Best ideas I got are random captchas, make lemmy invite only, and/or set up some sort of verification system.
Maybe the captcha failure rates visible on a user profile. These tactics can scare off new users but letting lemmy get taken over could be worse than doing nothing.
I watched twitter slowly get flooded with bots. I don’t want the same to happen here.
I am genuinely curious what this “by approval” means. Are administrators really checking really deep into each signup? Or are they just clicking approve and hoping bad actors to not wait for approval?
It will vary. You’d have to ask each instance admin, but some will take steps to check each signup or follow up with questions. They control their server, so I should think that if they bother to limit signups like that, they’re checking each one to some degree.
Otherwise, what’s the point if you’re just going to blindly approve everything anyway?