Current spam attack: Mastodon is the problem #29267
Replies: 6 comments 3 replies
-
The first wave of the spam are all coming from Misskey servers, as the attacker is targeting Japanese users. Later, as the admins take action, and there isn't many Misskey servers, the attacker moved to use Mastodon servers that allows public registration. There's not much you can do without destroying the very idea of the federation system. |
Beta Was this translation helpful? Give feedback.
-
Mastodon works like email system. But mastodon doesn't have any auto SPAM filter. SPAM is on the way, Mastodon need a junk box for each account. |
Beta Was this translation helpful? Give feedback.
-
I've spent almost three hours cleaning up this mess. What this proves to me is the priorities of the devs are screwed up. We're arguing over icons, when I literally have 100GB of CRAP clogging my object storage, and growing. Eugen needs to wake up. We are getting royally slammed out here, and no one is doing jack s**t. This isn't any better than Twitter or X at this point. |
Beta Was this translation helpful? Give feedback.
-
It's quite easy to find the SPAM toots via API, my script is detecting them via the images and some japanese text and deletes/blocks the toots/senders. Luckily the messages are very simple and there are only a few different ones. https://github.com/perryflynn/fediscripts But this will become a huge problem in future SPAM waves... |
Beta Was this translation helpful? Give feedback.
-
After reviewing it, I developed a spam filter based on the K-Anonymity theory. Currently, my server is no longer receiving any spam. :) |
Beta Was this translation helpful? Give feedback.
-
Closing this discussion, because the Mastodon developers are listening. 🎉 https://github.com/mastodon/mastodon/releases/tag/v4.2.8 |
Beta Was this translation helpful? Give feedback.
-
After around 48 hours of spam, I noticed one thing during mitigating the current spam attack on my server; the spam accounts are all located on Mastodon servers. As far as I can see, the bot automatically creates accounts, also on fully updated Mastodon servers. The rumor goes that it's even a child or young teenager is doing this.
There are two sides of this spam attack:
It is very easy to automatically create Mastodon accounts with a script. Yes I know there options to block disposable email providers and IP's, but this shouldn't be easy at all. So please make this a high priority. Actually I hope it already is.
At the receiving side there is not much that we can do about the spam, except blocking affected servers, after the spam is already received. There are no tools to automatically mitigate this. I can say that this is very frustrating. So please, help us to stop this!? @Gargron send a post (after two days) how to make sure your server can't be hijacked, but those admins probably won't see this. So please make sure it is also a priority to create tools to stop the spam ASAP.
Please see these issues (two of them are created by me and are related):
Require blocking of disposable email providers and/or require a captcha provider when registrations are open
#29270
Set new registrations on new servers to manual approval by default
#29269
Ability to greylist new servers
#29266
Ability to use heuristic spam filtering tools
#29265
Instance-wide filtering
#29256
cc @ClearlyClaire @renchap
Beta Was this translation helpful? Give feedback.
All reactions