I can see the current spam attack taking out a lot of hobbyist instances for good. I've seen mentions of it already
Reputational damage and defedations lead to people giving up as it is, for less than this, but with potential to be impacted by increased costs because of it is insult to injury, and that could be pretty hefty if they only log in occasionally.
I've always been a champion for the little guys on here, I think we need more tiny communities, so it's really sad to see all this
like this
reshared this
Interpipes 💙
in reply to tiddy roosevelt • • •having a tiny community is still a community.
You have to keep on top of it, and have notifications turned on, and if you aren't around a lot you shouldn't have open signups.
I'm terminally online and even my instance is strictly people-I-know-only.
tiddy roosevelt
in reply to tiddy roosevelt • • •If you're wondering the kind of scale of this, we've just seen someone ask how to ban 12000 spam accounts from their server.
Twelve thousand.
reshared this
Charlie Stross, Lazarou Monkey Terror 🚀💙🌈, David JONES, FeralRobots and Dawn Ahukanna reshared this.
Harshad Sharma
in reply to tiddy roosevelt • • •Earthworm 🐌
in reply to tiddy roosevelt • • •Maybe this tool helps them at least with the accs on their own server?
urbanists.social/@sam/11194900…
#citadel #SpamBotAssassin #Spamwave #Spambot
Sam
2024-02-17 21:43:41
Kevin :OhNoBubble:
in reply to tiddy roosevelt • • •lalalala sombra
in reply to tiddy roosevelt • • •Mike Johnston
in reply to tiddy roosevelt • • •Packy Anderson
in reply to tiddy roosevelt • • •Diabetic Heihachi
in reply to tiddy roosevelt • • •@Lazarou
Thinking aloud...
All the users are rand hex that I have encountered, might be possible to use Python's isxdigit then search and destroy users with only hex chars.
It's dirty though, and could remove legit users, but 12k... Damn.
Lilly Hunter
in reply to tiddy roosevelt • • •CurtAdams
in reply to tiddy roosevelt • • •Lewis
in reply to tiddy roosevelt • • •Mister Music Man
in reply to tiddy roosevelt • • •Emelia 👸🏻
in reply to tiddy roosevelt • • •I think one thing we've seen is a large number of instances unknown to others, with open registration being used as launch pads for malicious activity.
I'm starting to suggest a blocklist based on:
- not up to date software
- open registration without approvals
- low MAU count
I think those would help in the short-term, but longer term we really need to come to terms with how purely open federation is not the answer & leads to pain.
Alexandra Lanes
Unknown parent • •Full Metal Archaeopteryx likes this.
friendly admin
in reply to tiddy roosevelt • • •Just Boby
Unknown parent • • •Administrator
in reply to tiddy roosevelt • • •I've been on the Fediverse a long time -- I remember mentioning to others that this kind of thing was going to be a problem, I think, *seven* years ago.
I run a small instance, but I've never had open registrations -- it's for family members and some automated bots I program.
It's strange -- Mastodon is made with a "small servers are better!" mindset, but then a lot of the internal administration is designed around *large* instances.
Administrator
in reply to Administrator • • •For an interesting story, read about the actor Wil Wheaton's first experience with Mastodon, years ago. He was one of the first very large Twitter users to abandon Twitter and move to Mastodon.
He was eventually forced off of a server by a very interesting harassment method -- attackers continuously made automated complaints against his account with the server admins.
Michał "rysiek" Woźniak · 🇺🇦
in reply to tiddy roosevelt • • •yeah, this is really bad for small instances.
We need to come up with broader safety nets and support systems for them.
Alexandra Lanes
Unknown parent • •Full Metal Archaeopteryx likes this.
BenjiButo
Unknown parent • • •@neil
Gonna read the docs and see I can start one on my cluster. I heard it uses a lot of memory, that true?
@babe
BenjiButo
Unknown parent • • •Oh that's not a lot. What about hard disk space? Or can I limit caching?
@babe
Bruce Heerssen
Unknown parent • • •It's a problem. One person, or even a small team, can't manually verify 12,000 registrations. So for small instances, this is effectively a denial of service attack on new signups.
Dirk Ritter
in reply to tiddy roosevelt • • •No ressources, so we went for applications and approval and I'm still glad we did, especially after the recent wave. That way, I could even joke about it when the wave hit. No big deal.
¯\_(ツ)_/¯
Dominik
in reply to tiddy roosevelt • • •