• xe8@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    4 years ago

    Not Safe For Brands? I don’t know whether to laugh or cry. Ridiculous.

    Does Lemmy have any kind of protection against stuff like vote manipulation from bot accounts?

    • Dessalines@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      4 years ago

      Their goal would probably just be to have what twitter has, where brands like burger king and wendys, who have thousands of followers, send heart emojis back and forth to other brands, lol.

      Does Lemmy have any kind of protection against stuff like vote manipulation from bot accounts?

      Not besides the captcha signup. BUT, my original intention was, unlike reddit, which is happy to allow bots and vote manipulation, to be very strict about having bots be a separate entity from users. And the fact that most bots or things like RES are just extra features that reddit wouldn’t or didn’t think to add in the first place. Being an open source project, its possible to add those features directly into lemmy.

      One way I can think of to keep out bots past signup, is to periodically, maybe every few weeks, log users out and require a captcha for sign in again, but I imagine people wouldn’t like being logged out. Its something we’ll def have to keep an eye on.

        • Dessalines@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          4 years ago

          We use an open-source rust based captcha in lemmy internally. HCaptcha is def not as bad as google, but its still a silicon valley company, and doesn’t offer a self-hostable version, and isn’t open source in the slightest. Cloudflare is absolutely awful, we’ll never use it.

            • Dessalines@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              4 years ago

              For most things, ddos protection isn’t gonna be necessary, they’re targeted attacks. For most servers, simple nginx rate limiting, ufw, and fail2ban or https://github.com/crowdsecurity/crowdsec are good enough… there are good guides for doing other things too like disabling password-based ssh logins.

              Good VPS’s will offer anti-ddos protection, we were getting hit here pretty hard until we moved to ovh. Cloudflare should never be an option though, that gives them all form submits, including passwords, all client-server data unencrypted.