Currently, there is a wave of spam accounts which are specifically targeting third-party PDS instances which have both PDS_INVITE_REQUIRED and HCaptcha integration turned off to get onto the ATproto network.
There should be a warning issued on both the setup guide and the PDS logs that indicate to the user that their PDS is public and can be registered to by anyone if they do not have proper spam mitigation on their instance.
Currently, there is a wave of spam accounts which are specifically targeting third-party PDS instances which have both
PDS_INVITE_REQUIREDand HCaptcha integration turned off to get onto the ATproto network.There should be a warning issued on both the setup guide and the PDS logs that indicate to the user that their PDS is public and can be registered to by anyone if they do not have proper spam mitigation on their instance.