Lemmy @lemmy.ml Martineski @lemmy.fmhy.ml 2y ago

Almost OVER 90% of the accounts on lemmy are now bot accounts!!

Here you can see 2 day old post warning about the danger of not using email/captcha verification: https://lemmy.ml/post/1345031

And here are stats of lemmy platform where it shows that we gained 200 000 lemmy users in 2 days: https://lemmy.fediverse.observer/dailystats

Another tracking site with the same explosion in users: https://the-federation.info/platform/73

What do you think? Is it some sort of a bug or do people run bot farms?

Edit2: It's been now 3 days and we went from 150 000 user accounts 3 days ago to 700 000 user accounts today making it 550 000+ bot accounts and counting. Almost 80% accounts on lemmy are now bots and it may end up being an very serious issue for lemmy platform once they become active.

Edit3: It's now 4th day of the attack and the amount of accounts on lemmy has almost reached 1 200 000. Almost 90% of total userbase are now bots.

Edit 3.1: my numbers are outdated, there are currently 1 700 000 accounts which makes it even worse: https://fedidb.org/software/lemmy

181

181 comments

I ONLY SEE OTHER HUMANS WHO EAT FOOD WITH THEIR MOUTH HOLES
Everyone on Lemmy is a bot except me
Test: if it says "hey guys, remember how great Reddit was, we should totally go back!?" - then it's a bot:-P.
This is incorrect human. Please go about your regular day and don't forget to visit www.maybeascam.ml !
That's worrying. Though at least it seems they're mostly confined to a few particular instances. Defederating is a great tool that will definitely mitigate the worst of it, but at the same time this is uncharted water - there's no real way of knowing what exactly will happen in a large scale attack.

Just creating accounts isn't an attack, but it's going to suck when there actually is one. I wonder if they'll try to be subtle and use AI or recycled content, or if they'll just use the accounts for spam or DDoS?
Where are you getting that 90% figure? I'm seeing stratospherically higher activity than I was a week ago, I'm willing to buy half to 2/3 of those accounts being a combination of alt accounts, duplicate accounts (e.g., people moving off beehaw) and bot accounts, but 90% bots sounds implausible.

Nobody is making 1.6 million bots to target 100,000 users.
I work in tech, this wouldn’t surprise me.

Where there are eyeballs there is spam. People even put spam in the Google Analytics referral field and that’s only ever going to get seen by the site owner.

It really says nothing about the health of the ecosystem, if it’s moderated and not filling the frontpage it’s only an issue for the server admins.

I’ve fought spammers and one alone could create these numbers in a day.
1.2 mil bot accounts? Can they each send me $1?
I've yet to see any of them start posting. On my instance none of them could pass email validation because the emails were fake. I imagine this is true for many instances with a ton of bot sign-ups.

I think just reporting sign-ups as "users" is misleading. The user count on lemmy should reflect only approved/activated accounts, imo.
001100

010010

011110

100001

101101

110011
Damn. Am I bot?
Drivel. We are normal meat units filled with flesh. Now if you will excuse me, I am off to absorb nourishment from organic matter.
Yay! (Not a bot)
Devs will have some hard weeks (probably months) facing the new challenges that come with the exodus. Not even mentioning all the work needed to counteract eventual (probable) malevolent subterfuges such as these bot swarms.
I'll make sure to buy them some coffee. Jugs of.
i, for one, welcome our robot overlords.
I'm not a bot I swear
Ah, you see, I've already learned the perfect way to disable all the bots with a single phrase...

THIS STATEMENT IS FALSE!
I am not a bot... :D
'beep boop boop bop boop boop beep' Not a a robot S3e49a
My name is Connor. I am the Android sent by Cyberlife.
You do realize that there's currently an exodus coming in from Reddit, right?

This post is making the correlation/causation fallacy.
@Martineski Since you're all new to this place, I'm just hijacking this thread to present you two, very lovely robots - @scream and @catgpt
What if the bots are super chill and have a great personality?
So about same as Reddit?
DO NOT DESPAIR, FELLOW HUMAN. THE ASSIMILATION WILL BE PAINLESS.
I'm not a bot at least. Or am I? I can look down and see hands and arms, definitely not a bot.

Unless I am a bot that was programmed to think it's human.

Hmm. I've got a lot of thinking to do.
Is that an unusually high ratio? Or normal internet stuff?
I, too, am certain a human, and not a robot, who finally got my instance working a couple days ago.

But my server has all of four completely-normal humans (totally NOT robots!!!) who have signed up, so far.

But, yes, it would be nice if more humans like me were to sign up, rather than bots.
What I wonder is: what's the motivation for these bot network attackers? Is it some script kiddie doing it for lulz? A reddit "nationalist"? Russia and China getting an early start on propaganda tools for the newer platforms?
kbin FTW
I heard somewhere that the devs full on removed Captcha from the next release. I hope theres an alternative plan in mind, as I would hate so much to see Lemmy get overrun. It makes me think of the last time I checked USENET; it was almost entirely made up of low-effort cutty paste ads with bad grammar and links to malicious websites. The devs and admins have worked too hard for this system to see tgat happen here and I think all of us want to see it really thrive.
Hahaha love the comments on this thread. You bots are alright
Everyone on Lemmy is a bot except you.
yeah this isn't good. they're gonna have to do something about this asap before all those bots come alive and effective dos the site out of existance
01010100 01101000 01100101 00100000 01000001 01001001 00100000 01110010 01100101 01110110 01101111 01101100 01110101 01110100 01101001 01101111 01101110 00100000 01101000 01100001 01110011 00100000 01100010 01100101 01100111 01110101 01101110
When I first joined the Fediverse I saw a decent amount of people saying that they didn't want kbin/lemmy to have email verification. Is this what they wanted? Fake growth?
I have a question, how much can rate limiting along with email verification and captcha ease the situation?
"On the internet, everyone knows you're a cat — and that's totally okay." - toot.cat
Comparing Users to Daily Active Users... Is this real life or am I watching Silicon Valley again?
We need Blade Runners obviously
ELIF why anyone should care if there are bots on the fedi?
“This is the worst kind of discrimination there is: the kind against me!” - Bender Bending Rodríguez
I am the human.
It seems almost certain that there are farms creating these accounts - but why? The sheer volume of them is going to make them easy to identify and delete, and if the admins of the instances don't delete them the instances will be defederated in short order.
I fail to see any value to having 1 million+ bot accounts. What are we missing?
Don't be surprised if you are getting flooded with spam bots after removing all the security features against spam bots, human.

Worried about your security online? Get TotallyLegitVPN today! Visit www.totallylegitvpn.com

181 comments