this post was submitted on 23 Jun 2023
95 points (99.0% liked)

Lemmy

12524 readers
1 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 5 years ago
MODERATORS
nutomic@lemmy.ml
95
Bots are trying to join my instance now through the application requirement (lemmyverse.org)
submitted 2 years ago* (last edited 2 years ago) by tugg@lemmyverse.org to c/lemmy@lemmy.ml
56 comments fedilink hide all child comments
 

I have the application process enabled for people to join my instance, and I've gotten about 20 bots trying to join today when I had nobody trying to join for 5 days. I can tell because they are generic messages and I put a question in asking what 2+3 is and none of them have answered it at all, they just have a generic message.

Be careful out there, for all you small instance admins.

you are viewing a single comment's thread
view the rest of the comments
[–] cstine@lemmy.uncomfortable.business 13 points 2 years ago (7 children)

Because you can't make thousands of spambots on your own instance because as you noted it'd take about 5 minutes to defederate and thus remove all the bots.

You want to put a handful on every server you can, because then your bots have to be manually rooted out by individual admins, or the federation between instances gets so broken there's no value in the platform.

And for standing up more instances, you have to bear the cost of running the servers yourself, which isn't prohibitive, but more than using bots via stolen/infected proxies (and shit like Hola that gives you a "free vpn" at the cost of your computer becoming an exit node they then resell).

Also, I'm suspicious that it's not 'spam bots' in the traditional sense since what's the point of making thousands of bots but then barely using them to spam anyone? My tinfoil hat makes me think this is a little more complicated, though I have zero evidence other than my native paranoia.

[–] DivergentHarmonics@sopuli.xyz 4 points 2 years ago (2 children)

... How many comments would each of 5M bot accounts need to make to overflow an i32 db key ... I also think it looks as if someone is testing disruptive stuff. It may be kids playing, or it may be the chatbot army in preparation.

[–] cstine@lemmy.uncomfortable.business 2 points 2 years ago (1 children)

I'm not a Postgres expert but a quick look at the pgsql limits looks like it's 4 billion by default, which uh, makes sense if it's a 32 bit limit.

Soooo 5 million users would need to make.... 800 posts? ish? I mean, certainly doable if nobody caught it was happening until it was well into it.

[–] DivergentHarmonics@sopuli.xyz 2 points 2 years ago

Aha that's a postgres default? I was looking into the code to see some of the DB structure. And i thought, well i made over 100 comments in 2 weeks so it wouldn't take too long until that 32-bit space is used up (in normal operation with some more users).

load more comments (4 replies)