I'm aware of a certain Pixelfed instance being targeted by spammers and used to deliver spam to accounts across the fediverse.

The same thing happened with Lemmy last summer, and was caused by a dangerous config cocktail:

- Open Registrations

- No email verification

- Less active moderation (waiting to get reports rather than finding this from paying closer attention)

There are some things I can improve in Pixelfed, but these 3 are dangerous when used together!

6
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
ernmander

@dansup @pixelfed you’re doing great work on this instance stuff Dan. Any news on the iOS app, TestFlight has 30 days till builds run out, so is the app now submitted to App Store ? Keep up the great work, you get my support all the time

0
10mo
sfunk1x

@dansup Is there a legitimate use case to allowing open signups AND no email verification as a configuration combination?

0
10mo
David Fleetwood - RG Admin

@dansup You just need to code up some better admins and federate them!

0
10mo
Alison Meeks

@dansup On what day is no email verification a good idea?

0
10mo
Colto Fox :colto_owo:

Hi @dansup, as a preventative measure I noticed the feature below was announced.

mastodon.social/@pixelfed/1117

But how do we enable it?

0
10mo
SpaceLifeForm

@dansup

BoostBot Farms R US. That is what will happen.

Yes, you can defederate, but in the meantime, you still get to play whack-a-mole.

0
10mo
Replies