So some spam signups just happened (all username12345678@gmail.com format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn’t work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let’s see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn’t that fast in unblocking the domain. Closing signups again because validation mails aren’t sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

  • Philip@endlesstalk.org
    link
    fedilink
    arrow-up
    4
    ·
    2 years ago

    I ran into the issue on my instance as well, but checking the Captcha option in admin settings, stopped the signups for me.

  • halo5@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    I’ve run into this issue with some of my servers in the past and it’s a real PITA to deal with because not only do you have to mitigate the issue, but then you have to make requests to get de-blacklisted, etc. I finally got sick of it all and installed a Barracuda spam firewall in front of the mail server. I have MUCH easier control over IMAP/SMTP now.

      • halo5@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        I was vaguely aware of that, but I’m very glad that you posted this link because I didn’t realize that it was this serious and that it hasn’t been patched! My unit is completely up-to-date with firmware and patches, but I can’t find an actual list of affected models ANYWHERE! I’ve taken a cursory look at my system and it doesn’t appear to be compromised, but I emailed Barracuda for additional info. Thanks for this!

  • EvilMonkeySlayer@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    User on kbin here, just tried to sign up to lemmy.world… looks like everything crashed and burned when tried to sign up there.

  • Chaos@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    Becareful with this. There’s a clear trend of massive amount of bot accounts flooding lemmy as a whole

    • Ruud@lemmy.worldOPM
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      No target. I will keep this open as long as it’s possible. It’s up to others to start as many Lemmy instances as possible, and the Lemmy devs to create a better join-lemmy with a rotating ‘recommended server’ preferring smaller instances. But that’s difficult. Because you also don’t want 1000 users to land on someone’s Raspberry Pi instance without backup which they can just stop if they get bored of it. Same issue goes for Mastodon as well… but that’s being worked on.

      • SSTF@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        2 years ago

        Tangential question but it’s been on my mind. Should mods be encouraging images to be posted on outside image hosting services (Imgur or something) to reduce the load on Lemmy.world? I actually don’t know how much images affect the server.

        • Ruud@lemmy.worldOPM
          link
          fedilink
          arrow-up
          1
          ·
          2 years ago

          Nah… It’s only 27GB of images right now. I have around 800GB space, and can have disks (cheap HDDs in case of images) added to the server. Also pictrs will support S3 in the newer version. But good that you’re all thinking with me!

  • rastilin@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    2 years ago

    Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using… then it reports success but doesn’t actually create the account or send an email. Spam problem over.

  • Limeey@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    2 years ago

    FYI 18.0 does not have captcha according to release notes. May want to delay upgrade until 18.1? Or institute a stricter signup like requiring email verification? just wanted to mention it

    • Ruud@lemmy.worldOPM
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      Yeah we use e-mail verification, but the problem was that the spam signups used fake gmail addresses resulting in the mail domain to get blocked. So we’ll wait until 0.18.1

  • fsk@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    2 years ago

    I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as “What is 2+3?” and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

    • lwuy9v5@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      2 years ago

      fwiw - there’s always an arms race between spammers and people trying to not get spammed. It’s often better to use off-the-shelf captcha’s or something as there are people who are able to put a LOT MORE resources into it (like Google, who has billions of dollars on the line to prevent ad-fraud and identify bots)

      • fsk@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        I used a custom captcha for my personal WordPress blog. It eliminated all the spam. (Fun fact: The spammers know how to work around most anti-spam WordPress plugins. If you roll your own, they aren’t going to update their spambot for one blog.)

        I also used a custom captcha at work. We couldn’t use 3rd party filters because it was marking our customers’ comments as spam! The custom captcha also eliminated all the spam.

        There’s also a problem with using 3rd party spam services. You have to give them all your data. You also usually have to pay for it, which can be a problem when you’re working for people with a tiny budget.

  • RandAlThor@lemmy.ca
    link
    fedilink
    arrow-up
    0
    arrow-down
    4
    ·
    2 years ago

    I am from Lemmy Canada. I have noticed that when I come to a community hosted on Lemmy World I am often signed out. Do I need to sign up here to participate?