Lemmy.World Announcements @lemmy.world lwadmin @lemmy.world 1 yr. ago

Temporary Changes to our Sign-Up Policy

Lemmy.world is temporarily disabling open signups and moving to an application-required signup process, due to ongoing issues with malicious bot accounts.

We know this is a major step to take, but we believe that it’s the right one for both us and our community right now.

We’re working on a better long-term technical solution to these bots, but that will take time to create, test, and verify that it doesn’t cause any problems with federation and how our users use our site, and we’d rather make sure we get it right than have a site that’s broken.

We’re making this change on 28 Aug 2023, and don’t have a specific timeline for how long registrations will require an application, but we will post an update once our new anti-abuse measures are in place and working.

Take care, LW Team

173

173 comments

You gotta do, what you gotta do!

Thanks as always for the hard work and transparency.
Whew, I'm glad I got in before this or my fellow homo sapiens might not have noticed I was also a fellow homo sapiens like them and definitely not a robot.
No place is safe from this, unfortunately. I moderated 2 big brazilian subreddits, and then decided to volunteer to help a smaller one. I had a day (and to be honest, an entire week) absolutely ruined when somebody did indeed set a bot to post large amounts of CSAM to the subreddit. Luckily I was online to quickly purge it all, and Reddit's admins did remove the accounts pretty much instantly, but I feel for every Lemmy admin that even caught a glimpse of this material and now have to purge their computers and honestly, their minds, from that. Sorry to hear it happened.
Hope it restricts the attack surface, why do people have to be such knobs
Good hope the child porn posting stops with that.
Looks like even this place couldn't keep it up. Unfortunate. Thanks admins for the transparency though.
Good call. Thank you for doing what you need to do to support the site and protect the users as necessary. And as always, the honesty and transparency is appreciated.
Permanently Deleted
I think it's the right call honestly. We've grown so quick that it must be hard to manage by now.
Thanks for all the work you do! It isn’t unappreciated.
Hope it helps with the recent abuse.
https://github.com/bumble-tech/private-detector

Do you guys think this could help? I remembered reading bumble open sourced their image detection system.
If you could give me the numbers of new accounts monthly I would look into CloudFlare. If I can afford it I will even pay for it.
I don't blame you for taking that decision. But it's sad that this will deter legitimate users away, some of whom would've signed up otherwise.
I guess I'm out of the loop, perhaps because I mostly browse communities I subscribed to, but...

What happened? Lots of spammy bots signing up and spamming the site? I guess I didn't notice where I was looking

Also, what does application based sign up mean?

Anyhow, Lemmy.World and Lemmy (in general) are growing nicely, so what's needed to defend them is cool.

Edit: fixed grammar
Is image posting temporarily turned off for lemmy.world users too?

Since last night, I've been unable to post (tested in memes@lemmy.world, memes@lemmy.ml, and lemmyshitpost@lemmy.world). Switched to an alt account on a different instance and had no issue.

(getting JSON error: unexpected character at line 1 column 1)
I vote for tribunals.
Glad to hear. Obviously this is less than ideal, but working towards solutions is what's important.
Will this make it easier to reopen federation with instances that were concerned about abuse of our open sign up policy? (or was the issue with beehaw resolved while I wasn't looking?)
Does this mean Beehaw will refederate?
As long as users from allied instances can still post it is all good.
Better to semi restrict sign ups so the experience is improved for everyone. When those security issues have been fixed we can open up again. Seems fair
Beep Beep. Thank you for the update.
Permanently Deleted
Lemmy.world users were mostly upset 2 months ago about how other Lemmy servers had application based registration and that made it bad for widespread adoption.

Incidents like this are part of why this is a bad idea. Hopefully mitigations to maliciously posted illegal content can be implemented to help Lemmy server admins big and small.
Very understandable, keep up the work!
Bummer, but I hope you can find a solution soon! What a PITA for you all.
Thank you so much for doing what it takes to control bots. Much appreciated!
Sounds like a plan! It's a 100% beneficial thing, it should clean it up a bit.
Good. If this is what it takes to overcome the issue then it's fine. Sucks for the real users but they also have alternatives.
Thank you!
Update: we opened registrations again but temporary email addresses will still be banned.
I'm actually advocating for something in between: having a open registration weekend on a set time every month, and registration applications the rest of the time.

It solves both problem of having too many applications to deal with, and makes it a lot harder to create spam accounts since the time surface is reduced significantly.
IMO registration applications should have been in use right from the start. Less annoyances for admins and moderators.
There are too many posts on this site linking back to reddit.

You guys need to program reddit URL in your site code to have it blocked from being posted, make it scramble url or block it.
Wasn't the argument for having open sign-ups that some Lemmy apps redirect straight to Lemmy.world for registration?
I approve because I'm a hipster and as a senpai I like to shit on newb kouhai.

You've viewed 173 comments.