Email or username:

Password:

Forgot your password?
Top-level
Grow Your Own Services 🌱

p.s. If you don't do this, people may end up blocking your server entirely just to stop the spam.

It's really not much work to approve signups. It's a lot less work than dealing with spammers on your server and the staining of your server's reputation.

22 comments
Fish :vegan:

@homegrown to demonstrate your point, there are spammers commenting on your post. Way to prove your point.

Grow Your Own Services 🌱

@rybson

Yup, and they're from servers with instant signups.

I've reported them to their origin servers and suspended them at my end, but the posts will float around for some people until the origin servers deal with them.

D3

@homegrown if you imply people should block open registration servers, I'd say this is bordering on fud. Closed registration is a significant hurdle for some folks and a lot of serverteams are doing gods work to monitor signups closely to be able to keep their registration open. Please don't imply otherwise.

Grow Your Own Services 🌱

@dnddeutsch

I'm not saying they should, I'm saying they will.

If someone's server is overrun by hundreds of spams from an ever-changing set of spam accounts on a remote server, and the remote server isn't doing anything about it, what other options are left other than blocking the remote server?

D3

@homegrown after the fact? Sure, I'm with you and do that myself (and always temporarily close our registration as soon as we're aware of a significant wave). The point is I see a disturbing lack of nuance, when it comes to asking to get rid of the option or even preventive blocking of servers that offer it. They're not all abandoned hellholes. On the contrary.

El Duvelle

@dnddeutsch @homegrown
Saying "people may end up blocking your server" (if you don't take care of spam) seems nuanced enough!

Mastodon•ART 🎨 Curator

@dnddeutsch @homegrown I mean they're clearly not - I've submitted reports of 11 spammer accounts across eight instances in the past few hours this morning, each one of those accounts has spammed *at least* 20 users (20 is the maximum number of posts we can check to report as 'evidence') - if a user on your instance is able to get THAT far with spamming, it's already too far and you are not able to effectively moderate open signups.

Mastodon•ART 🎨 Curator

@dnddeutsch @homegrown Meanwhile, moderators on other instances are getting bombarded with reports of the source instance's spam problem and we're having to deal with it to protect OUR community from spam because THOSE instances are not doing a good enough job.

All our mods - most mods of instances across the fediverse - are unpaid and voluntary. It's Saturday morning, I'm not getting paid to sit in front of the report queue sniping spammers for the past four hours because another instance -

Mastodon•ART 🎨 Curator

@dnddeutsch @homegrown - cares more about increasing their number count than providing a safe space for not just *their* community, but all the other communities connected to them.

The server teams 'doing gods work' are the ones who've responsibly turned off open sign ups and are still having to moderate spam from other instances who haven't.

Hazelnoot ALT

@dnddeutsch@mastodon.pnpde.social @homegrown@social.growyourown.services it's not FUD - blocking open-reg servers was the most effective solution to that first Misskey spam wave a while back. My co-admin actually wrote a script to do it automatically, and it helped so much more than any filter we applied.
(we un-blocked all the servers afterwards, of course.)

Mx Amber Alex

@dnddeutsch @homegrown that's what happens though. We've silenced a shitton of instances who had their registrations open and were overrun with spam bots as a result.

Manually approving signups is trivial. If that's too much of a hurdle for users, that they may have to wait for a day to get approved, then they need to learn some patience.

Mx Amber Alex

@dnddeutsch @homegrown when you rent an apartment, you can't move in immediately. You have to pay a deposit, you have to clear a credit check, etc.

When you join a club or political party, you aren't a member immediately, a human has to approve your application for membership.

"Arrives the next day" shipping from Amazon and corporate social media has made people impatient, but historically, very few things happened instantaneously. Instant gratification is a very, very recent phenomenon.

Chris

@homegrown In my opinion, the developers of the Fediverse platforms should consider removing open registration entirely. There are currently a significant number of amateur administrators who lack the necessary expertise and experience to manage their fediverse instances effectively.

nlupo

@Chris @homegrown That's why forbid my the registrations of my instance. Once I make it stable enough, I'll just invite some people from my local community.

always tired

@Chris @homegrown Perhaps not remove but change the default? And perhaps a warning for the "enable instant sign up" like "you'll need a really quick responsive moderation as you may be a good target for spammers"

Mx Amber Alex

@Chris @homegrown and it's not like approving signups is unusual. Twitter does it too, it's just less obvious, because the background check happens automatically under the hood (has this email been used before? is that email provider prone to spam?). But I can't count how often I've made a new account for some project or other and it was suspended within minutes and only reinstated after I provided a phone number.

On Mastodon instances (idk about other software), it's just more transparent: it says "request account" or something, and since a human does it, it takes longer than the few seconds it does on commercial platforms.

It's the same process as everywhere else, just with less room for software error.

@Chris @homegrown and it's not like approving signups is unusual. Twitter does it too, it's just less obvious, because the background check happens automatically under the hood (has this email been used before? is that email provider prone to spam?). But I can't count how often I've made a new account for some project or other and it was suspended within minutes and only reinstated after I provided a phone number.

Petra van Cronenburg

@homegrown I would never block an instance because of some spammers. I reported some today (on servers where I follow interesting people!) and the accounts were suspended in less than 30 minutes.

This insecurity to be seen like "we block your server" brings a lot of good people to Bluesky & Co.

MarjorieR

@homegrown just seen another one in this thread.
Also now seeing instance swapping: intially they were all on mastodon.social 'Mercyjohn' has now appeared from 3 instances advertising the same spam.
So it's now whack-a-mole on any server that doesn't vet sign ups, though I foresee that if we all started to vet the spammers would simply develop strategies, probably using AI, for that and it would become about as effective as having a catchpa.

Catherine Schmidt

@homegrown elder here. On mstdn.social. Can’t find preferences under settings. Am I in the wrong place? Thanks.

mkj

@lillyfinch That's not a setting you can change as a user; it's a server administrator setting.

mstdn.social already has sign-up review turned on, so what @homegrown discusses is already in place there.

Go Up