We require applications, and most applications we get are extremely low effort and we don't approve them. If you have open registrations you'll be doing a lot of moderation for spam.
Run the software that scans images for CSAM. It's not perfect but it's something. If your instance freely hosts whatever without any oversight, word will spread and all of a sudden you're hosting all sorts of bad stuff. It's not technically illegal if you don't know about it, but I personally don't want anything to do with that.
I will add that if you have open registrations you will be a target for spam and trolls, and if you don't take quick action then some other instances are likely to defederate from your instance.
This depends on the instance, some will have a low tolerance and defederate pretty quickly, some instances will defederate temporarily until the spammers or trolls move to a different instance, and some won't care. But you likely won't know it's happened unless you notice you aren't getting content from that instance anymore.
One other thing is that if you're going to run an instance and aren't already on Matrix, make an account. It's how instance admins tend to keep in contact with each other.
[...] if you’re going to run an instance and aren’t already on Matrix, make an account. It’s how instance admins tend to keep in contact with each other.
If your instance freely hosts whatever without any oversight, word will spread and all of a sudden you’re hosting all sorts of bad stuff. It’s not technically illegal if you don’t know about it, but I personally don’t want anything to do with that.
Yeah, this is my primary concern. I'm hoping that there are established best practices for handling the majority of this sort of unwanted content.
The spam is not from bots, it's people being paid to spam. Captchas absolutely need to be turned on or else you get bots as well, but they don't stop the spam.
Question/Answer: Instance admins can set an arbitrary question which needs to be answered in order to create an account. This is often used to prevent spam bots from signing up. After submitting the form, you will need to wait for some time until the answer is approved manually before you can login.
Yeah, it's just something like "Tell us why you want to join this instance". If the answer is "to promote my content" or "qq", for example, they don't get approved.
Do you mean also disabling thumbnails? IIUC, pict-rs handles all thumbnail generation [1]. The reason I point this out is that simply disabling image uploads won't itself stop the generation of thumbnails. There's also the question of storing/caching images that come from federated servers.
How much server hosting experience do you have? I asked about database preferences over in Self-Hosting once and they basically all said "don't choose a database ever. Run. Save yourself while there is still time!"
So maybe use a hosting service I guess. Makes you a more difficult target for attacks but also involves your information getting out into the world in direct connection to your instance.
I've never hosted a public facing social media service. I have a few years experience hosting a number of my own personal services, but they aren't at the scale of a public facing Lemmy instance.
[Using a hosting service] makes you a more difficult target for attacks but also involves your information getting out into the world in direct connection to your instance.
I'm not sure I understand how one's data would be leaked by the hoster.
Same way things get leaked by Equifax, Twitch, US Bank, etc. You're most responsible with your information by not having unnecessary accounts or transactions.
Also, most hosts have WhoIs and ICANN registrations for Domains, but you still need a domain regardless. And further than that they might allow subpeonas from various companies who request the info.
It would depend completely on how many users you let in and what kind of things they'll be doing. Some users are super heavy with uploading images, some users aren't.
I haven't read the docs in a long time, but perhaps you could restrict image uploading or something. Nothing you can do about unbounded DB growth without expiring content though.