So some spam signups just happened (all username12345678@gmail.com format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn’t work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let’s see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn’t that fast in unblocking the domain. Closing signups again because validation mails aren’t sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

    • Ruud@lemmy.worldOPM
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      Yes the devs should do that. We’re currently discussing the the Lemmy matrix chat.

    • Dr. Moose@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Captchas are laughably easy to get around but they do work against dumb script kiddies which seems this attack is originating from.

  • Philip@endlesstalk.org
    link
    fedilink
    arrow-up
    19
    ·
    1 year ago

    I ran into the issue on my instance as well, but checking the Captcha option in admin settings, stopped the signups for me.

      • Ruud@lemmy.worldOPM
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I did it in the database, so if you can access your database I can assist.

        • aranym@lemmy.name
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          My instance also experienced this. I’m the only active user (I made it a day ago), but the user count is up to 2K now. It stopped after I enabled captchas, but I want to remove these spam accounts so they don’t cause issues elsewhere.

          I don’t even have a slight clue as to what I should look for in my database.

          • darkfoe@lemmy.serverfail.party
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            If you haven’t figured it out yet or got a response yet, hop onto the instance admin group on matrix for Lemmy (details are on the GitHub or join Lemmy page somewhere I believe) and one of the many other folks running instances can probably walk you through it

  • Sorenchu@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Sounds frustrating. Thanks for doing what you do and letting us join your server! Hope the captcha works out.

  • rastilin@kbin.social
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using… then it reports success but doesn’t actually create the account or send an email. Spam problem over.

  • fsk@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as “What is 2+3?” and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

  • Chaos@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Becareful with this. There’s a clear trend of massive amount of bot accounts flooding lemmy as a whole

    • lwuy9v5@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Becareful with this. There’s a clear trend of massive amount of bot accounts flooding lemmy as a whole

      I am not sure there’s anything in that that denotes “massive amount of bot accounts”. Seems more like “a lot more people made lemmy accounts than stuck around” which is unsurprising.

      Why would a bot account show up in one of your graphs and not the other?

      • gyro@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        they’re waiting to use the bots when the community is large, over a long period of time. This way it’d be hard to detect the bots.

  • Argyle13 @lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I was trying to open my account just when lemmy.world was closed earlier. When I pressed the button to create it I only got and enless “charging” animation. But when it reopened, I just started the process again, and was as easy as a breeze and extremely fast. Glad to be here! (and this is my first post)

  • EvilMonkeySlayer@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    User on kbin here, just tried to sign up to lemmy.world… looks like everything crashed and burned when tried to sign up there.

  • halo5@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I’ve run into this issue with some of my servers in the past and it’s a real PITA to deal with because not only do you have to mitigate the issue, but then you have to make requests to get de-blacklisted, etc. I finally got sick of it all and installed a Barracuda spam firewall in front of the mail server. I have MUCH easier control over IMAP/SMTP now.

      • halo5@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I was vaguely aware of that, but I’m very glad that you posted this link because I didn’t realize that it was this serious and that it hasn’t been patched! My unit is completely up-to-date with firmware and patches, but I can’t find an actual list of affected models ANYWHERE! I’ve taken a cursory look at my system and it doesn’t appear to be compromised, but I emailed Barracuda for additional info. Thanks for this!

  • ThesePaycheckAvenging@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Lucky me, I guess, since I use a masked email address that looks fake too (anon addy). I really dislike to give my email address when testing Reddit alternatives.

  • pragma@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    OK that makes sense, I was trying to sign up and couldn’t figure out why everything was timing out. Sorry if my attempts looked like spam.

    edit: it still doesn’t work for me btw