Email or username:

Password:

Forgot your password?
Cory Doctorow

Learning that today's massive Mastodon spam attack was carried out by conspiracy-addled Japanese middle-schoolers whose previous spam run was shut down when admins got in touch with their parents who confiscated their devices is definitely straight of the Shitty Timeline Little Brother.

76 comments
jcriecke

@pluralistic that is too ridiculous, no. that's a parks & rec plot.

Michał "rysiek" Woźniak · 🇺🇦

@pluralistic I do think that fedi handled this one pretty well.

Doesn't seem like there was a lot of disruption.

Some fedizens (myself included) had to deal with a bunch of spam, but reporting worked, moderators did a fantastic job, and by and large most people don't seem to have even noticed?

stux⚡

@benfrog @rysiek @pluralistic There's been sooooo much :amaze:

Suspended hundreds of accs today

Szescstopni

@dancingtreefrog @rysiek @pluralistic Neither did I. I wonderif a centralized system would handle it any better.

David W. Jones

@Szescstopni
I don't know. FediVerse has a lot of ways to manage connections and a lot of admins to handle them. Centralized (like the late Twitter/X) don't have nearly as many admins now, I suspect. Plus I think it profits from the spammers, so has no motivation to stop them...
@rysiek @pluralistic

Tyrion 🐧🏴‍☠️

@rysiek @pluralistic

I didn't see any of the spam specific to this situation. I've only seen people (mostly admins I'd guess) talking about it.

However I see more and more spam every day from mastodon.social accounts. Most of the time it's scams and NSFW stuff.

Aunty

@rysiek @pluralistic this is the first I'm hearing of it lol

Ooze 𓁟

@rysiek @pluralistic On our server it seems to be a pattern that if a user got spammed they got a billion messages. But if they weren't a target they got nothing.

Michał "rysiek" Woźniak · 🇺🇦

@Ooze I got hit by a lot of spam, personally. I am guessing that's because I had a few relatively popular toots recently, so my handle was easy to come across on whatever instances the spammers used.

@pluralistic

🎄 Tony Bark :pawified:

@rysiek @pluralistic I'm only hearing about this now. My instance is small. I imported a huge block list of bad or questionable actors to avoid future headaches. So that one might have already been preemptively blocked.

Misty

@rysiek Speaking as a server admin, I can say the moderation load has been highly disruptive. 😅 I'm grateful most users don't have to notice, but for those who got hit it was intense - both for end users, and for moderators who had to clean up.

Michał "rysiek" Woźniak · 🇺🇦

@misty I imagine. I submitted a couple dozen spam reports myself. It's somewhat intense for me, I cannot imagine what moderation teams are dealing with.

Oblomov

@rysiek @misty still, I feel like these spam waves would be almost trivial to contain with even the simplest of filters.

Colin the Mathmo

@oblomov True for a while, but not for long. Once you have simple filters the spammers find a way to get around them. And so it goes.

In this case my tech admin has a small script that dealt with it all.

So, yeah, it's whack-a-mole.

CC: @rysiek @misty

Oblomov

@ColinTheMathmo of course, spam filters only raise the bar and can be circumvented, but at the moment that bar is basically underground, so even just a little bit would help ;-)

I'm honestly thinking about a small script myself as a user, but I don't know if it's possible to automate the reporting.

@rysiek @misty

Misty

@oblomov @rysiek Unfortunately, the builtin moderation tools don’t support anything like that.

Osma A

@rysiek
All I saw was a couple of toots wondering what's going on. @trumpet whatever you did it worked wonders, so thank you for your work!

Maria Liv ✏️

@rysiek @pluralistic I didn’t notice anything. Was too busy having an existential crisis.

Sethy Bowoy 𓁣 probably

@pluralistic@mamot.fr a detail maybe, but is it really an attack if creating an account is open to anyone without any reviewing process?

Mx Verda

@pluralistic well shit. Now I feel kinda bad for posting youtube.com/watch?v=u_4adkAymr in response a few times.

But also, that explains why I could almost read it without much effort (kids use fewer kanji, which are like letters, words, or phonemes — parts of words with meaning when combined? Idk, I’m not a linguist, just a long covid addled dweeboid with insomnia)

Preston Is Not My Real Name

@pluralistic wow I had no idea there was even an attack. Somehow, your explanation leaves me with more questions than if I knew nothing at all

Alain Dellepiane :eit: :pm:

@pluralistic Icing on the cake: these attacks are carried through Discord scripting. Because Discord is so self-absorbed they don't even check if their scripts are bothering the world at large.

Florian Berger (privat)

@aran

What.

