Spammers have registered hundreds of random 5 digit accounts on pixelfed.social by using the in-app registration APIs.

None of the accounts were able to verify email address or become active thanks to the magic app links.

I recommend disabling this with `PF_ALLOW_APP_REGISTRATION=false` until we put in place more rate limits to these endpoints. #pixelfed