Whenever I see a run of spam posts on the fediverse, I’ve taken to looking at the usernames behind them. Nine times out of ten, they turn out to be from kbin instances. Here’s a recent example:
As I write this, that account shows 8 identical scam posts made within 7 minutes of each other, and nothing else. (I imagine they might be removed by the time you read this.) This is pretty common in my experience. These particular posts are all to kbin magazines, not lemmy communities, but I don’t remember whether that’s always the case.
Since the main kbin instance is not the only one broadcasting this stuff, I wonder if there’s something about the kbin software that makes it attractive to spammers. Does anyone know?
Edit: Some examples that are still cached on my instance:
https://lemmy.ca/u/[email protected]
https://lemmy.ca/u/[email protected]
https://lemmy.ca/u/[email protected]
https://lemmy.ca/u/[email protected]
https://lemmy.ca/u/[email protected]
https://lemmy.ca/u/[email protected]
https://lemmy.ca/u/[email protected]
This post on why lemmy.world temporarily adjusted federation abilities w/ kbin has a bit more insight, especially in the comments:
https://old.lemmy.world/post/5289864kbin.social’s admin (and kbin currently only supports one admin per instance) is also the main dev.
As I understand it, the sudden unexpected popularity of kbin caused infrastructure issues and made fixing bugs and limitations more important, while he still has to reach his feature goals to secure funding so he can actually continue working on kbin full-time. Additionally, real life had a lot of negative surprises in store he had to deal with.
All in all, he hasn’t had much time at all to properly moderate the instance, And the past two weeks he’s been gone entirely for real life reasons, leaving the instance unmoderated.
It’s not an issue with the software itself, just with kbin.social (and of course other badly moderated instances) specifically.