Either we need to require members to use SDF emails to sign up or manage their Lemmy account login from the Maint console. Either way we need to limit it to Members of SDF who validated their accounts or shit like what’s been happening will continue to happen.
I know that it would make this place less open for people but I think this would go a long way towards making the community more secure against these kinds of attacks.
One possible compromise would be that if we wanted a more open Lemmy instance, to create another one without Member restrictions on a different SDF domain i.e. freeshell.org. Though personally I’m not a fan of that idea at all since unmanned instances tend to gather spam or become derelict. It’s much better to just have member-only instances and to encourage people to become SDF members with the $1 or €5 charge for validation.
I’m fine with requiring mail sign-in with the usual “what am I fighting for” essay, yeah, but… “We” need l.s.o. to be SDF Members only? Who is this “we” you speak about? I’m certainly not in it. Limiting the number of users who can be in l.s.o. in that way could very well lead to instance upkeep, which has already shown to be a problem, to be just Not Worth It.