread more spam online via e-mail spam, ultimately getting more profit in the process. There are also spammers that seek to add links back to their own websites or to misleading offers, in a misguided attempt for higher search engine ranks to those websites. These attempts at linkbuilding are non-recommended SEO tactics that are frowned upon by Google, as they are attempts at tricking both search engines and users by dishonest linkbuilding. Whatever the case may be, spam ultimately boils down to malicious intent, either towards you, your site or your users.

  • kool_newt@beehaw.org
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 years ago

    Defederating seems reasonable in this case, until bots can be effectively controlled and are obvious.

      • Pigeon@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 years ago

        Temporarily overtaken by robot overlords counts as shady enough, imo. We can always refederate after the bots ate overthrown again.

  • th3raid0r@tucson.social
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 years ago

    Hi all, this problem is about to get a LOT worse with lemmy version v0.18 - They will be removing captcha support without anything to replace it.

    https://github.com/LemmyNet/lemmy/issues/2922

    Please, if anyone here has a github account YOU NEED TO COMMENT ON THIS ISSUE.

    I’m not joking, every server admin I’ve talked to does not like this change, yet none of them posted a comment in the issues (and releated issues) to communicate with the devs.

    Folks, if we aren’t going to stop the Lemmy devs from doing something very dumb, then things are about to get a whole lot worse.

  • anji@lemmy.anji.nl
    link
    fedilink
    arrow-up
    6
    ·
    2 years ago

    Spam will always be a major problem with federated platforms. It was never solved for email either. I predict Fedi will need a SpamAssassin type of platform very soon, with curated blacklists, appeals processes, and lots of heuristics…