Email or username:

Password:

Forgot your password?
All posts dansup's posts Post Back to profile
dansup

I'm seeing a lot of mention spam from multiple instances, as a user it's annoying but as a developer I understand the complexity of dealing with spam

#hugops to all admins dealing with this, and I hope other admins hold off on defederation to give admins time to deal with this mess

These attacks only make our network more resilient, and cooperation between projects is essential to long term mitigation

#fediverse #spam #strongerTogether

16 February at 6:55 | Open on mastodon.social
13 comments
Trankten :vf: :tkz:

@dansup Thing is a lot of people are rushing to fediblock. All registered account come from the same email domain chitthi.in

16 February at 6:58 | Open on tkz.one
Talya (she/her) 🏳️‍⚧️

@dansup thanks. just happened for the first time in a huge wave on one of the instances I manage (usually it's one by one and we block them in minutes, but this time it was 79 of them in a row).

16 February at 7:07 | Open on 433.world
alternative
Trankten :vf: :tkz:

@alternative @Yuvalne @dansup Problem is the randomness.

Usually the bots register a few accounts in every instance they find so a Fediblock tends to affect every user in the instance who have regular posts and legitimate use the Fediverse. A list of instances is not going to help but can mitigate if they are blocked manually.

It is up to #MastoAdmins to suspend the accounts in their instances as soon as possible, but the problem comes with unattended instances with open registrations, which are quite a few and if no active moderation is taking, more spam bots will register and will end Fediblocked.

Regards.

@alternative @Yuvalne @dansup Problem is the randomness.

Usually the bots register a few accounts in every instance they find so a Fediblock tends to affect every user in the instance who have regular posts and legitimate use the Fediverse. A list of instances is not going to help but can mitigate if they are blocked manually.

16 February at 7:29 | Open on tkz.one
alternative

@trankten @Yuvalne @dansup

Some says The biggest reason is that there is no Captcha system when joining

and i thinkt it's very reasonable

16 February at 7:33 | Open on indieweb.social
Talya (she/her) 🏳️‍⚧️

@alternative @dansup @trankten
I'm an admin of tooot.im from the list. we mitigated that by this point. also, ironically enough, once I posted about the incident from my admin account, I started getting these spam messages to that account from other instances.

16 February at 7:32 | Open on 433.world
alternative
Trankten :vf: :tkz:

@Yuvalne @alternative @dansup Same happened to me!

When I posted about the spam publicly, the bots started to register in my instance but suspended them asap.

Some of them have the same IP address while others don't so it seems they are behind a VPN. IP blocking might block legitimate users who use a VPN to prevent ISP geoblock. Not an option for me. I am not 100% sure what to do beyond manual check.
16 February at 7:37 | Open on tkz.one
Talya (she/her) 🏳️‍⚧️

@trankten @alternative @dansup
I checked some of the IP ranges and found one where most of our bots lie but also one of our users. so I just restricted sign ups from that range for 1 month.

16 February at 8:08 | Open on 433.world
Trankten :vf: :tkz:

@Yuvalne @alternative @dansup Oh that's amazing and probably a good idea. Is it possible for you to share the IP ranges? Maybe we can check on that all together and find some pattern or users responsible somehow.

16 February at 8:14 | Open on tkz.one
Mike Macgirvin (dev)
I guess we have different opinions. Consent based messaging isn't complex.
Welcome  to  the party. Are you on the guest list? 200. No? 403.


https://fediversity.site/item/824d02bb-52cb-46b8-923c-0d7db0da35e1
16 February at 7:28 | Open on fediversity.site
Mike Macgirvin (dev)
Laughs. 45 million  users. 3.5 billion spams a day. You were still in diapers. Suit yourself.
16 February at 7:48 | Open on fediversity.site
Mike Macgirvin (dev)
Spammers will spam anything they can post to and not get rejected. They'll spam a password prompt fercrysake.  Don't leave anything open that an unknown/unwanted person can post to, because they will.  Blog trackbacks? (Which bypass moderation). I've cleaned up 1/4 million spams at a time from those until I turned them off.  I hate spam. Hate. Hate. Hate. That's why I got rid of it. You can too.
16 February at 7:59 | Open on fediversity.site
Go Up