I have the application process enabled for people to join my instance, and I’ve gotten about 20 bots trying to join today when I had nobody trying to join for 5 days. I can tell because they are generic messages and I put a question in asking what 2+3 is and none of them have answered it at all, they just have a generic message.
Be careful out there, for all you small instance admins.
Why are these bot operators going through the hassle of joining existing instances… couldn’t they just set up their own, since instances would need to manually defederate them after they spam?
I wonder how difficult it would be to take a Formspree-style approach to combat the bots, using a hidden form field
Because you can’t make thousands of spambots on your own instance because as you noted it’d take about 5 minutes to defederate and thus remove all the bots.
You want to put a handful on every server you can, because then your bots have to be manually rooted out by individual admins, or the federation between instances gets so broken there’s no value in the platform.
And for standing up more instances, you have to bear the cost of running the servers yourself, which isn’t prohibitive, but more than using bots via stolen/infected proxies (and shit like Hola that gives you a “free vpn” at the cost of your computer becoming an exit node they then resell).
Also, I’m suspicious that it’s not ‘spam bots’ in the traditional sense since what’s the point of making thousands of bots but then barely using them to spam anyone? My tinfoil hat makes me think this is a little more complicated, though I have zero evidence other than my native paranoia.
