@ErikUden blocked them earlier on on the wee server I help moderate, we're at 169 sign-up attempts in a few hrs.

Persistent script!

@ErikUden Thanks for posting this! The hashtag these spammers are using is even trending now - this needs to be stopped

@ErikUden Danke für deine/eure Arbeit.

@ErikUden They also all come from tor exit node IP addresses (from what we could see on our instances)
We blocked account creation from tor exit nodes since then, could be an idea for others :)

@ErikUden Thanks! Even I, with my practically single-user instance, was hit with multiple mentions

@ErikUden Danke Erik!

@ErikUden@mastodon.de There's also some more temp mail domains, so you can block them.
mailto.plus
fexpost.com
fexbox.org
mailbox.in.ua

#FediBlock #FediAdmin

@ErikUden cc @cheri I don't know if this is entirely relevant to us but it may be good to look into this if you have the time.

@ErikUden Unfortunately, the bots are not only there. Here's one on your instance:

https://det.social/@f2shpmpcsa/111940463653151627

I almost suspended det.social, assuming it was a spambot factory like the top 3 you mentioned.

CC: @stefan @svensiemsen - Wie man die jetzige Spam-Welle behebt! Hoffe das hilft ^ ^

@ErikUden Thanks for the tips. @njoseph please block the above.

@ErikUden banning Tor exits is a terrible idea. There's a lot of users who use Tor all the time, including myself.

@ErikUden ein weiterer Punkt, der meiner Erfahrung nach sehr gut gegen Spam geholfe hat, ist, die Registrierung so einzuschränken, dass man ein paar Worte zu seiner Registrierung schreiben muss. Zum Beispiel, warum man beitreten will oder welche Interessen man hat.

Dadurch haben wir auf metalhead.club extrem wenige Fälle von (eigenen) Spam-Accounts gehabt bisher. Vielleicht magst du das ja oben noch aufnehmen, wenn du es auch sinnvoll findest.

@ErikUden Thanks! I appreciate the effort in pulling together all the bad actors and presumed asleep instances also!

@ErikUden Thank you! 🙏 Our instance has also been hit.

@ErikUden @admin ho vous êtes mentionnés sur la liste de blocage :(

@ErikUden please note that this list of tempmail providers has historically included legitimate privacy-focused providers like Proton Mail.

@ErikUden Just a note: "CP" or "child pornography" is a word that many people are moving away from, because seeing children sexually abused is horrifying and not pornographic for the vast majority of humanity.

Another term is CSAM, "child sexual abuse materials", and I tend to use that now.

@ErikUden It's Tor, not TOR. 😏

@ErikUden
@ihor

@ErikUden ummm... can you take a look of this instance, please? mastodon-swiss(.)org
I also have a spam in that instance.
Thanks a lot... 👉👈

@ErikUden incase you need an update, the admin of "m.mxin.moe" alread posted his/her clarification on here:

This is the translated version: The site was attacked and caused spam on other sites, I'm very sorry, the site is now restricted from registering and posting characters

@ErikUden
I keep reporting & blocking every spam I get.

@ErikUden Gonna need to add mastodon-swiss.org to that list too, just got a report of spam coming from there for the instance I moderate here as well. Though it seems the site itself may be down now.

@ErikUden friendsyu.me have also fixed spam wave: https://friendsyu.me/notes/718dadc340bad251d7df82db

wehavecookies.social: https://wehavecookies.social/@admin/111939992679250475

planetearth.social: https://planetearth.social/@leon/111940469269635302

mastodon.free-solutions.org and piaille.fr also appear to have cleaned up the spam accounts, though I can't find any admin posts about it

@ErikUden Hi, admin of PIAILLE.FR here, we've taken steps to delete all spam accounts and block ips/mails domains which they originated from.
Please can you cross our name out ?
thanks !

@ErikUden Thanks for the info, the spam wave has also hit many Lemmy instances.

@ErikUden

Das hatte ich schon öfter bemerkt, nicht nur im Austausch mit mastodon.de sondern auch mit anderen Instanzen.

Fast alle Edits sollen 15 Minuten vor dem Screenshot erfolgt sein.

@martinmuc

@ErikUden
sed 's/^\(.\)/127.0.0.1\ \1/' disposable_email_blocklist.conf

copy in /etc/hosts

@ErikUden nice, a handy list of trashmails for all the big sites we want and use them in the first place to block them from being used

@ErikUden thank you for this

@mbergnordlie 👆 isn't this the server?

