So, lemmy seems to be flooded with spam bot accounts at the moment. Look through the table of servers on fedidb (https://fedidb.org/software/lemmy) and notice how there are these huge instances without any active users (MAU).
Also notice how startrek.website
has 9000 users for 276 active users this month.
From memory, when I signed up, there was no email requirement or captcha or anything.
Admins … maybe you want to tighten things up?
Just a quick update for everyone, yes OP is right and a bunch of bots signed up. We’ve purged them from our user count and enabled CAPTCHA. Email verification is coming soon as a secondary deterrent.
For the record nobody told us that it’s not safe out here. We were aware that self-hosting was wondrous, with treasures to satiate desires both subtle and gross; but has NO IDEA that it wasn’t for the timid. 😉
Ooh … how did you purge them from your user numbers? Many other admins might not know how to do that … maybe worth sharing?
We deleted them from the local_user
database table outright based on some sketchy shared attributes, and then manually updated the user count in site_aggregates
to the correct figure so our stats wouldn’t look so sketchy.
Pretty simple for anyone comfortable in SQL who knows where to look (a helpful user DM’d and gave us a hand here), but not something anybody should try willy nilly if they don’t know what they are doing. Editing production data on the fly is not to be done casually.
There are pricy probably admins who might appreciate this, as dangerous as it is.
Care if I post it into the lemmy community or even made the support community?