Hello everyone,

Recently we have been dealing with a lot of spam from the kbin.social communities. There is a bug in kbin where moderation tasks are not federated to other instances. That means even if a moderator over at kbin removes a post, it will still be visible on Lemmy instances and it’s up to the instance admins to clean it up.

There have been talks about this in the Lemmy admin channels with some instances considering defederating from kbin.social - and others who have already made that step.

We don’t want to defederate, because we know this would impact the kbin community greatly - but we have to do something. That’s why we have currently removed most of the kbin communities from Lemmy World, making them unavailable to our users. But the kbin users can still view and interact with our communities and users.

This means that those spam-accounts will stil be able to post in our communities too, but at least it makes the task of moderation already a little bit lighter on our team. But it was either this or defederation. The moderation tools on kbin are in an even worse state then Lemmy’s.

We will keep monitoring the situation and will keep you up to date should anything change.

We hope you understand and support our decision.

The Lemmy World team

    • It’s a start, but 2fa can’t stop spam.

      If one can automate account creation including saving totp secrets, you suddenly have 2fa authenticated bots able to send spam.

      Maybe you could get around that to some extent by leveraging sms verification during account creation, but how do you set that up to prevent burner numbers? Or smishing?

      These are hard problems to address

      • @elscallr@lemmy.world
        link
        fedilink
        71 year ago

        Not to mention there are a lot of fediverse users who moved here because they didn’t want to give away personal information like their email and phone number.

      • @Venat0r@lemmy.world
        link
        fedilink
        21 year ago

        Also a lot of real people might want to sign up without needlessly giving away personal information like thier phone number…

        Here’s one (possibly dumb?) idea I just had: implement a shadow ban for a period on new accounts so moderators can check what they’re posting before they’re allowed to post.