Email or username:

Password:

Forgot your password?
dansup

I'm aware of a certain Pixelfed instance being targeted by spammers and used to deliver spam to accounts across the fediverse.

The same thing happened with Lemmy last summer, and was caused by a dangerous config cocktail:

- Open Registrations

- No email verification

- Less active moderation (waiting to get reports rather than finding this from paying closer attention)

There are some things I can improve in Pixelfed, but these 3 are dangerous when used together!

7 comments
Qazm

@dansup Do you currently show a warning when those two options are set together?

DELETED

@dansup @pixelfed you’re doing great work on this instance stuff Dan. Any news on the iOS app, TestFlight has 30 days till builds run out, so is the app now submitted to App Store ? Keep up the great work, you get my support all the time

sfunk1x

@dansup Is there a legitimate use case to allowing open signups AND no email verification as a configuration combination?

David Fleetwood - RG Admin

@dansup You just need to code up some better admins and federate them!

Alison Meeks

@dansup On what day is no email verification a good idea?

Colto Fox

Hi @dansup, as a preventative measure I noticed the feature below was announced.

mastodon.social/@pixelfed/1117

But how do we enable it?

SpaceLifeForm

@dansup

BoostBot Farms R US. That is what will happen.

Yes, you can defederate, but in the meantime, you still get to play whack-a-mole.

Go Up