Here you can see 2 day old post warning about the danger of not using email/captcha verification: https://lemmy.ml/post/1345031

And here are stats of lemmy platform where it shows that we gained 200 000 lemmy users in 2 days: https://lemmy.fediverse.observer/dailystats

Another tracking site with the same explosion in users: https://the-federation.info/platform/73

What do you think? Is it some sort of a bug or do people run bot farms?

Edit2: It’s been now 3 days and we went from 150 000 user accounts 3 days ago to 700 000 user accounts today making it 550 000+ bot accounts and counting. Almost 80% accounts on lemmy are now bots and it may end up being an very serious issue for lemmy platform once they become active.

Edit3: It’s now 4th day of the attack and the amount of accounts on lemmy has almost reached 1 200 000. Almost 90% of total userbase are now bots.

Edit 3.1: my numbers are outdated, there are currently 1 700 000 accounts which makes it even worse: https://fedidb.org/software/lemmy

  • Flicsmo@rammy.site
    link
    fedilink
    English
    arrow-up
    23
    ·
    2 years ago

    That’s worrying. Though at least it seems they’re mostly confined to a few particular instances. Defederating is a great tool that will definitely mitigate the worst of it, but at the same time this is uncharted water - there’s no real way of knowing what exactly will happen in a large scale attack.

    Just creating accounts isn’t an attack, but it’s going to suck when there actually is one. I wonder if they’ll try to be subtle and use AI or recycled content, or if they’ll just use the accounts for spam or DDoS?

    • Mechanize@feddit.it
      link
      fedilink
      English
      arrow-up
      32
      arrow-down
      1
      ·
      2 years ago

      Probably they are getting ready for some vote manipulation and astroturfing for the long run.
      You know, in case Lemmy and the Fediverse really get mainstream enough to move the public opinion in some way.

      Having a thousand accounts that can upvote a seemingly innocent post made by an active and “real” account is always useful.

      • Flicsmo@rammy.site
        link
        fedilink
        English
        arrow-up
        15
        ·
        2 years ago

        Yeah good point. I think these particular bot instances are being way too obvious to do any major damage - not when it’s as simple as it is to defederate them - but what’ll happen when it’s not 100k bots on one instance, but 1000 instances with 100 bots apiece?

        Let’s hope Lemmy gets the tools needed to deal with this. I wonder how Mastodon does it? They’ve been around a while, I’m sure they’ve had similar issues.

        • T156@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 years ago

          It might not even be a case of 1000 instances. The nature of Lemmy is such that they could get around a defederation by simply firing up a new instance.

          There’s not much in the Lemmy toolkit that can deal with people firing up a brand new instance to spam with. You can defederate from them after the fact, but it doesn’t stop them making a new one, and continuing.

      • socsa
        link
        fedilink
        arrow-up
        5
        ·
        2 years ago

        These things are always going to be an issue on Lemmy though. Alt detection will basically be impossible.