So, lemmy seems to be flooded with spam bot accounts at the moment. Look through the table of servers on fedidb (https://fedidb.org/software/lemmy) and notice how there are these huge instances without any active users (MAU).
Also notice how startrek.website has 9000 users for 276 active users this month.
From memory, when I signed up, there was no email requirement or captcha or anything.
Admins … maybe you want to tighten things up?
Just a quick update for everyone, yes OP is right and a bunch of bots signed up. We’ve purged them from our user count and enabled CAPTCHA. Email verification is coming soon as a secondary deterrent.
For the record nobody told us that it’s not safe out here. We were aware that self-hosting was wondrous, with treasures to satiate desires both subtle and gross; but has NO IDEA that it wasn’t for the timid. 😉
Ooh … how did you purge them from your user numbers? Many other admins might not know how to do that … maybe worth sharing?
We deleted them from the
local_userdatabase table outright based on some sketchy shared attributes, and then manually updated the user count insite_aggregatesto the correct figure so our stats wouldn’t look so sketchy.Pretty simple for anyone comfortable in SQL who knows where to look (a helpful user DM’d and gave us a hand here), but not something anybody should try willy nilly if they don’t know what they are doing. Editing production data on the fly is not to be done casually.
There are pricy probably admins who might appreciate this, as dangerous as it is.
Care if I post it into the lemmy community or even made the support community?
Sure, go for it.
Include a mention that even running queries against the database won’t necessarily be easy if you don’t know what you’re doing. where it is located and (separately) how best to access it will depend on how it was installed.
Just a member here, but given the recent rapid growth in the past 10 days as folks migrate over from a 600k subreddit (myself included), and the normal 90% lurker rule-of-thumb, this is actually a fairly reasonable monthly active user ratio.
I genuinely understand the concern to avoid bots and trolls, but have admins in other instances actually documented a significant number of bots originating through this instance?
There is some Verified Suspicious ActivityTM. We’re hoping to get it sorted out soon.
Thank you for your care of this place, and due diligence.
With the instance growing so quickly, aggregate stats can flag but are vulnerable to aliasing.
I very much appreciate the path to lemmy membership that you offered to us in the final hours before many of the subreddits went dark.
The there is a ratcheting chain of new members to this and other Lemmy instances is still happening. I have the sense that there’s still a lot of private chat on Reddit as folks looking for a new place to be are enquiring of those who’ve already migrated.
All to say, when it is sorted, it would be great to have an updated sticky with the details so those of us here can support the less tech adept among us make the transition.
You have a point, especially as lemmy defines “active” as a user that has at least posted once within the relevant time period. So yes, lurkers definitely wouldn’t count toward the active user count (mastodon and the like use different metrics AFAIU).
‘Posted’ is even a higher bar than ‘commented’, a 10th of a 10th.
Not to say that there isn’t a need to filter out sockpuppets and bots at signup, but rather that the inference being made from the stats was not obvious.
Yea I’m unclear on whether commenting counts as being active. I would guess that it does.
