Here you can see 2 day old post warning about the danger of not using email/captcha verification:
https://lemmy.ml/post/1345031
And here are stats of lemmy platform where it shows that we gained 200 000 lemmy users in 2 days:
https://lemmy.fediverse.observer/dailystats
Another tracking site with the same explosion in users: https://the-federation.info/platform/73
What do you think? Is it some sort of a bug or do people run bot farms?
Edit2: It's been now 3 days and we went from 150 000 user accounts 3 days ago to 700 000 user accounts today making it 550 000+ bot accounts and counting. Almost 80% accounts on lemmy are now bots and it may end up being an very serious issue for lemmy platform once they become active.
Edit3: It's now 4th day of the attack and the amount of accounts on lemmy has almost reached 1 200 000. Almost 90% of total userbase are now bots.
Edit 3.1: my numbers are outdated, there are currently 1 700 000 accounts which makes it even worse: https://fedidb.org/software/lemmy
Testing, I'd guess. Experimenting with hardware configurations, software configurations, bot configurations. Testing rate limits, looking for exploits, etc.
We can tell when they pile 1 million bots onto 5 servers all at once. Will we tell when they pile 100,000 across 10 servers over the span of a month?
They've just spoon fed us the data to help us identify them, and given us incentive to do so too. It just seems counter productive.
They've just spoon-fed us the data to help us identify a very particular type of attack. They don't need to use that type. They just need to know the ins and outs of the software.
Is it a benign "attack" to point out the weakness to get enough attention that it gets fixed?
The attack started after someone made a post waring about how easy it is to do so they are not losing anything here.