So some spam signups just happened (all [email protected] format e-mail) This caused bounced mail to increase, causing Mailgun to block our domain to prevent it getting blacklisted.

So:

  • Mail temporarily doesn’t work
  • I closed signups for now
  • I will ban the spam accounts
  • I will check how to prevent (maybe approval required again?)

Stay tuned.

Edit: so apparently there is a captcha option which I now enabled. Let’s see if this prevents spam. Registrations open again.

Edit2 : Hmm Mailgun isn’t that fast in unblocking the domain. Closing signups again because validation mails aren’t sent

Edit 3: I convinced Mailgun to lift the block. Signups open again.

  • Philip@endlesstalk.org
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    I ran into the issue on my instance as well, but checking the Captcha option in admin settings, stopped the signups for me.

      • Ruud@lemmy.worldOPM
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I did it in the database, so if you can access your database I can assist.

        • aranym@lemmy.name
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          My instance also experienced this. I’m the only active user (I made it a day ago), but the user count is up to 2K now. It stopped after I enabled captchas, but I want to remove these spam accounts so they don’t cause issues elsewhere.

          I don’t even have a slight clue as to what I should look for in my database.

          • darkfoe@lemmy.serverfail.party
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            If you haven’t figured it out yet or got a response yet, hop onto the instance admin group on matrix for Lemmy (details are on the GitHub or join Lemmy page somewhere I believe) and one of the many other folks running instances can probably walk you through it

  • Sorenchu@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Sounds frustrating. Thanks for doing what you do and letting us join your server! Hope the captcha works out.

  • rastilin@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Last time a website I was managing was bombarded with spam signups, I set up a regular expression to check for the incredibly distinctive format the spammers were using… then it reports success but doesn’t actually create the account or send an email. Spam problem over.

  • fsk@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I solved this problem once. What you do is have a custom captcha that you code yourself. It can be as simple as “What is 2+3?” and have 10-20 questions that you rotate between. Most spammers will be too lazy to update their spambot.

    • Sir_Kevin@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I made one that phrased it as “The sum of 2 and 3”. Weeds out bots and less sophisticated people.

    • lwuy9v5@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      fwiw - there’s always an arms race between spammers and people trying to not get spammed. It’s often better to use off-the-shelf captcha’s or something as there are people who are able to put a LOT MORE resources into it (like Google, who has billions of dollars on the line to prevent ad-fraud and identify bots)

      • fsk@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I used a custom captcha for my personal WordPress blog. It eliminated all the spam. (Fun fact: The spammers know how to work around most anti-spam WordPress plugins. If you roll your own, they aren’t going to update their spambot for one blog.)

        I also used a custom captcha at work. We couldn’t use 3rd party filters because it was marking our customers’ comments as spam! The custom captcha also eliminated all the spam.

        There’s also a problem with using 3rd party spam services. You have to give them all your data. You also usually have to pay for it, which can be a problem when you’re working for people with a tiny budget.

  • halo5@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I’ve run into this issue with some of my servers in the past and it’s a real PITA to deal with because not only do you have to mitigate the issue, but then you have to make requests to get de-blacklisted, etc. I finally got sick of it all and installed a Barracuda spam firewall in front of the mail server. I have MUCH easier control over IMAP/SMTP now.

      • halo5@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I was vaguely aware of that, but I’m very glad that you posted this link because I didn’t realize that it was this serious and that it hasn’t been patched! My unit is completely up-to-date with firmware and patches, but I can’t find an actual list of affected models ANYWHERE! I’ve taken a cursory look at my system and it doesn’t appear to be compromised, but I emailed Barracuda for additional info. Thanks for this!

  • Chaos@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Becareful with this. There’s a clear trend of massive amount of bot accounts flooding lemmy as a whole

  • EvilMonkeySlayer@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    User on kbin here, just tried to sign up to lemmy.world… looks like everything crashed and burned when tried to sign up there.

  • Argyle13 @lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I was trying to open my account just when lemmy.world was closed earlier. When I pressed the button to create it I only got and enless “charging” animation. But when it reopened, I just started the process again, and was as easy as a breeze and extremely fast. Glad to be here! (and this is my first post)