Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

  • Open sign-ups
  • No captcha
  • No e-mail verification

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

  1. Close sign-ups entirely
  2. Only allow sign-ups with applications
  3. Enable e-mail verification + captcha for sign-ups

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.

  • genoxidedev1@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Doing no captcha is like leaving the door open, hoping no-one breaks in, instead of at least closing the door (a closed door decreases chance of break in by near 100%, even if it’s not locked)