Forse i numeri incredibili di nuove iscrizioni che abbiamo visto su
https://fedidb.org/current-events/threadiverse
sono un po esagerati.
Pare che, sulle ali dell’entusiasmo, molti neo amministratori di server lemmy, abbiano lasciato le iscrizioni aperte senza captcha e verifica dell’email.
cross-posted from: https://lemm.ee/post/177673
Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.
For now, it seems that the bots are especially targeting instances that have:
- Open sign-ups
- No captcha
- No e-mail verification
I have put together a spreadsheet of some of the most suspicious cases here.
If this is affecting you, I would highly recommend considering one of the following options:
- Close sign-ups entirely
- Only allow sign-ups with applications
- Enable e-mail verification + captcha for sign-ups
Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!
Please comment below if you have any questions or anything useful to add.
È che in realtà ho creato uno script che li approva tutti in automatico.
(scherzo, ovviamente) 😅