I don't know anything about that. I can run scripts on Discord, and they will happily do HTTP requests to other servers?

shadowwwind

@aran @flberger no discord is not hosting scripts. The article sound like they used discord bots to interface with their server.
Or maybe they abused a badly designed Discord bot but that would be the bot owners fault

Alain Dellepiane :eit: :pm:

@shadowwwind @flberger
The article states clearly how they didn't need any external server and the attack was launched directly from Discord.
Techcrunch seems a fairly reliable source too, but I'm not technical enough to argue either way. I hate Discord regardless 😆

shadowwwind

@aran @flberger I have used the discord api, it does host scripts for you.

It probably means, that somebody, set up a server, connected to the discord bot and people that don't know how to code use it to start spam waves.

Alain Dellepiane :eit: :pm:

@shadowwwind @flberger

Admittedly, understanding the passage in full is made complicated by the terminology overlap between script and bot and (most importantly) between a "server" as a stand-alone computer on the network and "server" as in an instance of Discord itself.
Still, the title "Discord took no action against server that coordinated costly Mastodon spam attacks" should leave no ambiguity about the main issue at play 😄

shadowwwind

@aran @flberger some discord bots allow you to create customer commands and use http requests, they might abuse something like that. But that is not possible for Discord to control

Alain Dellepiane :eit: :pm:

@shadowwwind @flberger

Ok. It still sounds like a failure of moderation to me. Especially after they have been told about it.

shadowwwind

@aran @flberger considering there are servers where discord users try to bait minors into sending nudes, I understand it's not their top priority

Alain Dellepiane :eit: :pm:

@shadowwwind @flberger

That's an interesting form of Whataboutism you got there 😄
"You think that's bad for Discord standards? YOU GOT NO IDEA"

Just Bob 🇺🇲♒🐧🪖

@pluralistic

I'm not saying that it isn't happening but I find it incredible that Beamship apparently is to small to bother with. We have less than 50 user. Very manageable and personal with such a small system.

Of course, I'm the only one that gets reported 😂

DanCast

@pluralistic it’s the dark side of the BTS fan DDoS of snitch lines

Patty Kimura

@pluralistic They will not get off scott-free. They have brought embarrassment and shame to their families, and now have a significant misdeed on their permanent school records which, in highly competitive high school admission (and even more competitive university admission) may well tank their future lives.
Japan is a judgemental accountability culture.

not ch1c

@pluralistic the Japan angle makes it a touch classic-era Gibson too

Orca🌻 | 🏴🏳️‍⚧️

@pluralistic@mamot.fr Conspiracy? iirc they're a massive cyberbullying gang that doxxes people?

donut :alpine: :xfce: :clj:

@pluralistic hold up

the same scriptkiddies that did the last big spam wave, whenever that was a while ago, did this one?

At what point does it become criminal lol

GhostOnTheHalfShell

@pluralistic oh goodness.

And I have this picture of my head about how these teenagers are going to respond when their mothers have a little chitchat with them.

It's Japanese culture. Take maternal umbrage to fear factor 10000x. She need say hardly anything at all.

Ooze 𓁟

@pluralistic Our report bot was overwhelmed. 😳

Jason Dyer

@pluralistic why are we talking about this past tense? My last spam message was 43 minutes ago, still rolling in regularly

Tushar Chauhan

@pluralistic Aha. That explains all the kanji I'm seeing in the most popular tags for the day.

Deborah Yoon Zacharias

@pluralistic I didn't notice anything, but the story blows my mind.

Zappy

@pluralistic Kind of disappointed now that I missed out on the fun.

alchemistmuffin

@pluralistic Police might be considering charges, regardless of what parents and school say. After Kadokawa hacking incident, they are not dinking around with cybersecurity anymore.

Gary Houston

@pluralistic now I'm curious and want to see some of this spam. Is there any left anywhere?

Colin the Mathmo

@ghouston If you're serious, I have some in the reports that included posts.

CC: @pluralistic

Ruby Jones

@pluralistic wow, that's actually kind of reassuring. Kids at least have a chance to grow out of it.

FinalOverdrive

@pluralistic little brother, only they're assholes and idiots

Chris

@pluralistic The issue isn't the Japanese middle-schoolers. The issue lies yet again with shitty instance admins allowing for open registration while not having the capacity nor the interest in maintaining their instance.

Iron Bug
haven't heard of any attacks. do they have any coverage on the issue?
Angus McIntyre

@pluralistic “Parents take away the devices of Internet pests” is a model that could substantially improve the Internet and should be more widely applied.

Sadly, some of the worst offenders are not subject to parental discipline for one reason or another.

Paul

@pluralistic @cstross I loved Little Brother so much, I bought 5 copies to give out to friends in appreciation of letting me read it for free. A book I'm now hoping my 13 year old will love it

Keen Grasp

@pluralistic very reassuring today to see that "midokuri" hashtag graph, that had been going sharply up, now going symmetrically down to nothing.

Go Up