Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.
And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.
This is all 100% correct. People have already written captcha-bypassing bots for lemmy, we know from experience.
The only way to stop bots, is the way that has worked for forums for years: registration applications. At lemmy.ml we historically have blocked any server that doesn’t have them turned on, because of the likelihood of bot infiltration from them.
Registration applications have 100% stopped bots here.
You’re right that captchas can be bypassed, but I disagree that they’re useless.
Do you lock your house? Are you aware that most locks can be picked and windows can be smashed?
captchas can be defeated, but that doesn’t mean they’re useless - they increase the level of friction required to automate malicious activity. Maybe not a lot, but along with other measures, it may make it tricky enough to circumvent that it discourages a good percentage of bot spammers. It’s the “Swiss cheese” model of security.
Registration applications stop bots, but it also stops legitimate users. I almost didn’t get onto the fediverse because of registration applications. I filled out applications at lemmy.ml and beehaw.org, and then forgot about it. Two days later, I got reminded of the fediverse, and luckily I found this instance that didn’t require some sort of application to join.
Don’t read the first sentence, and then glaze over the rest.
But even then, however, what’s to stop an army of bots from just ChatGPTing their way through the application process?
I went to a website to generate a random username, picked the first option of polarbear_gender, and then just stuck that and the application questions for lemmy.ml into ChatGPT to get the following:
I don’t know the full criteria that people are approved or declined for, but would these answers pass the sniff test?
I’m just worried that placing too much trust in the application process contributes to a false sense of security. A community that is supposedly “protected” from bots can be silently infiltrated by them and cause more damage than in communities where you can either reasonably assume bots are everywhere, or there are more reliable filtering measures in place than a simple statement of purpose.
As I said in my post-
If I decide I want to write spam bots for lemmy- there isn’t much that is going to stop me. Even approvals, aren’t hard to work around. Captchas are comically easy to get past. Registered emails? Not a problem either. I can make a single valid email, and then re-use it once on every single instance. Writing a script that waits for approvals, is quite easy.
deleted by creator
Heh, stupid AI can’t even be more smarter than me
Most answers are “yes?” or “Uhh, I think so??” ;) The bots simply… stopped joining. It’s really only lowest-effort spamming this helps against, but that seems to be the main bots.
Btw, what’s the deal with your instance? I noticed you’re from one of the original servers from 4 years ago. Do you know why it was founded or can you direct me to some information?
I’m from the reddit migration, although a bit more experienced than most (having been here over 2 weeks makes me a unicorn on my server).
I’d like to spread some more knowledge about the history of the platform and what kind of different servers are out there. Problem is, I don’t have any knowledge! Help!
Uh, I also only joined with the reddit migration :D I joined 15 days ago. just like ypu.
I looked at join-lemmy, did not want any of the huge instances, thought one in Europe would still be a good idea. Tchncs sounded interesting and more English than Feddit (I’m German but prefer English :D). They host a lot of federated things, including my favorite federated network XMPP/Jabber and have been for years, so that seemed like a great pick :)
Ah, I see. So tchncs.de hosts other federated platforms, and someone probably decided to set up a Lemmy site when it was originally created 4 years ago. But it was likely pretty empty until the past couple weeks.
Ok good to know, I don’t really know about XMPP/Jabber but I like what I see on wikipedia. Thanks!
I think until recently it also was in “unstable/testing” and not intended for serious use.
XMPP is amazing, open federated chat protocol for over 20 years. There was a time when I could chat with people on Google Hangouts or Facebook Messenger from my XMPP client (before they disabled federation). I host my own server, but have so far not gotten around to hosting bridges. That actually became less interesting when my client (Gajim) on desktop decided to follow the shitty (for me) UI of Discord, Signal, Matrix, et al., XMPP clients don’t have the breadth they used to have, so there’s not much choice left :(
I see. Lemmy is my first introduction to a decentralized, open source social media platform, and I’m just so excited about all the possibilities federation can provide.
I admin a decent sized facebook group, at 10.8k members currently.
Luckily, the facebook group is specifically for people living in a certain geographical area. As such, I am able to make questions, only somebody living in the area would know.
You would be surprised, there are LOTS of spammers who answer all of the questions. (Just- getting the wrong answer on the area-specific questions)
Duct-cleaning spam has been a real problem. lmao.
deleted by creator
Honestly- I am surprised to find as much spam/scam/etc… on a facebook group whose purpose is… well, related to a small area in a midwestern town…
Also- I constantly regret taking on moderation and administration of this group. Moderating facebook sucks. :-/
10k is a lot, very juicy target for spammers.
Wait what’s the difference between the suggested auto block and you historically blocking instances without applications? Is there other criteria you use to determine the block?
Not saying I know the answer, just curious.
chatgpt.
Despite all the hype about these things being able to solve all the worlds problems, they can’t answer a series of contextual questions.
Boom. Roasted.