Probably the easiest is to use a different UI.

Both Photon (https://photon.lemmy.world/) and Tesseract (https://t.lemmy.world/) will let you directly edit the mod team from the community settings pages.

Tesseract (t.lemmy.world) both badges and lets you filter new accounts. You can configure the number of a days an account is considered “new” from 1 to 30 days. Anything that’s filtered will be shown as a stub/collapsed item in the feed.

In the upcoming release (delayed due to personal issues but in progress), you can completely hide content from new accounts (versus just collapsing it) among other filters.

Additionally, (in the upcoming release) it will automatically hide content from users less than a week old who have deleted their accounts. This feature is a direct response to this “hit it and quit it” nonsense from the accounts you’re describing.

Not that that isn’t good advice to make mods’ lives easier in general, but for the ban evader I think you’re talking about, it’s usually pretty apparent if you look at the profile of the user being reported:

1. Minutes old, 10+ posts and no comments or maybe 1 boilerplate-looking one.
2. Usually cycles through c/Politics, c/News, c/Health, c/UK, c/Ohio, c/Television and a few others
3. Here lately, spams out 10+ posts rapid-fire and then deletes the account (not all UIs indicate a user is deleted, but that info is often helpful).

Granted, I’m really good at pattern matching. It’s like my one neurodivergent superpower lol.

If you have DB access, the values are in the local_site_rate_limit table. You’ll probably have to restart Lemmy’s API container to pick up any changes if you edit the values in the DB.

100 per second is what I had in my configuration, but you may bump that up to 250 or more if your instance is larger.

“Message” bucket is kind of a general purpose bucket that covers a lot of different endpoints. I had to ask the lemmy devs what they were back when I was adding a config section in Tesseract for the rate limits.

These may be a little out of date, but I believe they’re still largely correct:

That’s a consideration, yeah, but they’d have to all be hitting lemmy.zip (your instance) and all from the same /32 IPv4 address.

(AFAIK) CG-NAT still uses port address translation so there’s an upper limit to the number of users behind one IP address. They also are distributed geographically. So everyone would need to be in the same area on the same instance to really have that be an issue.

The more likely scenario would be multiple people in the same IPv4 household using the same instance. But 20 comments per minute, divided by two people in the house would still be 10 comments per minute. That’s still probably more than they could reasonably do.

Edit: You mentioned T-Mobile internet. T-Mobile is pretty much all IPv6 with IPv4 connectivity via CG-NAT. lemmy.zip is also reachable over IPv6, so in that situation,it would try IPv6 first and CG-NAT likely wouldn’t even come into play.

https://nginx.org/en/docs/http/ngx_http_proxy_module.html

$proxy_add_x_forwarded_for is a built-in variable that either adds to the existing X-Forwarded-For header, if present, or adds the XFF header with the value of the built-in $remote_ip variable.

The former case would be when Nginx is behind another reverse proxy, and the latter case when Nginx is exposed directly to the client.

Assuming this Nginx is exposed directly to the clients, maybe try changing the bottom section like this to use the $remote_addr value for the XFF header. The commented one is just to make rolling back easier. Nginx will need to be reloaded after making the change, naturally.

     # Add IP forwarding headers
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-For $remote_addr;

Yeah, you are setting it, but that’s assuming the variable $proxy_add_x_forwarded_for has the correct IP. But the config itself is correct. Is Nginx directly receiving traffic from the clients, or is it behind another reverse proxy?

Do you have a separate location block for /api by chance, and is the proxy_set_header directive set there, too? Unless I’m mistaken, location blocks don’t inherit that from the / location.

I replied to your other comment, but most likely cause is the API server not getting the correct client IP. If that’s not setup correctly, then it will think every request is from the reverse proxy’s IP and trigger the limit.

Unless they’re broken again. Rate limiting seems to break every few releases, but my instance was on 0.19.12 before I shut it down, and those values worked.

Not sure. I had mine set to 20 per 60 for a long time without issue.

Most likely cause would be the Lemmy API service not getting the correct client IP and seeing all API requests come from the reverse proxy’s IP.

Are you sending the client IP in the X-Forwarded-For header? Depending on how your inbound requests are routed, you may have to do that for every reverse proxy in the path.

So, a ‘Comments’ Rate limit: 10, Per second: 60, means a maximum of 10 comments per minute, correct?

Correct, per client IP.

Maybe the reason you see 99999999 is due to troubleshooting

Could be. I try not to speculate on “why” when I don’t have access to the answer lol.

I don’t recall any of them being from mander (unless they were dealt with before I started testing?), but thanks for taking preventative measures :)

I don’t know what ‘Antiyanks’ is

It’s the codename for a particular long-term troll and is based off of their original username pattern (which they still use sometimes). I have reason to believe it’s also the same troll that used to spam the racist stuff in Science Memes.

These are most of today’s batch (minus the JON333 which was just a garden-variety spammer that made it into the last screenshot).

You’ll have to talk to the lemmy devs about that. I’m a retired admin, but last I was aware, they’re based on client IP.

At least you have them. We don’t :'(

It’s a conspiracy, bud. Trying to keep the truth down!

OR…there’s like 300 duplicates of the same thing because everyone thinks they’re CNN and the first to break the story.

Take your pick.

I’ve seen this site get spammed in the past, but it’s been a few months. Guess they’re at it again.

That whole site is an unholy mixture of religion, conspiracy, and Elon Musk. It’s bonkers.

Basically if you see tiblur [dot] com, you can pretty much just report it as spam.