this post was submitted on 20 Jun 2023
174 points (98.3% liked)

sh.itjust.works Main Community

7705 readers
3 users here now

Home of the sh.itjust.works instance.

Matrix

founded 1 year ago
MODERATORS
 

cross-posted from: https://lemm.ee/post/177673

Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

  • Open sign-ups
  • No captcha
  • No e-mail verification

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

  1. Close sign-ups entirely
  2. Only allow sign-ups with applications
  3. Enable e-mail verification + captcha for sign-ups

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

I've not seen any yet here. Only doing captcha for now but I know emails do work if needed.

[–] [email protected] 4 points 1 year ago (1 children)

Yeah it seems like many of the older instances are already protecting themselves.

https://fedidb.org/current-events/threadiverse

If you go to the top 20 fastest growing servers, they are all empty, bot filled servers as far as I can tell.

https://the-federation.info/platform/73#drawer-opened

This site seems to be doing a better job of ignoring the bot accounts, and you can see all the original active instances have only grown a modest amount in the past couple days.

[–] [email protected] 3 points 1 year ago

Wow, that's hundreds of thousands of "users" within two days. It could be software testing or preparing a massive blow.