LemmyNet

130 readers

1 users here now

A community about Lemmy and related projects: https://github.com/LemmyNet

founded 2 years ago

MODERATORS

Pekka

❗️Admins: REQUIRE E-MAIL VERIFICATION OR A CAPTCHA FOR REGISTRATION (i.ibb.co)

submitted 2 years ago by Pekka to c/about_lemmy

1 comments fedilink hide all child comments

cross-posted from: https://lemmy.cat/post/6385

It is currently possible, through Lemmy's API, to create accounts automatically and without limit if verification by email address or captcha is not activated. I'd advise you to activate one or both of them NOW!

After registering x number of accounts (currently I could do thousands), all you have to do is list all the existing communities for each of the account to publishes one new post per community, or more. I'll leave you to picture the mess.

(I apologise to the administrators of sh.itjust.works, I should have done the test with my own server.)

top 1 comments

sorted by: hot top controversial new old

[–] Pekka 2 points 2 years ago

I too played a bit with the API today and it is very easy to do everything that a user can do as a Lemmy Bot. So please take this into account when securing your Lemmy instance.

We can also use this power to protect our users. For example a bot could send a welcome message with a link to the instance rules, the first time a user comments or posts on the instance.