I looked at the lemmy stats again today like the last few days (since the 1st of July), apparently tonight there has been another wave of bot signups.:

Lemmy: 1,555,395 overall users (+ 2363)
Kbin: 55,201 overall users (+ 433)

Active last 30 days:
Lemmy: 56,859 users (+ 1142)
Kbin: 55,099 users (+ 331)

^ 2023-07-02 20:15:00 CEST

Lemmy: 2,179,081 overall users (+ 623686, bots)
Kbin: 55,863 (+ 764)

Active last 30 days:
Lemmy: 59,438 (+ 2579)
Kbin: 55,532 (+ 433)

^ 2023-07-03 13:30:00 CEST

Of course “tonight” refers to tonight in central european summer time so it probably was more middle-of-the-day for you.

If you go to the site I linked at the beginning and sort by “Total users” you can see instances with 80000 users and 1 active user for example.

Open signups should be prohibited and affected instances should do something against the botted accounts or defederate. New instances should at the very least start using captchas and email verification.

  • Talaraine@kbin.social
    link
    fedilink
    arrow-up
    25
    ·
    1 year ago

    How have they not even enabled Captcha at this point? There’s been warnings and charts pasted all over the place?

    • hoshikarakitaridia@lemmy.fmhy.ml
      link
      fedilink
      arrow-up
      19
      ·
      1 year ago

      Development issues

      They enabled it, it was broken and the implementation sucked, so they removed it again. But hey if you are pissed about it, feel free to help - you can fork the GitHub project and then fix it yourself :)

      Also remember everyone working on it is volunteering. Cut them some slack, all of them have normal jobs as well.

      • okawari@kbin.social
        link
        fedilink
        arrow-up
        21
        ·
        1 year ago

        I host a bunch of websites for normal small businesses many of them have contact forms and all of them have captcha.
        We’ve seen a steady rise in spam that gets through it over the last year or so. I don’t have any concrete numbers at hand, but we’ve heard from customers that they used to get a few spam replies once in a while before but get 10-20 a day over prolonged periods of time now.

        I wouldn’t be surprised if we’re aproaching a point where computers are better at solving captchas than human.

        • admiralteal@kbin.social
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          If you really want to see this, go try to make a post on 4chan.

          They have a captcha system that’s so hard to solve I think that a significant percentage of people probably simply fail to get through it. There are browser extensions and stuff to help solve it that actually prove it’s easier for a robot to figure it out than a human.

        • phosphorik@kbin.social
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Traditional captchas have been easier for computers than humans for a while. I imagine these “pick all matching” captchas aren’t far behind.

          • genoxidedev1@kbin.socialOP
            link
            fedilink
            arrow-up
            9
            ·
            1 year ago

            The main reason to do captchas nowadays is to keep the door closed. Of course they do not deter more expert-ish people, but opportunity “hackers” aka script kiddies. If you’re not using captchas you’re just inviting them to run a script on your site. Big sites use captchas, there’s no reason for the fediverse to not use captchas. We don’t need to be “special” in regards to security.

            • saplyng@kbin.social
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              That’s why I always liked the captcha that Genshin had on login, just sliding the puzzle piece onto the correct part of the picture. Very easy for a human, has the basest of security against lazy bots.

          • PabloDiscobar@kbin.social
            link
            fedilink
            arrow-up
            7
            ·
            1 year ago

            Which is funny because these captchas are designed to train an AI, like self-driving cars. So the AI is now training itself, ready for a big divergence.

    • genoxidedev1@kbin.socialOP
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      That account is just outrageously blatant, I would have given them the benefit of the doubt if it was just one article, although I still would have been very cautious of my doubt, but they posted 6 of these type posts

  • Chozo@kbin.social
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    How is it known that these are bot accounts? I’m not doubting you, just curious how you discerned that.

    • ralC@lemmy.fmhy.ml
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      Because they are not active. Some people could make an account and not bother using it, but not that many, that quickly.

      • Chozo@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Perhaps, but how do we separate inactive bot accounts from inactive accounts by people who are checking out what all the commotion is after the Reddit fiasco and just lurking in the new spaces? I feel like that’s a really inconclusive data point right now.

        • genoxidedev1@kbin.socialOP
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Probably by the amount of account creations per IP. That would at least be the simplest way. I can understand having alts or inactive accounts but those aren’t the problem, the bots account for probably around 85% or so of accounts by now.

  • NotAPenguin@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    It might be more bots but could also be redditors jumping ship now that 3rd party apps are actually dying.