this post was submitted on 19 Jun 2023
486 points (99.4% liked)

Lemmy.World Announcements

29086 readers
194 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages πŸ”₯

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations πŸ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
 

So some spam signups just happened (all [email protected] format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn't work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let's see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn't that fast in unblocking the domain. Closing signups again because validation mails aren't sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

top 50 comments
sorted by: hot top controversial new old
[–] AlmightySnoo 58 points 1 year ago (3 children)

How about adding a captcha? I was surprised there was none when I signed up.

[–] ruud 49 points 1 year ago

Yes the devs should do that. We're currently discussing the the Lemmy matrix chat.

[–] drmoose 36 points 1 year ago* (last edited 1 year ago)

Captchas are laughably easy to get around but they do work against dumb script kiddies which seems this attack is originating from.

[–] possiblylinux127 6 points 1 year ago (1 children)

I'm down as long as its privacy friendly and doesn't use non-free javascript

load more comments (1 replies)
[–] ghariksforge 47 points 1 year ago (1 children)

I love how transparent you are with the management of this instance. Kudos!

[–] phil299 17 points 1 year ago

This, Refreshing πŸ˜€πŸ‘

[–] Sorenchu 20 points 1 year ago

Sounds frustrating. Thanks for doing what you do and letting us join your server! Hope the captcha works out.

[–] [email protected] 18 points 1 year ago (2 children)

Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using... then it reports success but doesn't actually create the account or send an email. Spam problem over.

[–] [email protected] 9 points 1 year ago

Very clever, only problem is it's not a general solution.

load more comments (1 replies)
[–] flint5436 18 points 1 year ago (2 children)

Those usernames are so unimaginative. Who would pick a name like that?

[–] samus12345 18 points 1 year ago (3 children)

I know, right? That's the kind of thing an idiot would have on their luggage!

[–] Crackhappy 12 points 1 year ago (1 children)

12345 is the code to my luggage

[–] 0uterzenith 5 points 1 year ago

Now, can you tell me where your luggage is?

load more comments (2 replies)
load more comments (1 replies)
[–] fsk 13 points 1 year ago (5 children)

I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as "What is 2+3?" and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

[–] [email protected] 6 points 1 year ago (1 children)

Don't just include it as text though. Rather, present the question as text in a picture.

[–] [email protected] 8 points 1 year ago (1 children)

This is very effective but also blocks people who spend on screen readers

[–] joyjoy 7 points 1 year ago

The solution there is to provide a voice over of the captcha.

[–] Sir_Kevin 5 points 1 year ago

I made one that phrased it as "The sum of 2 and 3". Weeds out bots and less sophisticated people.

load more comments (3 replies)
[–] [email protected] 9 points 1 year ago

Uff, that's annoying. Thank you for the warning. I have re-instated a signup application for my instance to prevent this.

[–] [email protected] 9 points 1 year ago (1 children)

Thanks for the tip- I’m having the same issue. How do I ban those accounts? I can’t even tell who my users are

[–] ruud 10 points 1 year ago (3 children)

I did it in the database, so if you can access your database I can assist.

load more comments (3 replies)
[–] ulu_mulu 9 points 1 year ago

Wow that was quick, amazing job as always!

[–] Argyle13 9 points 1 year ago* (last edited 1 year ago)

I was trying to open my account just when lemmy.world was closed earlier. When I pressed the button to create it I only got and enless "charging" animation. But when it reopened, I just started the process again, and was as easy as a breeze and extremely fast. Glad to be here! (and this is my first post)

[–] chaosppe 8 points 1 year ago (3 children)

Becareful with this. There's a clear trend of massive amount of bot accounts flooding lemmy as a whole

load more comments (3 replies)
[–] CynicalStoic 7 points 1 year ago

Thanks for staying on top of things! Really appreciate your efforts!

[–] MyOpinion 7 points 1 year ago

The spam battles are heating up!

[–] [email protected] 7 points 1 year ago (1 children)

Lucky me, I guess, since I use a masked email address that looks fake too (anon addy). I really dislike to give my email address when testing Reddit alternatives.

load more comments (1 replies)
[–] [email protected] 6 points 1 year ago

Same on Geddit.social

Also fixed now!

[–] CosmicSploogeDrizzle 6 points 1 year ago (1 children)

Is there a growth target for the community? I see that Lemmy.world is almost equal in size to lemmy.ml. Will this instance remain open indefinitely?

[–] ruud 48 points 1 year ago (2 children)

No target. I will keep this open as long as it's possible. It's up to others to start as many Lemmy instances as possible, and the Lemmy devs to create a better join-lemmy with a rotating 'recommended server' preferring smaller instances. But that's difficult. Because you also don't want 1000 users to land on someone's Raspberry Pi instance without backup which they can just stop if they get bored of it. Same issue goes for Mastodon as well... but that's being worked on.

[–] tumble_weeds 16 points 1 year ago

I have no technical knowledge or assistance to offer but thanks for what you do

[–] setsneedtofeed 9 points 1 year ago (1 children)

Tangential question but it’s been on my mind. Should mods be encouraging images to be posted on outside image hosting services (Imgur or something) to reduce the load on Lemmy.world? I actually don’t know how much images affect the server.

[–] ruud 19 points 1 year ago

Nah.. It's only 27GB of images right now. I have around 800GB space, and can have disks (cheap HDDs in case of images) added to the server. Also pictrs will support S3 in the newer version. But good that you're all thinking with me!

[–] A_A 5 points 1 year ago (1 children)

What's Happening here : ( 1 hour ago )

Modlog :
mod
Locked Post Update from Lemmy after the Reddit blackout (From the Lemmy Developer)


BTW : Great work, many thanks πŸ˜„

load more comments (1 replies)
[–] [email protected] 5 points 1 year ago (1 children)

User on kbin here, just tried to sign up to lemmy.world.. looks like everything crashed and burned when tried to sign up there.

[–] minimar 6 points 1 year ago

It was you all along!

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

OK that makes sense, I was trying to sign up and couldn't figure out why everything was timing out. Sorry if my attempts looked like spam.

edit: it still doesn't work for me btw

[–] possiblylinux127 4 points 1 year ago (1 children)

Make sure you use a strong password for accounts

[–] samus12345 8 points 1 year ago (2 children)

I am, it's my social security number, 365-24-7420!

Just kidding, that's not really the number! I wrote it backwards!

load more comments (2 replies)
[–] halo5 4 points 1 year ago (1 children)

I've run into this issue with some of my servers in the past and it's a real PITA to deal with because not only do you have to mitigate the issue, but then you have to make requests to get de-blacklisted, etc. I finally got sick of it all and installed a Barracuda spam firewall in front of the mail server. I have MUCH easier control over IMAP/SMTP now.

load more comments
view more: next β€Ί