@ErikUden Thanks for the guide!

Looks like these domains are also being hit as well:
beekeeping.ninja
misskey.kuromame048.net

@ErikUden
Thank you!! for posting this.

I had 628 of these accounts opened overnight, but all still in the confirming state. I was luckily able to suspend them before they converted to real accounts.

@ErikUden The spammers have also been using the hashtag kuroneko6423 - might help to track down more of them #FediBlock #FediAdmin

@ErikUden In a way, it a sign Mastodon made it as a social media company.

@trumpet Not sure if this may be useful/needed?

@ErikUden "Because of this, hessen.social, for example, was not affected by the spam attack! They had already banned the email domain the spammers used ages ago."

Well done @moomendemol & @eichkat3r

@ErikUden that allowlist permits some horrible domain names... I wouldn't trust such a config https://github.com/disposable-email-domains/disposable-email-domains/blob/master/allowlist.conf

@ErikUden Receive some spam from vtdon.com just few minutes ago, I put the domain on limited federation.

@ErikUden @Texan_Reverend just in case this is relevant here. Thanks for keeping this place running, safe, and friendly

@ErikUden squawk.mytransponder.com has resolved the spamming issues AFAICT. Local feed is clear of any spam posts, and the admin has suspended all of the spam accounts and blocked the respective chitthi.in email domain used for the spam account signups.

https://squawk.mytransponder.com/@chiefpilot/111941934637959462

@ErikUden cc: @admin

@ErikUden UPDATES:

- mastodon-swiss.org appears to have suspended all of the spam accounts, and the Local feed is clear of any spam posts now. I couldn't find an official announcement regarding this from the site admin(s) however.

- social.cutefunny.net appears to have completely vanished(?) and just shows a "404 page not found" error when loaded.

- cunnyborea.top still appears to be getting flooded with spam posts.

@ErikUden
The installation example for the temp-e-mail script does not work for docker installations of Mastodon, I think. How can the allow/block lists be used in a docker setup?

@ErikUden ping @phocks

@ErikUden Gonna need to add mastodon.sl to the list now too. Our instance admin, @crashdoom got tagged by the same kinda spam from there too.

@ErikUden any.pink wäre eine weitere E-Mail-Domain, die von den Spammern genutzt wird.

@ErikUden ping @chad

@ErikUden How to mass-delete: https://mamot.fr/@vincib/111946701929274350

Via hashtag moderation, I also found a new wave just starting. I am reporting with a link to this thread before I do my temp block.

CC: @rose @getradicaldude @admin @miska

@cadusilva @rafaelcaricio @gutocarvalho
Passem adiante

@ErikUden This has been dealt with by the site m.mxin.moe administrator.
rt https://bgme.me/@admin/111940123617195624
https://m.mxin.moe/notes/9pruikixff9344ex
But now there's a new attack.

@ErikUden @cappy Thank you!

@ErikUden thank you 💜

@ErikUden mastodon-7ecc009c.cloudplane.app has been cleaned up, registrations closed

@ErikUden @cappy Paging @talon !

@ErikUden thanks for the time and effort put into doing this, and sharing it with the rest.

@ErikUden @cappy thanks for sharing this!

@ErikUden Hallo Erik danke für die Liste.
Mir ist aufgefallen, dass ein paar in der mute- und unmute-Liste drinnen sind (Stand 20.2.24 7:55):
academia.pub
pouet.evolix.org social.cezeri.tech

@ErikUden Donation sent! Thanks for your continued efforts!

@ErikUden
> In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails

Maybe this needs to be the default, with a button to undo it.

@ErikUden sorry, I'm missing something: you clearly explain that defederation has negative impacts and that it's very probable that the problem is going to be solved within 24h, but nevertheless you start your message with an invitation to defederate? Could you motivate this combination?

@ErikUden @cappy @BrodieOnLinux Thanks for the tremendous effort, donation done 😃

Is there way to automatically unmute the servers not in the list anymore ? Import only adds new ones.

@ErikUden @cappy @BrodieOnLinux really, blocking temporary post boxes and Tor nodes is a bad idea, it will prevent many from remaining anonymous. I've also used a temporary mail to register so I don't have to use my main account. Are such measures compulsory?

@ErikUden @cappy @BrodieOnLinux Mastodon admins really ought to team up with StopForumSpam imo

The spam is OVER! Unmute all the instances listed as “fixed” here!