this post was submitted on 13 Sep 2023
984 points (94.9% liked)

Lemmy.World Announcements

29104 readers
12 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations ๐Ÿ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
984
submitted 1 year ago* (last edited 1 year ago) by lwadmin to c/lemmyworld
 

Lately we have been dealing with a few abusive members from Feddit.nl and we were unable to get in touch with the instance administrator.

Part of the problem is the instance's open registrations which do not require you to enter an e-mail address during signup. This in combination with an inactive admin is a recipe for abuse.

We hope this is only temporary but we have to do this to protect our users.

Edit: we use fediseer, have a look https://gui.fediseer.com/instances/detail/lemmy.world

Edit 2: We got in touch with the Feddit.nl admin. Email requirements were added to the sign-up process and we're setting up a communication channel. So that means we are federating with Feddit.nl again!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] BitingChaos 39 points 1 year ago (36 children)

Part of the problem is the instance's open registrations which do not require you to enter an e-mail address during signup.

How is this even a thing? Why would the Lemmy software even allow operation like this?

[โ€“] SpliceVW 59 points 1 year ago (9 children)

Let's be real - an email address doesn't really stop much of anything. Anyone can really easily spin up new email addresses freely.

[โ€“] [email protected] 18 points 1 year ago (2 children)

Sadly yeah. We absolutely should use email signup because it filters our the absolute lowest effort bots, but it does nothing against higher quality bots or humans. Not only can you easily spin up new emails on the fly, but many emails allow ways to make the email appear unique (eg, Gmail ignores dots and anything after the + sign), there's plenty of temporary email services with a variety of domains, and if you own a domain, you can trivially create unlimited emails until they catch on and ban the entire domain.

Inactive admins are also an issue, but if malicious users are determined enough, it doesn't matter that much how active an admin is. An active admin can mostly help by making IP banning an option (imperfect, but will work on many humans) and can temporarily turn on approvals to make it easier to weed out low hanging fruit. Nothing will work against someone determined enough, but could at least reduce how many instances they can turn to.

[โ€“] itsdavetho 2 points 1 year ago (1 children)

Personally I don't think anything will stop anyone determined to bring this type of harm to the community, there's an endless list of workarounds. These communities need a larger network of moderators across timezones

[โ€“] sab 8 points 1 year ago

Nope, but it will stop the less determined ones.

With no email verification, you can pretty much create dozens of fake accounts per second - as fast as the API can handle.

load more comments (6 replies)
load more comments (32 replies)