I have taken the advice from this post and blocked all instances with > 10,000 users, from this list: https://docs.google.com/spreadsheets/d/e/2PACX-1vRthB7RtY4Rr0t5fhVKaliJnwSmptMc5oJi7uha_OBcF4wpu4eElxAxNzaCqjlq6NsOE9GpgSnMzZ2x/pubhtml
I will continue to monitor things and will make another announcement if more blocks are necessary.
If anybody is interested in getting a cleaned up instance federated again, feel free to contact me over DM (if you’re currently blocked, you can contact me on Matrix: @smorks:40to.ca).
It seems weird that spammers/bots would want to target lemmy so quickly considering it’s relatively small size. It makes you wonder if it’s really Reddit or a 3rd party they hired trying to make Lemmy seem like a less appealing alternative with these kinds of attacks.
One thing that is increasingly common among the bad actors is the construction of bot farms, etc that just sit dormant until they find a use or, often, a client the farm can be leased to. I would expect that any new distributed system, whether it doorbells or forums, will attract these kinds of activities.
My opinion is that detecting, preventing, and mitigating this kind of “pre-attack infiltration and propagation” will have to become a standard part of every system operator’s toolkit.