this post was submitted on 19 Jun 2023
3 points (100.0% liked)

Selfhosted

39984 readers
509 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
3
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/selfhosted
 

Hello, I noticed that my user count started going up much quicker than it should have. We probably have no more than 20-30 people on my instance at most, but the user count is now into the thousands.

Screenshot taken last night

Screenshot taken a few minutes ago

~~I'm not really sure what could be causing this, but it seems like some sort of database issue. I recently upgraded the server plan, since it's a VPS. Perhaps sending the shutdown signal and not manually stopping the Docker container caused PostgreSQL to shit itself. (Yeah, this was probably a bad idea). While I'm a bit rusty, I did have a semester class on SQL that might come in handy. Any ideas on what I should do?~~

~~I suppose it could also be account spammers, so I did try and enable captchas. Unfortunately, email verification is still not an option for me to enable at this point. Assuming this was the issue, is there a way to remove the spam accounts?~~

The captcha did seem to stop the endless tick of the user count, but I'm not sure how we can get rid of the spam accounts.

top 15 comments
sorted by: hot top controversial new old
[–] ruud 6 points 1 year ago (1 children)

I can help. Message me on matrix if you can @ruud:h-y-p-e-r.space

[–] [email protected] 2 points 1 year ago

I have some experience with SQL queries, so I'll try and wrangle with the DB to get things ironed out.

[–] [email protected] 2 points 1 year ago (1 children)

Yes, there is a spambot attack ongoing that targets instances with open registration and no email verification, captcha or admin approval.

[–] [email protected] 1 points 1 year ago (1 children)

Does Lemmy have any tools to mass-delete new accounts within a time-frame?

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

AFAIK no and I hate to state the obvious, but it is a really bad idea to open a service to the public with no registration checks in place what so ever. Especially in a federated network, where is also effects other servers.

Right now I think you will have to delete them manually from the database.

[–] [email protected] 2 points 1 year ago

Yeah, I've already made a few blunders that I'm learning from. I'll see what I can do.

[–] [email protected] 2 points 1 year ago

I had the same issue with spam accounts being created and ended up logging into postgres and deleting user accounts that didn't have a verified email. My instance is very fresh though and doesn't have a ton of non-me users so I could safely delete them. Once I enabled captcha and deleted those accounts I don't have issues with user counts.

[–] [email protected] 2 points 1 year ago (1 children)

I also don't know if this is related or expected behavior, but this instance seems to be automatically banning user accounts on other instances. They do seem to be NSFW or related to inappropriate topics, but I had no idea that this was something Lemmy automatically did.

[–] [email protected] 1 points 1 year ago

That is unrelated and currently expected behaviour. Could be improved though, I agree.

[–] [email protected] 1 points 1 year ago (1 children)

Feddit.uk is also experiencing massive gains in users, I hope it’s real users, I’m not an admin but been keeping an eye on the stats.

Looping @[email protected] in case he see’s similar spam users

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Do you guys have captchas enabled? That did the trick for me for now. I would be careful about enabling email verification, as that is something that the account spambots are also apparently targeting. If you're on a free tier of an SMTP relay service, it could quickly burn through your quota.

[–] [email protected] 1 points 1 year ago (1 children)

Could this be a DDOS attempt on Lemmy instances, the times you stated match what I see and the instance has started to slow.

We don’t have captchas right now and our admin is out of office this week😬

[–] [email protected] 1 points 1 year ago (1 children)

You said that you're an admin, right? Captchas are something you can easily turn on in the admin panel.

[–] [email protected] 1 points 1 year ago (1 children)

Nope not an admin, thinking about setting one up tomorrow though.

[–] [email protected] 1 points 1 year ago

Are you the operator of the server? There is an option in the .hjson file to configure a default admin log-in. It's pretty easy to edit that and push up changes if you used the Ansible install.

load more comments
view more: next ›