Gregory's ServerLearning that today's massive Mastodon spam attack was carried out by conspiracy-addled Japanese middle-schoolers whose previous spam run was shut down when admins got in touch with their parents who confiscated their devices is definitely straight of the Shitty Timeline Little Brother.
 76 comments
  @pluralistic I do think that fedi handled this one pretty well. Doesn't seem like there was a lot of disruption. Some fedizens (myself included) had to deal with a bunch of spam, but reporting worked, moderators did a fantastic job, and by and large most people don't seem to have even noticed?  @benfrog @rysiek @pluralistic There's been sooooo much :amaze: Suspended hundreds of accs today @stux @rysiek @pluralistic You''ve been doing a heck of a job. As a user I've seen zero disruption!   @rysiek @dancingtreefrog @rysiek @pluralistic Neither did I. I wonderif a centralized system would handle it any better. @Szescstopni  I didn't see any of the spam specific to this situation. I've only seen people (mostly admins I'd guess) talking about it. However I see more and more spam every day from mastodon.social accounts. Most of the time it's scams and NSFW stuff. @rysiek @pluralistic On our server it seems to be a pattern that if a user got spammed they got a billion messages. But if they weren't a target they got nothing. @Ooze I got hit by a lot of spam, personally. I am guessing that's because I had a few relatively popular toots recently, so my handle was easy to come across on whatever instances the spammers used. @rysiek @pluralistic I'm only hearing about this now. My instance is small. I imported a huge block list of bad or questionable actors to avoid future headaches. So that one might have already been preemptively blocked.  @misty I imagine. I submitted a couple dozen spam reports myself. It's somewhat intense for me, I cannot imagine what moderation teams are dealing with.   @oblomov True for a while, but not for long. Once you have simple filters the spammers find a way to get around them. And so it goes. In this case my tech admin has a small script that dealt with it all. So, yeah, it's whack-a-mole. @ColinTheMathmo of course, spam filters only raise the bar and can be circumvented, but at the moment that bar is basically underground, so even just a little bit would help ;-) I'm honestly thinking about a small script myself as a user, but I don't know if it's possible to automate the reporting.  @rysiek @pluralistic I didn’t notice anything. Was too busy having an existential crisis. @pluralistic@mamot.fr a detail maybe, but is it really an attack if creating an account is open to anyone without any reviewing process?   @pluralistic well shit. Now I feel kinda bad for posting https://www.youtube.com/watch?v=u_4adkAymrg in response a few times. But also, that explains why I could almost read it without much effort (kids use fewer kanji, which are like letters, words, or phonemes — parts of words with meaning when combined? Idk, I’m not a linguist, just a long covid addled dweeboid with insomnia) @pluralistic wow I had no idea there was even an attack. Somehow, your explanation leaves me with more questions than if I knew nothing at all @pluralistic Icing on the cake: these attacks are carried through Discord scripting. Because Discord is so self-absorbed they don't even check if their scripts are bothering the world at large. What. I don't know anything about that. I can run scripts on Discord, and they will happily do HTTP requests to other servers?  @shadowwwind @flberger Admittedly, understanding the passage in full is made complicated by the terminology overlap between script and bot and (most importantly) between a "server" as a stand-alone computer on the network and "server" as in an instance of Discord itself. Ok. It still sounds like a failure of moderation to me. Especially after they have been told about it. That's an interesting form of Whataboutism you got there 😄  I'm not saying that it isn't happening but I find it incredible that Beamship apparently is to small to bother with. We have less than 50 user. Very manageable and personal with such a small system. Of course, I'm the only one that gets reported 😂   @pluralistic They will not get off scott-free. They have brought embarrassment and shame to their families, and now have a significant misdeed on their permanent school records which, in highly competitive high school admission (and even more competitive university admission) may well tank their future lives.  @pluralistic@mamot.fr Conspiracy? iirc they're a massive cyberbullying gang that doxxes people? @pluralistic hold up the same scriptkiddies that did the last big spam wave, whenever that was a while ago, did this one? At what point does it become criminal lol  @pluralistic oh goodness. And I have this picture of my head about how these teenagers are going to respond when their mothers have a little chitchat with them. It's Japanese culture. Take maternal umbrage to fear factor 10000x. She need say hardly anything at all. @pluralistic why are we talking about this past tense? My last spam message was 43 minutes ago, still rolling in regularly  @pluralistic Aha. That explains all the kanji I'm seeing in the most popular tags for the day. @pluralistic Police might be considering charges, regardless of what parents and school say. After Kadokawa hacking incident, they are not dinking around with cybersecurity anymore. @pluralistic now I'm curious and want to see some of this spam. Is there any left anywhere? @ghouston If you're serious, I have some in the reports that included posts. CC: @pluralistic @pluralistic https://www.nytimes.com/2022/12/18/business/4chan-hiroyuki-nishimura.html @pluralistic wow, that's actually kind of reassuring. Kids at least have a chance to grow out of it.   @pluralistic The issue isn't the Japanese middle-schoolers. The issue lies yet again with shitty instance admins allowing for open registration while not having the capacity nor the interest in maintaining their instance.   @pluralistic “Parents take away the devices of Internet pests” is a model that could substantially improve the Internet and should be more widely applied. Sadly, some of the worst offenders are not subject to parental discipline for one reason or another. @pluralistic @cstross I loved Little Brother so much, I bought 5 copies to give out to friends in appreciation of letting me read it for free. A book I'm now hoping my 13 year old will love it @pluralistic very reassuring today to see that "midokuri" hashtag graph, that had been going sharply up, now going symmetrically down to nothing.  |
@pluralistic wow