Email or username:

Password:

Forgot your password?
dansup

I'm seeing a lot of mention spam from multiple instances, as a user it's annoying but as a developer I understand the complexity of dealing with spam

#hugops to all admins dealing with this, and I hope other admins hold off on defederation to give admins time to deal with this mess

These attacks only make our network more resilient, and cooperation between projects is essential to long term mitigation

#fediverse #spam #strongerTogether

13 comments
Trankten :vf: :tkz:

@dansup Thing is a lot of people are rushing to fediblock. All registered account come from the same email domain chitthi.in

Talya (she/her) 🏳️‍⚧️

@dansup thanks. just happened for the first time in a huge wave on one of the instances I manage (usually it's one by one and we block them in minutes, but this time it was 79 of them in a row).

Trankten :vf: :tkz:

@alternative @Yuvalne @dansup Problem is the randomness.

Usually the bots register a few accounts in every instance they find so a Fediblock tends to affect every user in the instance who have regular posts and legitimate use the Fediverse. A list of instances is not going to help but can mitigate if they are blocked manually.

It is up to #MastoAdmins to suspend the accounts in their instances as soon as possible, but the problem comes with unattended instances with open registrations, which are quite a few and if no active moderation is taking, more spam bots will register and will end Fediblocked.

Regards.

@alternative @Yuvalne @dansup Problem is the randomness.

Usually the bots register a few accounts in every instance they find so a Fediblock tends to affect every user in the instance who have regular posts and legitimate use the Fediverse. A list of instances is not going to help but can mitigate if they are blocked manually.

alternative

@trankten @Yuvalne @dansup

Some says The biggest reason is that there is no Captcha system when joining

and i thinkt it's very reasonable

Talya (she/her) 🏳️‍⚧️

@alternative @dansup @trankten
I'm an admin of tooot.im from the list. we mitigated that by this point. also, ironically enough, once I posted about the incident from my admin account, I started getting these spam messages to that account from other instances.

Trankten :vf: :tkz:

@Yuvalne @alternative @dansup Same happened to me!

When I posted about the spam publicly, the bots started to register in my instance but suspended them asap.

Some of them have the same IP address while others don't so it seems they are behind a VPN. IP blocking might block legitimate users who use a VPN to prevent ISP geoblock. Not an option for me. I am not 100% sure what to do beyond manual check.

Talya (she/her) 🏳️‍⚧️

@trankten @alternative @dansup
I checked some of the IP ranges and found one where most of our bots lie but also one of our users. so I just restricted sign ups from that range for 1 month.

Trankten :vf: :tkz:

@Yuvalne @alternative @dansup Oh that's amazing and probably a good idea. Is it possible for you to share the IP ranges? Maybe we can check on that all together and find some pattern or users responsible somehow.

Mike Macgirvin (dev)
I guess we have different opinions. Consent based messaging isn't complex.
Welcome  to  the party. Are you on the guest list? 200. No? 403.


https://fediversity.site/item/824d02bb-52cb-46b8-923c-0d7db0da35e1
Mike Macgirvin (dev)
Laughs. 45 million  users. 3.5 billion spams a day. You were still in diapers. Suit yourself.
Mike Macgirvin (dev)
Spammers will spam anything they can post to and not get rejected. They'll spam a password prompt fercrysake.  Don't leave anything open that an unknown/unwanted person can post to, because they will.  Blog trackbacks? (Which bypass moderation). I've cleaned up 1/4 million spams at a time from those until I turned them off.  I hate spam. Hate. Hate. Hate. That's why I got rid of it. You can too.
Go Up