this post was submitted on 21 Feb 2024
150 points (96.3% liked)

Fediverse

28395 readers
534 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
all 29 comments
sorted by: hot top controversial new old
[–] [email protected] 50 points 9 months ago (2 children)

Yeah, don't offer open signups, kids.

[–] victorz 13 points 9 months ago (4 children)

What exactly is an "open" signup? Is it as opposed to invite only?

[–] fuckwit_mcbumcrumble 27 points 9 months ago (1 children)

There was a conversation the other day on this, but I forget the exact details.

Open sign up is nothing is required to let you sign up.

Closed is obviously invite only/manually must be accepted.

But there's the middle ground that wasn't technically open sign up, where the only requirements are filling out a captcha, and usually email verification.

[–] victorz 8 points 8 months ago

Ah, I see. Thank you, Sir Fuckwit McBumCrumble. 👍

[–] [email protected] 8 points 9 months ago* (last edited 8 months ago) (3 children)

On feddit.de, when I registered (during the great reddit migration), I had to write a short introduction about myself too. I believe it was read by a moderator and manually accepted, but I'm not sure.

[–] [email protected] 12 points 9 months ago

That's how I did it. Ask a question that would be easy for anyone wanting to join, and manually accept. For my instance I never want it so big that I have to automate it anyway.

[–] [email protected] 6 points 9 months ago (1 children)

We require an email address and a response to a question on our signups. The response doesn't need to be more than about 5 words, it's just to stop bots putting random characters or single words in there.

So far, it has seemed to ride that balance between low bar of entry and too hard to spam with bot applicants.

That said, if I wanted to spam the Fediverse, I'd just spin up my own instance of Lemmy or Mastodon.

[–] [email protected] 7 points 8 months ago (1 children)

That said, if I wanted to spam the Fediverse, I'd just spin up my own instance of Lemmy or Mastodon.

Its actually smarter for spammers to infiltrate populated servers. Admins aren't going to have a problem defederating from a pure spam instance. They'll think twice about defederating from an instance with lots of legit users.

[–] [email protected] 5 points 9 months ago

So it's somewhere between Open-Closed:

  • open signup (no invite required), instant availability
  • open signup (no invite required), manual approval required
  • closed signup (invite required)
[–] Setarkus 7 points 9 months ago

I think open signups allow people to create an account without verification like email. I'm not sure about captchas, those might also count as a kind of verification.

[–] [email protected] 4 points 9 months ago

open signups mean you just register via email and password (on mastodon you still have to verify your mail) and you're good to go. On a lot of platforms you have an "approval" mode were admins have to approve each account that wants to register

[–] [email protected] 45 points 9 months ago (2 children)

This seems like a good opportunity to prove the resiliency of the protocol to me.

We will weather this shit.

[–] [email protected] 21 points 9 months ago (1 children)

Yeah, I mean, dealing with issues like this is still better than being on a corporate monarchy like twitter or fb 🤷‍♂️

[–] [email protected] 13 points 8 months ago (1 children)

I remember at it's worst spam being every third post on insta and FB.

And by spam I mean ads.

And by at it's worst I mean so far.

So I'm still very happy with the switch

[–] strawberrysocial 6 points 8 months ago

I haven't had a FB account in years, but a friend has been on it for nearly 2 decades. They said there's no longer any posts from people on their Friends lists, it's become nearly all ads/spam as they scroll.

[–] donio 34 points 9 months ago (5 children)

How visible is this to the average user? Just wondering because I have yet to see any spam at all in my Mastodon feeds. Big thanks to the admins for being on top of it!

[–] [email protected] 11 points 8 months ago (1 children)

I saw zero spam and multiple posts talking about spam.

[–] [email protected] 3 points 8 months ago

It's leaking over into Lemmy as well from random instances. Anyone has been browsing All for the last few days has probably seen a couple specific URL-based post titles a few times a day for the last few days.

[–] [email protected] 11 points 8 months ago* (last edited 8 months ago)

I saw a little of it. Then I saw the offending instances quickly banned. Then I saw a comment from the admin that they didn't like having to implement bans of entire instances, but it became a necessity until admin of those offending instances took action.

I dunno, seems like it is working exactly as intended to me.

And it's far better than a monolithic tech giant. Pointing at Mastodon and calling out spam is utterly silly when compared to the amount of spam on large services. This article reads like a hit piece sponsored by Xitter.

[–] [email protected] 2 points 8 months ago

The spammers are using a limited number of scraped Fediverse actors, which also included a handful of Lemmy communities.

If you weren't part of that list, you were mostly safe.

[–] [email protected] 1 points 8 months ago

I get 10-15 spam messages a day

[–] [email protected] 13 points 9 months ago (1 children)

This is the best summary I could come up with:


Over the past several days, attackers have targeted smaller Mastodon servers, taking advantage of open registrations to automate the creation of spam accounts.

While this is not the first spam attack that has impacted the Fediverse, Rochko notes that only larger servers like Mastodon.social had been targeted previously.

What’s different this time is that the spammers targeted the smaller and even abandoned servers offering open registration, allowing the bad actors to quickly create accounts and generate spam.

Because Mastodon’s smaller servers are often hobbyist projects run by enthusiasts they were vulnerable to this sort of attack.

Many servers were simply shut off as their admins decided it would be easiest to wait out the attack or abandon Mastodon altogether.

“At the moment, there are no good built-in tools to handle this, as this is a complex issue — federated networks are not easy!


The original article contains 1,023 words, the summary contains 143 words. Saved 86%. I'm a bot and I'm open source!

[–] [email protected] 2 points 9 months ago

I believe pixelfed has a good anti-spam filter, at at least I saw @[email protected] promoting it

[–] [email protected] 3 points 8 months ago

To peoplw who hasn't seen any spam next time there is a wave block some of the subs you don't like, disable show read post , enable mark as read on scroll and set sort to all and top hour. I found it buy runjing out of conetent on all top day

[–] nutsack -2 points 8 months ago

here we go time to die and go back to instagram or whatever