So far this week, Civilloquy jumped from 20-some accounts to just under 10,000. My initial thought was that the UI was bugging with federation somehow, but then I saw that, as @sunaurus@lemm.ee has pointed out, spam bots have been making ridiculous numbers of accounts on unprotected instances. I enabled captchas today and, unable to identify any legitimate accounts created since Sunday, decided to just delete all accounts created in the last two days.
It took me a bit to get the user count corrected, but @sunaurus@lemm.ee helped by clarifying that you just need to run:
update site_aggregates
set users = (select count(*) from local_user)
where site_id = 1;
Hopefully captchas will stop the spam as I would like to keep signups as easy as possible, but allowing spam isn’t an acceptable tradeoff if that’s what that would mean. I’ll keep monitoring the situation.