I can see the current spam attack taking out a lot of hobbyist instances for good. I've seen mentions of it already
Reputational damage and defedations lead to people giving up as it is, for less than this, but with potential to be impacted by increased costs because of it is insult to injury, and that could be pretty hefty if they only log in occasionally.
I've always been a champion for the little guys on here, I think we need more tiny communities, so it's really sad to see all this
like this
reshared this
tiddy roosevelt
Unknown parent • • •@goatsarah Oof, yeah 🙁
I meant to ask, is it alright to follow you? I think I lost the connection in the move and it's been hung on request since
tiddy roosevelt
Unknown parent • • •Interpipes 💙
in reply to tiddy roosevelt • • •having a tiny community is still a community.
You have to keep on top of it, and have notifications turned on, and if you aren't around a lot you shouldn't have open signups.
I'm terminally online and even my instance is strictly people-I-know-only.
tiddy roosevelt
Unknown parent • • •tiddy roosevelt
in reply to tiddy roosevelt • • •If you're wondering the kind of scale of this, we've just seen someone ask how to ban 12000 spam accounts from their server.
Twelve thousand.
reshared this
Charlie Stross, Lazarou Monkey Terror 🚀💙🌈, David JONES, FeralRobots and Dawn Ahukanna reshared this.
Brynndylow, they/them
in reply to tiddy roosevelt • • •tiddy roosevelt
in reply to Brynndylow, they/them • • •@FrazzledBrynn You can just imagine what that would do to a place like this.
But think if we only had the bandwidth that we did in 2018.
Absolutely fucked.
Brynndylow, they/them
in reply to tiddy roosevelt • • •I'm glad you're a great maintainer of glitterkitten, I feel bad for everyone being caught by surprise
I've only seen screenshots of spam... spam? so far
Harshad Sharma
in reply to tiddy roosevelt • • •Earthworm
in reply to tiddy roosevelt • • •Maybe this tool helps them at least with the accs on their own server?
urbanists.social/@sam/11194900…
#citadel #SpamBotAssassin #Spamwave #Spambot
Sam :verified:
2024-02-17 21:43:41
tiddy roosevelt
in reply to Earthworm • • •Kevin :OhNoBubble:
in reply to tiddy roosevelt • • •lalalala sombra
in reply to tiddy roosevelt • • •Mike Johnston
in reply to tiddy roosevelt • • •Packy Anderson
in reply to tiddy roosevelt • • •Diabetic Heihachi
in reply to tiddy roosevelt • • •@Lazarou
Thinking aloud...
All the users are rand hex that I have encountered, might be possible to use Python's isxdigit then search and destroy users with only hex chars.
It's dirty though, and could remove legit users, but 12k... Damn.
Lilly Hunter
in reply to tiddy roosevelt • • •CurtAdams
in reply to tiddy roosevelt • • •Lewis
in reply to tiddy roosevelt • • •Jorge Bejarano
in reply to tiddy roosevelt • • •Mister Music Man
in reply to tiddy roosevelt • • •Emelia 👸🏻
in reply to tiddy roosevelt • • •I think one thing we've seen is a large number of instances unknown to others, with open registration being used as launch pads for malicious activity.
I'm starting to suggest a blocklist based on:
- not up to date software
- open registration without approvals
- low MAU count
I think those would help in the short-term, but longer term we really need to come to terms with how purely open federation is not the answer & leads to pain.
Alexandra Lanes
Unknown parent • •Full Metal Archaeopteryx likes this.
friendly admin
in reply to tiddy roosevelt • • •Just Boby
in reply to tiddy roosevelt • • •Administrator
in reply to tiddy roosevelt • • •I've been on the Fediverse a long time -- I remember mentioning to others that this kind of thing was going to be a problem, I think, *seven* years ago.
I run a small instance, but I've never had open registrations -- it's for family members and some automated bots I program.
It's strange -- Mastodon is made with a "small servers are better!" mindset, but then a lot of the internal administration is designed around *large* instances.
Administrator
in reply to Administrator • • •For an interesting story, read about the actor Wil Wheaton's first experience with Mastodon, years ago. He was one of the first very large Twitter users to abandon Twitter and move to Mastodon.
He was eventually forced off of a server by a very interesting harassment method -- attackers continuously made automated complaints against his account with the server admins.
Michał "rysiek" Woźniak · 🇺🇦
in reply to tiddy roosevelt • • •yeah, this is really bad for small instances.
We need to come up with broader safety nets and support systems for them.
Alexandra Lanes
Unknown parent • •Full Metal Archaeopteryx likes this.
BenjiButo :mastodance:
Unknown parent • • •@neil
Gonna read the docs and see I can start one on my cluster. I heard it uses a lot of memory, that true?
@babe
BenjiButo :mastodance:
Unknown parent • • •Oh that's not a lot. What about hard disk space? Or can I limit caching?
@babe
Rob Carlson
in reply to tiddy roosevelt • • •Bruce Heerssen
Unknown parent • • •It's a problem. One person, or even a small team, can't manually verify 12,000 registrations. So for small instances, this is effectively a denial of service attack on new signups.
Ⓐ Dirk Ritter
in reply to tiddy roosevelt • • •No ressources, so we went for applications and approval and I'm still glad we did, especially after the recent wave. That way, I could even joke about it when the wave hit. No big deal.
¯\_(ツ)_/¯
Dominik
in reply to tiddy roosevelt • • •