Sounds pretty suspicious to me.
You must log in or register to comment.
I just joined yesterday because I saw a post that I can’t find. But it reminded me to ditch Reddit and find some Lemmy instances. I’m glad I found this one and was able to sign up. Just my 2 cents.
Well I’m happy you chose to join us 🤗
I was able to delete most of the fake users, but the user count on the homepage does not update 🤷 I can’t find that number saved in the database anywhere.
Nodinfo.json maybe? Thats what the fedidb site pulls the numbers it seems.
Yeah but that’s not a file that just exists. Turns out the aggregates were saved to the database so I updated the user count there manually. Should be okay now.
Very well.
Lemmy explorer ( https://lemmyverse.net/communities?query=synthesizer ) does not show this instance. Is it related to this issue with fake user count? Or Waveform just hidden from explorer to prevent bot invasion?
Good question, I wasn’t aware of the explorer but in the logs of the instance I can see that the did query the instance from time to time. I will get in touch with them to see why this instance isn’t on there.
Seems to work now?
Strange, I think they may have just needed some time to catch up with the vast amount of new instances.
Yeah you’re right. That doesn’t sound right. Will take a look.
Seems it happened on many instances.
Thanks for letting me know, I have blocked the bot in our firewall for now and will delete the fake account shortly
Cool,
Stumbled upon this accidentally.
Yeah, idk what it is. It seems like a weak attack 🤷🏼♂️ one account every few seconds. Nothing that would topple any server except a raspberry pi.
I can see it’s an amateurishly written script, making it easy to pick out in the firewall. Oh well
Sounds manageable.
I had some kind of cloudflare error message today but maybe unrelated.
Yeah that’s unrelated. I moved the server to a new ip address to isolate it from my personal projects. It took a while for these changes to propagate.
Good to hear, saw the cloudflare error most of the day today and was worried because several small instances were being hit. Would it make sense to enable captcha and email verification to the signup process so you don’t get hit by more bots?
Seems like some actors would like to slowly cultivate bot accounts on smaller instances that fly under the radard of bigger ones
Let me know if you ever need help with server admin stuff. I’m not an expert, but did web dev for 15 years and still comfortable enough on the old Linux CLI.
Ah I see, thought it might be maintenance related.
Please put email required on your sign up process (link)
