While initially delighted for receiving growth overnight, I found it strange that the users who were signing up were doing so every few seconds and minutes.

All the emails in question utilized the @gmail.com domain and began with common English names followed by a hyphen or underscore with a string of at least 15 random characters.

I highly doubt 309 people would want to use an email address with an extra long string appended to the end of it and share it with other people.

Fortunately, I was able to catch it before it grew into the thousands unlike with some other instances. All 309 accounts have been purged from the database, and the user counter should accurately reflect the correct number of users before this incident. As of writing this, there are only 2 registered users for this instance.

I wish the best for other instance admins who have to deal with more than 309 spam accounts with a legitimate audience. For anyone still reading, particularly admins, I recommend enabling the Require email verification AND Captcha options. I noticed almost immediately that the spam account bots stopped.

While nothing too unfortunate happened, I also wish to apologize on the chance someone had a legitimate account and was lurking here or on another instance.

06/21/2023