I have the application process enabled for people to join my instance, and Iā€™ve gotten about 20 bots trying to join today when I had nobody trying to join for 5 days. I can tell because they are generic messages and I put a question in asking what 2+3 is and none of them have answered it at all, they just have a generic message.

Be careful out there, for all you small instance admins.

You are viewing a single thread.
View all comments

Why are these bot operators going through the hassle of joining existing instancesā€¦ couldnā€™t they just set up their own, since instances would need to manually defederate them after they spam?

I wonder how difficult it would be to take a Formspree-style approach to combat the bots, using a hidden form field

permalink
report
reply
5 points

My guess would be because it is more difficult for other instances to deal with instances that have a combination of bots and actual users.

permalink
report
parent
reply
2 points

This.

You just domain or IP block a bot server. Maybe you donā€™t want to block a place with a history, and people.

And smaller sites are using the application form. SJW and Lemmy.world are much more ripe for setting up on, because itā€™s a much bigger decision to block them.

permalink
report
parent
reply
14 points

Because you canā€™t make thousands of spambots on your own instance because as you noted itā€™d take about 5 minutes to defederate and thus remove all the bots.

You want to put a handful on every server you can, because then your bots have to be manually rooted out by individual admins, or the federation between instances gets so broken thereā€™s no value in the platform.

And for standing up more instances, you have to bear the cost of running the servers yourself, which isnā€™t prohibitive, but more than using bots via stolen/infected proxies (and shit like Hola that gives you a ā€œfree vpnā€ at the cost of your computer becoming an exit node they then resell).

Also, Iā€™m suspicious that itā€™s not ā€˜spam botsā€™ in the traditional sense since whatā€™s the point of making thousands of bots but then barely using them to spam anyone? My tinfoil hat makes me think this is a little more complicated, though I have zero evidence other than my native paranoia.

permalink
report
parent
reply
7 points

undefined> Also, Iā€™m suspicious that itā€™s not ā€˜spam botsā€™ in the traditional sense since whatā€™s the point of making thousands of bots but then barely using them to spam anyone?

This is Twitter and web forum spam 101, you establish a bunch of accounts while there are very few controls, then you start burning them over time as you get maybe one shot to mass spam with each of them before they get banned.

permalink
report
parent
reply
4 points

Itā€™s always about following the money for spammers/malware/etc. authors: thereā€™s (usually) a commercial incentive theyā€™re pushing towards.

The bot is evolving and adapting to countermeasures and becoming ā€œsmarterā€ which means some human somewhere is investing time and effort in doing this, which means thereā€™s some incentive.

That said, I doubt itā€™s strictly commercial because the Lemmy user base is really small and probably not worth much because if youā€™re here youā€™re most certainly not on the area of the bell curve thatā€™ll fall for the usual spambot commercialization double-your-money/fake reviews/affiliate link/astroturfing approaches.

Iā€™d wager itā€™s more about the ability to be disruptive than the ability to extract money from the users you can target, so like, your average 16-year-old internet trolls.

permalink
report
parent
reply

ā€¦ How many comments would each of 5M bot accounts need to make to overflow an i32 db key ā€¦ I also think it looks as if someone is testing disruptive stuff. It may be kids playing, or it may be the chatbot army in preparation.

permalink
report
parent
reply
2 points

Iā€™m not a Postgres expert but a quick look at the pgsql limits looks like itā€™s 4 billion by default, which uh, makes sense if itā€™s a 32 bit limit.

Soooo 5 million users would need to makeā€¦ 800 posts? ish? I mean, certainly doable if nobody caught it was happening until it was well into it.

permalink
report
parent
reply
1 point

Why are these bot operators going through the hassle of joining existing instances

I wonder if thereā€™s already a ā€œthe bots are from Redditā€ conspiracy :D

I really see no point in these actions. I mean, seriously, why would you want to just harm something open?

permalink
report
parent
reply
1 point

For the same reasons youā€™d want to harm any other platform.

permalink
report
parent
reply
4 points

I think the other user nailed it. Itā€™s easy to look at the list of lemmy servers and defederate the bot farms by comparing ā€œactive usersā€ to ā€œtotal usersā€. I guess once the bots are active that will look a bit different.

permalink
report
parent
reply
7 points

When the whole instance is spam, itā€™s easy to defederate. When it is camouflaged in a legit instance, itā€™s harder to root out.

permalink
report
parent
reply
8 points
*

Detecting and blocking whole instances with many bots is somewhat trivial. Blocking and detecting some number of bots in an instance with 10k users, with an ever growing number of human users, is much harder.

permalink
report
parent
reply
3 points

Setting up an instance would be more difficult too I assume

permalink
report
parent
reply
2 points

Itā€™s honestly not too bad, only took about an hour after researching a couple of days. Thereā€™s an easy deploy script out there, that I donā€™t have a link for on my phone, that makes it really easy.

permalink
report
parent
reply
1 point

Theyā€™d get Fediblocked super quickly and then itā€™s just a quick copy and paste by, you know, like, 5 guys that administer 90% of Lemmybin users and theyā€™re shut down.

permalink
report
parent
reply

Lemmy

!lemmy@lemmy.ml

Create post

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

Community stats

  • 862

    Monthly active users

  • 1.1K

    Posts

  • 14K

    Comments

Community moderators