• Handles
    link
    fedilink
    English
    4910 months ago

    Yeah, don’t offer open signups, kids.

    • Victor
      link
      fedilink
      English
      1310 months ago

      What exactly is an “open” signup? Is it as opposed to invite only?

      • @fuckwit_mcbumcrumble@lemmy.world
        link
        fedilink
        English
        2710 months ago

        There was a conversation the other day on this, but I forget the exact details.

        Open sign up is nothing is required to let you sign up.

        Closed is obviously invite only/manually must be accepted.

        But there’s the middle ground that wasn’t technically open sign up, where the only requirements are filling out a captcha, and usually email verification.

        • Victor
          link
          fedilink
          English
          710 months ago

          Ah, I see. Thank you, Sir Fuckwit McBumCrumble. 👍

      • @PlexSheep@feddit.de
        link
        fedilink
        English
        8
        edit-2
        10 months ago

        On feddit.de, when I registered (during the great reddit migration), I had to write a short introduction about myself too. I believe it was read by a moderator and manually accepted, but I’m not sure.

        • Scrubbles
          link
          fedilink
          English
          1210 months ago

          That’s how I did it. Ask a question that would be easy for anyone wanting to join, and manually accept. For my instance I never want it so big that I have to automate it anyway.

        • @Nath@aussie.zone
          link
          fedilink
          English
          610 months ago

          We require an email address and a response to a question on our signups. The response doesn’t need to be more than about 5 words, it’s just to stop bots putting random characters or single words in there.

          So far, it has seemed to ride that balance between low bar of entry and too hard to spam with bot applicants.

          That said, if I wanted to spam the Fediverse, I’d just spin up my own instance of Lemmy or Mastodon.

          • @JonEFive@midwest.social
            link
            fedilink
            English
            710 months ago

            That said, if I wanted to spam the Fediverse, I’d just spin up my own instance of Lemmy or Mastodon.

            Its actually smarter for spammers to infiltrate populated servers. Admins aren’t going to have a problem defederating from a pure spam instance. They’ll think twice about defederating from an instance with lots of legit users.

        • @neutron@thelemmy.club
          link
          fedilink
          English
          510 months ago

          So it’s somewhere between Open-Closed:

          • open signup (no invite required), instant availability
          • open signup (no invite required), manual approval required
          • closed signup (invite required)
      • Setarkus.LW
        link
        fedilink
        English
        710 months ago

        I think open signups allow people to create an account without verification like email. I’m not sure about captchas, those might also count as a kind of verification.

      • BentiGorlich
        link
        fedilink
        410 months ago

        open signups mean you just register via email and password (on mastodon you still have to verify your mail) and you’re good to go. On a lot of platforms you have an “approval” mode were admins have to approve each account that wants to register

  • @technomad@slrpnk.net
    link
    fedilink
    English
    4510 months ago

    This seems like a good opportunity to prove the resiliency of the protocol to me.

    We will weather this shit.

    • @bender223@lemmy.today
      link
      fedilink
      English
      2110 months ago

      Yeah, I mean, dealing with issues like this is still better than being on a corporate monarchy like twitter or fb 🤷‍♂️

      • Scrubbles
        link
        fedilink
        English
        1310 months ago

        I remember at it’s worst spam being every third post on insta and FB.

        And by spam I mean ads.

        And by at it’s worst I mean so far.

        So I’m still very happy with the switch

        • @strawberrysocial@lemmy.world
          link
          fedilink
          English
          610 months ago

          I haven’t had a FB account in years, but a friend has been on it for nearly 2 decades. They said there’s no longer any posts from people on their Friends lists, it’s become nearly all ads/spam as they scroll.

  • @donio@lemmy.world
    link
    fedilink
    English
    3410 months ago

    How visible is this to the average user? Just wondering because I have yet to see any spam at all in my Mastodon feeds. Big thanks to the admins for being on top of it!

      • @remotelove@lemmy.ca
        link
        fedilink
        English
        310 months ago

        It’s leaking over into Lemmy as well from random instances. Anyone has been browsing All for the last few days has probably seen a couple specific URL-based post titles a few times a day for the last few days.

    • @JonEFive@midwest.social
      link
      fedilink
      English
      11
      edit-2
      10 months ago

      I saw a little of it. Then I saw the offending instances quickly banned. Then I saw a comment from the admin that they didn’t like having to implement bans of entire instances, but it became a necessity until admin of those offending instances took action.

      I dunno, seems like it is working exactly as intended to me.

      And it’s far better than a monolithic tech giant. Pointing at Mastodon and calling out spam is utterly silly when compared to the amount of spam on large services. This article reads like a hit piece sponsored by Xitter.

    • Kayn
      link
      fedilink
      English
      210 months ago

      The spammers are using a limited number of scraped Fediverse actors, which also included a handful of Lemmy communities.

      If you weren’t part of that list, you were mostly safe.

  • AutoTL;DRB
    link
    English
    1310 months ago

    This is the best summary I could come up with:


    Over the past several days, attackers have targeted smaller Mastodon servers, taking advantage of open registrations to automate the creation of spam accounts.

    While this is not the first spam attack that has impacted the Fediverse, Rochko notes that only larger servers like Mastodon.social had been targeted previously.

    What’s different this time is that the spammers targeted the smaller and even abandoned servers offering open registration, allowing the bad actors to quickly create accounts and generate spam.

    Because Mastodon’s smaller servers are often hobbyist projects run by enthusiasts they were vulnerable to this sort of attack.

    Many servers were simply shut off as their admins decided it would be easiest to wait out the attack or abandon Mastodon altogether.

    “At the moment, there are no good built-in tools to handle this, as this is a complex issue — federated networks are not easy!


    The original article contains 1,023 words, the summary contains 143 words. Saved 86%. I’m a bot and I’m open source!

    • Uhrbaan
      link
      fedilink
      English
      210 months ago

      I believe pixelfed has a good anti-spam filter, at at least I saw @dansup@pixelfed.social promoting it

  • THE MASTERMIND
    link
    fedilink
    English
    310 months ago

    To peoplw who hasn’t seen any spam next time there is a wave block some of the subs you don’t like, disable show read post , enable mark as read on scroll and set sort to all and top hour. I found it buy runjing out of conetent on all top day