this post was submitted on 18 Sep 2023
996 points (95.4% liked)
Lemmy.World Announcements
29034 readers
3 users here now
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to [email protected] e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email [email protected] (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hi - mod of a small kbin.social mag here - @13thFloor - and a lemmy.world user. Is there anything we can do on our end to help mitigate the problem, or make it easier to flag spam that makes its way to Lemmy? I'd be more than willing to include a note to the lemmy.world admins if a spam post is deleted off of a mag I mod here- just need to know who to contact.
Side notes - Ernest (kbin.social admin) just responded on the spam issue here. The community has been actively working over here to flag and remove spam accounts (I've personally flagged close to 100). According to the most recent news from @ernest earlier last week, we've got a software update incoming, and a magazine cleanup in the works that will hopefully make an impact.
Heya! Not really. It's just a few communities that are being spammed really hard, so only those are removed. I think the work you're doing by flagging these spam accounts is already very helpful to Ernest and his team. He himself was kind enough to join us in this thread and give us some more information. For now all we can do is wait..
Thank you for your patience and understanding :)
Hi - got a note from a user that @13thFloor isn't federated over there any more as of yesterday. Looks like @scifi, modded by @inkican, was as well. Was there a reason these communities were defederated?
Defederated is only on instance-level. A community can not be defederated, but it can be removed or purged. So far the only action we have taken is removing some of the Kbin communities (or magazines as they are called on kbin).
Your community is still available on https://lemmy.world/c/[email protected]
If you want to see which instances we are currently defederated from you can look that up here.
So no, we didn't block your community. But I do see some posts are not showing up on Lemmy World. Not sure why that happens, there haven't been any changes on our end. We will update to Lemmy 0.18.5 tomorrow which resolves some federation issues.
Edit: It actually was removed. now restored. Passed info to other admins.
Thanks for the update. I'm still getting the following error across multiple browsers when I hit https://lemmy.world/c/[email protected]:
Hoping it gets resolved with the update - was worried we'd screwed something up and gotten on your removed list.
Huh. I'm sorry I have to check what happened but the 13thfloor was actually removed. I must have missed the 'removed' tag earlier. I restored it and I'll make sure the other admins know not to remove that community. So it should be ok again.
Thanks much! That fixed it for the 13thFloor. FYI, looks like @scifi is still blocked, and they're generally pretty cool without spam issues.
Restored that one as well [email protected]
Awesome - thanks!
How is it so easy to create spam accounts with Kbin? What kind of account validation is implemented? Email? Enforced 2FA? Just a curious dev who hasn't started their own lemmy or Kbin instance yet.
There's just email verification at the moment. 2FA is on the roadmap, but I'm not sure if it will be in the next release. Here's the kbin codeberg site for more detail.
It's a start, but 2fa can't stop spam.
If one can automate account creation including saving totp secrets, you suddenly have 2fa authenticated bots able to send spam.
Maybe you could get around that to some extent by leveraging sms verification during account creation, but how do you set that up to prevent burner numbers? Or smishing?
These are hard problems to address
Not to mention there are a lot of fediverse users who moved here because they didn't want to give away personal information like their email and phone number.
Also a lot of real people might want to sign up without needlessly giving away personal information like thier phone number...
Here's one (possibly dumb?) idea I just had: implement a shadow ban for a period on new accounts so moderators can check what they're posting before they're allowed to post.
i like this one! seems smart.
When I signed up it was email + captcha. I cannot find even an option for voluntary 2FA.
I don't know the details but people who wanted to work on Kbin and looked into it say that it is a much less developed platform overall (i.e. not fully a beta and more like still in alpha, e.g. lacking a true API), but it does offer benefits socially (to further disconnect from the originators of the Lemmy software) and to have another codebase that offers federation.
Lemmy is also more of alpha-quality software. The admin tools are pretty much non-existent. On my own instance, I've had to go into the database to fix issues a lot using straight SQL, and I have like ten users on the platform. One of those issues caused my admin account to no longer being able to log in, another caused the whole instance to be down.
Oh that's interesting. Kbin lacks a formalized API (or at least it did - possibly this next update was going to address that and yet Ernst did say something about shifting priorities so maybe that's bumped now) so I got the impression that Lemmy was further along, but yeah they both have a ways to go to catch up to the decade or so of work put into Reddit. Although the latter manages to find new & innovative ways to break itself constantly anyways so maybe both Kbin and Lemmy will meet it somewhere in the middle sooner than we might think? :-P (and yet slower than most people would like I'm sure:-D)
Yeah it seems like it's grown organically from a POC, which I think is sort of what Lemmy did too. I feel like this concept is ripe for a platform which has been designed from the start then implement.