The vast majority of the instances in that screenshot have known jumps from 1~50 users to tens of thousands in less than a day. These instances also happen to not require a captcha on sign up.

It may very well be that instance owners are innocent as some have really been victims of bot attacks and simply forgot that you could enable captchas for sign-ups, nevertheless I think instance directories like Lemmyverse.net should start disincentivizing anyone from inflating his own instance with tens of thousands of bots in order to get on top of those “leaderboards”.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    That’s certainly another theory why these bot accounts don’t actually seem to do anything (so far). But it doesn’t fit to the picture that lots of naive instance admins seem to ask for help against this.

    I am starting to think that it is either some test run or a greyhat that wants to force instance admins to improve registration security before actual bad actors exploit them.

  • AtaKe@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Damn, that certainly a spam attack. Maybe these bots were created to make the picture of “populated” fediverse for all people that escape Reddit. But in anyway they shouldn’t exist

  • RGB@lemmyfi.com
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    How would it benefit an instance to be on the top of the leaderboard. Having more people on your instance means higher server costs. The optimal situation is to have a small group of people on each instance but just more instances.

  • rysiek@szmer.info
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    The vast majority of the instances in that screenshot have known jumps from 1~50 users to tens of thousands in less than a day. T

    I think that’s taking it too far and jumping to conclusions. I cannot think of a single instance of an instance admin inflating their numbers with bot accounts or in any other artificial way, and I’ve been on fedi before it was called fedi.

    This is almost certainly external bad actors taking advantage of captcha-less open signups.