cross-posted from: https://lemm.ee/post/177673

Cross posting this here for visibility since lemmy.ml federation has been very hit or miss the last week. Original post from @[email protected]

Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

  • Open sign-ups
  • No captcha
  • No e-mail verification

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

  1. Close sign-ups entirely
  2. Only allow sign-ups with applications
  3. Enable e-mail verification + captcha for sign-ups

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.

    • NetHandle@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      It’s the new form of marketing really. Ads aren’t super effective anymore as they’ve reached saturation and are showing severely diminished returns, so the next thing you can do is to create bot posts in the form of ‘product testimonials’ similar to what a person would see on amazon reviews, but from a source they’re more likely to trust such as a subreddit comment chain.
      Ie. Initial: I use [product], going on 15 years etc.
      Reponse: I use it too works great.
      Alt response: I use [diff. product], its cheaper but works the same.

      The “buy it for life” subreddit was full of them.

      Of course it gets a little more inisidious when it’s not just used for pushing products, but instead pushing ideas or propaganda. It’s commonly referred to as psyops, and they try to maintain a steady presence on any popular online forum. It was a big problem on Tumblr for a long time before Reddit.

      Also news post bots are super common, they want to generate traffic to their news sites, as that is their source of ad revenue. Lots of ad revenue related bots making posts to generate site traffic. Some of it’s not the worst thing to have, creates something of a newsfeed and a lot of it is already present here or on Mastodon.

      It becomes problematic when you have very biased news organizations and they’re allowed to use bots to upvote their news articles with impunity so all you see is biased news, it circles right back around to psyops.

      Also ad revenue fraud is something that happens a lot. Ad engagement with a bot that is meant to simulate a user browsing the site and clicking on an ad so that the person hosting the ads gets paid by the person who put the ad up. Sometimes it happens on entirely fake websites with entirely fake traffic, its much easier when you dont have to fake all the traffic and just the ad engaging traffic, as it adds legitimacy to the website. I wouldnt be surprised if a good portion of Reddits revenue is from ad fraud. It would go a long way to explaining why traffic was down only 6% during blackouts, if a large portion of the 94% remaining traffic was ad engagement bots.

    • Mereo@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It comes to the territory. When you’re progressively getting bigger, you’re bound to get attacked.