cross-posted from: https://lemmy.world/post/358415
The vast majority of the instances in that screenshot have known jumps from 1~50 users to tens of thousands in less than a day. These instances also happen to not require a captcha on sign up.
It may very well be that instance owners are innocent as some have really been victims of bot attacks and simply forgot that you could enable captchas for sign-ups, nevertheless I think instance directories like Lemmyverse.net should start disincentivizing anyone from inflating his own instance with tens of thousands of bots in order to get on top of those “leaderboards”.
A clever scammer could create scam/phishing/advertisement posts on their instance that are artificially upvoted to the top. They could even have ChatGPT make a bunch of comments to make them seem real.
Hopefully, other instances would catch on and defederate from them, but if they’re subtle or just wait until they have a bunch of users it would probably be enough to scam quite a few people.