94
submitted 1 year ago* (last edited 1 year ago) by ruud@lemmy.world to c/lemmyworld@lemmy.world

So some spam signups just happened (all username12345678@gmail.com format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn't work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let's see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn't that fast in unblocking the domain. Closing signups again because validation mails aren't sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

top 50 comments
sorted by: hot top controversial new old
[-] AlmightySnoo@lemmy.world 19 points 1 year ago

How about adding a captcha? I was surprised there was none when I signed up.

[-] ruud@lemmy.world 10 points 1 year ago

Yes the devs should do that. We're currently discussing the the Lemmy matrix chat.

[-] drmoose@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Captchas are laughably easy to get around but they do work against dumb script kiddies which seems this attack is originating from.

[-] possiblylinux127@lemmy.world 1 points 1 year ago

I'm down as long as its privacy friendly and doesn't use non-free javascript

load more comments (1 replies)
[-] lemmy@endlesstalk.org 19 points 1 year ago

I ran into the issue on my instance as well, but checking the Captcha option in admin settings, stopped the signups for me.

[-] admin@thegarden.land 3 points 1 year ago

Thanks for the tip- I’m having the same issue. How do I ban those accounts? I can’t even tell who my users are

[-] ruud@lemmy.world 3 points 1 year ago

I did it in the database, so if you can access your database I can assist.

[-] aranym@lemmy.name 2 points 1 year ago

My instance also experienced this. I'm the only active user (I made it a day ago), but the user count is up to 2K now. It stopped after I enabled captchas, but I want to remove these spam accounts so they don't cause issues elsewhere.

I don't even have a slight clue as to what I should look for in my database.

[-] ruud@lemmy.world 2 points 1 year ago

Contact me via Matrix if possible @ruud:h-y-p-e-r.space

[-] darkfoe@lemmy.serverfail.party 1 points 1 year ago

If you haven't figured it out yet or got a response yet, hop onto the instance admin group on matrix for Lemmy (details are on the GitHub or join Lemmy page somewhere I believe) and one of the many other folks running instances can probably walk you through it

[-] Magrid@lemm.ee 15 points 1 year ago

can't have anything nice nowadays

[-] ghariksforge@lemmy.world 14 points 1 year ago

I love how transparent you are with the management of this instance. Kudos!

[-] phil299@lemmy.world 5 points 1 year ago

This, Refreshing πŸ˜€πŸ‘

[-] Sorenchu@lemmy.world 6 points 1 year ago

Sounds frustrating. Thanks for doing what you do and letting us join your server! Hope the captcha works out.

[-] chaosppe@lemmy.world 3 points 1 year ago

Becareful with this. There's a clear trend of massive amount of bot accounts flooding lemmy as a whole

load more comments (3 replies)
[-] flint5436@lemmy.world 3 points 1 year ago

Those usernames are so unimaginative. Who would pick a name like that?

[-] samus12345@lemmy.world 5 points 1 year ago

I know, right? That's the kind of thing an idiot would have on their luggage!

[-] Crackhappy@lemmy.world 3 points 1 year ago

12345 is the code to my luggage

[-] 0uterzenith@lemmy.world 1 points 1 year ago

Now, can you tell me where your luggage is?

[-] rastilin@kbin.social 3 points 1 year ago

Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using... then it reports success but doesn't actually create the account or send an email. Spam problem over.

[-] AtomicPurple@kbin.social 2 points 1 year ago

Very clever, only problem is it's not a general solution.

[-] fsk@lemmy.world 3 points 1 year ago

I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as "What is 2+3?" and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

[-] kargarocP4@startrek.website 3 points 1 year ago

Don't just include it as text though. Rather, present the question as text in a picture.

[-] pohart@lemmyrs.org 1 points 1 year ago

This is very effective but also blocks people who spend on screen readers

[-] joyjoy@lemmy.world 1 points 1 year ago

The solution there is to provide a voice over of the captcha.

[-] Sir_Kevin@lemmy.world 1 points 1 year ago

I made one that phrased it as "The sum of 2 and 3". Weeds out bots and less sophisticated people.

load more comments (2 replies)
[-] halo5@lemmy.world 2 points 1 year ago

I've run into this issue with some of my servers in the past and it's a real PITA to deal with because not only do you have to mitigate the issue, but then you have to make requests to get de-blacklisted, etc. I finally got sick of it all and installed a Barracuda spam firewall in front of the mail server. I have MUCH easier control over IMAP/SMTP now.

[-] CynicalStoic@lemmy.world 2 points 1 year ago

Thanks for staying on top of things! Really appreciate your efforts!

[-] EvilMonkeySlayer@kbin.social 2 points 1 year ago

User on kbin here, just tried to sign up to lemmy.world.. looks like everything crashed and burned when tried to sign up there.

load more comments (1 replies)
[-] Argyle13@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

I was trying to open my account just when lemmy.world was closed earlier. When I pressed the button to create it I only got and enless "charging" animation. But when it reopened, I just started the process again, and was as easy as a breeze and extremely fast. Glad to be here! (and this is my first post)

[-] RandAlThor@lemmy.ca 1 points 1 year ago

I am from Lemmy Canada. I have noticed that when I come to a community hosted on Lemmy World I am often signed out. Do I need to sign up here to participate?

[-] pragma@kbin.social 1 points 1 year ago* (last edited 1 year ago)

OK that makes sense, I was trying to sign up and couldn't figure out why everything was timing out. Sorry if my attempts looked like spam.

edit: it still doesn't work for me btw

[-] Emanresu@lemmy.world 1 points 1 year ago

I got in just in time! For the record, the sign up date seems to be broken. My account is less than a day old and it says I've been here since the 14th. Unless maybe it counts cookies or something?

Lucky me, I guess, since I use a masked email address that looks fake too (anon addy). I really dislike to give my email address when testing Reddit alternatives.

[-] possiblylinux127@lemmy.world 1 points 1 year ago

Make sure you use a strong password for accounts

load more comments (2 replies)
[-] MyOpinion@lemmy.world 1 points 1 year ago

The spam battles are heating up!

[-] Exusgu@lemmy.world 1 points 1 year ago

Thank you for working to get signups working once more!

[-] ulu_mulu@lemmy.world 1 points 1 year ago

Wow that was quick, amazing job as always!

[-] scottywh@lemmy.world 1 points 1 year ago

Wanna recruit a helper who promises nothing but benevolent assistance?

[-] stux@geddit.social 1 points 1 year ago

Same on Geddit.social

Also fixed now!

[-] wiz@lemm.ee 1 points 1 year ago

FYI looks like registration still doesn't work - send button spinning, no request in ff network monitor. Tried ff & chrome, gmail and proton. I went with a different server eventually, but you might wanna do something in case this is not intentional

load more comments
view more: next β€Ί
this post was submitted on 19 Jun 2023
94 points (100.0% liked)

Lemmy.World Announcements

29028 readers
2 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages πŸ”₯

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

Donations πŸ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 1 year ago
MODERATORS