So some spam signups just happened (all [email protected] format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn’t work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let’s see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn’t that fast in unblocking the domain. Closing signups again because validation mails aren’t sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

    • Ruud@lemmy.worldOPM
      link
      fedilink
      arrow-up
      6
      ·
      2 years ago

      Yes the devs should do that. We’re currently discussing the the Lemmy matrix chat.

    • Dr. Moose@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      2 years ago

      Captchas are laughably easy to get around but they do work against dumb script kiddies which seems this attack is originating from.

  • Philip@endlesstalk.org
    link
    fedilink
    arrow-up
    17
    ·
    2 years ago

    I ran into the issue on my instance as well, but checking the Captcha option in admin settings, stopped the signups for me.

      • Ruud@lemmy.worldOPM
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 years ago

        I did it in the database, so if you can access your database I can assist.

        • aranym@lemmy.name
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 years ago

          My instance also experienced this. I’m the only active user (I made it a day ago), but the user count is up to 2K now. It stopped after I enabled captchas, but I want to remove these spam accounts so they don’t cause issues elsewhere.

          I don’t even have a slight clue as to what I should look for in my database.

          • darkfoe@lemmy.serverfail.party
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 years ago

            If you haven’t figured it out yet or got a response yet, hop onto the instance admin group on matrix for Lemmy (details are on the GitHub or join Lemmy page somewhere I believe) and one of the many other folks running instances can probably walk you through it

  • Sorenchu@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    2 years ago

    Sounds frustrating. Thanks for doing what you do and letting us join your server! Hope the captcha works out.

  • fsk@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    2 years ago

    I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as “What is 2+3?” and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

  • rastilin@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    2 years ago

    Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using… then it reports success but doesn’t actually create the account or send an email. Spam problem over.

  • EvilMonkeySlayer@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    User on kbin here, just tried to sign up to lemmy.world… looks like everything crashed and burned when tried to sign up there.

  • halo5@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    I’ve run into this issue with some of my servers in the past and it’s a real PITA to deal with because not only do you have to mitigate the issue, but then you have to make requests to get de-blacklisted, etc. I finally got sick of it all and installed a Barracuda spam firewall in front of the mail server. I have MUCH easier control over IMAP/SMTP now.

      • halo5@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        I was vaguely aware of that, but I’m very glad that you posted this link because I didn’t realize that it was this serious and that it hasn’t been patched! My unit is completely up-to-date with firmware and patches, but I can’t find an actual list of affected models ANYWHERE! I’ve taken a cursory look at my system and it doesn’t appear to be compromised, but I emailed Barracuda for additional info. Thanks for this!

  • Chaos@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    Becareful with this. There’s a clear trend of massive amount of bot accounts flooding lemmy as a whole

  • ThesePaycheckAvenging@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    Lucky me, I guess, since I use a masked email address that looks fake too (anon addy). I really dislike to give my email address when testing Reddit alternatives.

  • pragma@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    2 years ago

    OK that makes sense, I was trying to sign up and couldn’t figure out why everything was timing out. Sorry if my attempts looked like spam.

    edit: it still doesn’t work for me btw