this post was submitted on 23 Jun 2023
2474 points (95.9% liked)

Lemmy

2172 readers
26 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

Please. Captcha by default. Email domain filters. Auto-block federation from servers that don't respect. By default. Urgent.

meme not so funny

And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not "thousands of dollars" spent.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 151 points 1 year ago* (last edited 1 year ago) (33 children)

Sigh....

All of those ideas are bad.

  1. Captchas are already pretty weak to combat bots. It's why recaptcha and others were invented. The people who run bots, spend lots of money for their bots to.... bot. They have accessed to quite advanced modules for decoding captchas. As well, they pay kids in india and africa pennies to just create accounts on websites.

I am not saying captchas are completely useless, they do block the lowest hanging fruit currently. That- being most of the script kiddies.

  1. Email domain filters.

Issue number one, has already been covered below/above by others. You can use a single gmail account, to basically register an unlimited number of accounts.

Issue number two. Spammers LOVE to use office 365 for spamming. Most of the spam I find, actually comes from *.onmicrosoft.com inboxes. its quick for them to spin it up on a trial, and by the time the trial is over, they have moved to another inbox.

  1. Autoblocking federation for servers who don't follow the above two broken rules

This is how you destroy the platform. When you block legitimate users, the users will think the platform is broken. Because, none of their comments are working. They can't see posts properly.

They don't know this is due to admins defederating servers. All they see, is broken content.

At this time, your best option is for admin approvals, combined with keeping tabs on users.

If you notice an instance is offering spammers. Lets- use my instance for example- I have my contact information right on the side-bar, If you notice there is spam, WORK WITH US, and we will help resolve this issue.

I review my reports. I review spam on my instance. None of us are going to be perfect.

There are very intelligent people who make lots of money creating "bots" and "spam". NOBODY is going to stop all of it.

The only way to resolve this, is to work together, to identify problems, and take action.

Nuking every server that doesn't have captcha enabled, is just going to piss off the users, and ruin this movement.

One possible thing that might help-

Is just to be able to have an easy listing of registered users in a server. I noticed- that actually... doesn't appear to be easily accessible, without hitting rest apis or querying the database.

[–] [email protected] 71 points 1 year ago (22 children)

This is all 100% correct. People have already written captcha-bypassing bots for lemmy, we know from experience.

The only way to stop bots, is the way that has worked for forums for years: registration applications. At lemmy.ml we historically have blocked any server that doesn't have them turned on, because of the likelihood of bot infiltration from them.

Registration applications have 100% stopped bots here.

[–] alert 3 points 1 year ago (1 children)
[–] [email protected] 26 points 1 year ago (1 children)

Despite all the hype about these things being able to solve all the worlds problems, they can't answer a series of contextual questions.

[–] [email protected] 3 points 1 year ago

Boom. Roasted.

load more comments (20 replies)
load more comments (30 replies)