this post was submitted on 18 Jun 2023
14 points (100.0% liked)

Lemmy

12531 readers
11 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
[email protected]
14
❗️Admins: REQUIRE E-MAIL VERIFICATION OR A CAPTCHA FOR REGISTRATION (i.ibb.co)
submitted 1 year ago by [email protected] to c/[email protected]
9 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.cat/post/6385

It is currently possible, through Lemmy's API, to create accounts automatically and without limit if verification by email address or captcha is not activated. I'd advise you to activate one or both of them NOW!

After registering x number of accounts (currently I could do thousands), all you have to do is list all the existing communities for each of the account to publishes one new post per community, or more. I'll leave you to picture the mess.

(I apologise to the administrators of sh.itjust.works, I should have done the test with my own server.)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

I was playing a bit with the API today and yea it might even be a bit too easy at the moment. You can easily use that army of Lemmy bots to upvote all your posts.

We should probably make it very clear in tutorials and setup guides that no email verification and no captcha is very insecure.

[–] [email protected] 1 points 1 year ago

Stupid of me, I hadn't thought about upvotes, but it's clear that this is perhaps the most "quiet" and dangerous type of abuse.