The vast majority of the instances in that screenshot have known jumps from 1~50 users to tens of thousands in less than a day. These instances also happen to not require a captcha on sign up.

It may very well be that instance owners are innocent as some have really been victims of bot attacks and simply forgot that you could enable captchas for sign-ups, nevertheless I think instance directories like Lemmyverse.net should start disincentivizing anyone from inflating his own instance with tens of thousands of bots in order to get on top of those “leaderboards”.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    That’s certainly another theory why these bot accounts don’t actually seem to do anything (so far). But it doesn’t fit to the picture that lots of naive instance admins seem to ask for help against this.

    I am starting to think that it is either some test run or a greyhat that wants to force instance admins to improve registration security before actual bad actors exploit them.