this post was submitted on 23 Jun 2023
2474 points (95.9% liked)

Lemmy

2172 readers
2 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
2474
submitted 2 years ago* (last edited 2 years ago) by alert to c/[email protected]
 

Please. Captcha by default. Email domain filters. Auto-block federation from servers that don't respect. By default. Urgent.

meme not so funny

And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not "thousands of dollars" spent.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 2 years ago (1 children)

Obviously biased, but I'm really concerned this will lead to it becoming infeasible to self-host with working federation and result in further centralization of the network.

Mastodon has a ton more users and I'm not aware of that having to resort to IRC-style federation whitelists.

I'm wondering if this is just another instance of kbin/lemmy moderation tools being insufficient for the task and if that needs to be fixed before considering breaking federation for small/individual instances.

[–] [email protected] 6 points 2 years ago (2 children)

He explained it already. It looks for a ratio of number of users to posts. If your "small" instance has 5000 users and 2 posts, it would probably assume a lot of those users would be spam bots. If your instance has 2 users and 3 posts, it would assume your users are real. There's a ratio, and the admin of each server that utilizes it can control the level at which it assumes a server is overrun by spam accounts.

[–] [email protected] 2 points 2 years ago* (last edited 2 years ago) (1 children)

The issue is that it could still be abused against small instances.

For example, I had a bit less than 10 bots trying to signup to my instance today (I had registration with approval on) and those account are reported as instance users even though I refused their registration. Because of this my comment/post ratio per user got a big hit with me being unable to do anything (other than delete those accounts directly from the db).

So even if you don't allow spam accounts to get into your instance, you can easily get blacklisted from that list because creating a few dozen thousands account registration requests isn't that hard even against an instance protected by captcha.

[–] eekrano 2 points 2 years ago

Comment / post ratio is useless as well for this though.

  1. Create a server
  2. Create 10,000 bot accounts
  3. Have 85% of bot accounts create a random post
  4. Have 40% of post a comment on the main level posts

Looks like I pretty busy, totally real server by the aforementioned metric

[–] [email protected] 2 points 2 years ago

Okay, so how do you bootstrap a new server in that system?

What do you do when you just created a server and can't get new users because you aren't whitelisted yet?

But what if you do handful of users to start out, or just yourself? How do become 'active' without being able to federate with any other servers? Talk with yourself?