Either we need to require members to use SDF emails to sign up or manage their Lemmy account login from the Maint console. Either way we need to limit it to Members of SDF who validated their accounts or shit like what's been happening will continue to happen.
I know that it would make this place less open for people but I think this would go a long way towards making the community more secure against these kinds of attacks.
One possible compromise would be that if we wanted a more open Lemmy instance, to create another one without Member restrictions on a different SDF domain i.e. freeshell.org. Though personally I'm not a fan of that idea at all since unmanned instances tend to gather spam or become derelict.
It's much better to just have member-only instances and to encourage people to become SDF members with the $1 or €5 charge for validation.
We is members of SDF, and I don't really believe that. But even if it were true. If their only merit to creating this instance is to have it be public facing without any of the anti-spam benefits of being SDF-Member only, then it probably isn't worth it. After all their public Mastodon server mastodon.sdf.org has many upkeep issues and they don't seem to care much about it. Social.sdf.org is well taken care of, because it's made specifically for SDF members. This instance should be given the same amount of care and attention that social.sdf.org is but the only way that's worth it is if they can be sure most people there are validated and trusted members.