Spam attack on Twitter/X rival Mastodon highlights 'fediverse' vulnerabilities
A spam attack that impacted the open source X rival Mastodon, Misskey and other apps highlights how the decentralized social web, also known as the
Yeah, don't offer open signups, kids.
What exactly is an "open" signup? Is it as opposed to invite only?
There was a conversation the other day on this, but I forget the exact details.
Open sign up is nothing is required to let you sign up.
Closed is obviously invite only/manually must be accepted.
But there's the middle ground that wasn't technically open sign up, where the only requirements are filling out a captcha, and usually email verification.
On feddit.de, when I registered (during the great reddit migration), I had to write a short introduction about myself too. I believe it was read by a moderator and manually accepted, but I'm not sure.
I think open signups allow people to create an account without verification like email. I'm not sure about captchas, those might also count as a kind of verification.
open signups mean you just register via email and password (on mastodon you still have to verify your mail) and you're good to go. On a lot of platforms you have an "approval" mode were admins have to approve each account that wants to register
This seems like a good opportunity to prove the resiliency of the protocol to me.
We will weather this shit.
How visible is this to the average user? Just wondering because I have yet to see any spam at all in my Mastodon feeds. Big thanks to the admins for being on top of it!
I saw a little of it. Then I saw the offending instances quickly banned. Then I saw a comment from the admin that they didn't like having to implement bans of entire instances, but it became a necessity until admin of those offending instances took action.
I dunno, seems like it is working exactly as intended to me.
And it's far better than a monolithic tech giant. Pointing at Mastodon and calling out spam is utterly silly when compared to the amount of spam on large services. This article reads like a hit piece sponsored by Xitter.
I saw zero spam and multiple posts talking about spam.
It's leaking over into Lemmy as well from random instances. Anyone has been browsing All for the last few days has probably seen a couple specific URL-based post titles a few times a day for the last few days.
The spammers are using a limited number of scraped Fediverse actors, which also included a handful of Lemmy communities.
If you weren't part of that list, you were mostly safe.
I get 10-15 spam messages a day
This is the best summary I could come up with:
Over the past several days, attackers have targeted smaller Mastodon servers, taking advantage of open registrations to automate the creation of spam accounts.
While this is not the first spam attack that has impacted the Fediverse, Rochko notes that only larger servers like Mastodon.social had been targeted previously.
What’s different this time is that the spammers targeted the smaller and even abandoned servers offering open registration, allowing the bad actors to quickly create accounts and generate spam.
Because Mastodon’s smaller servers are often hobbyist projects run by enthusiasts they were vulnerable to this sort of attack.
Many servers were simply shut off as their admins decided it would be easiest to wait out the attack or abandon Mastodon altogether.
“At the moment, there are no good built-in tools to handle this, as this is a complex issue — federated networks are not easy!
The original article contains 1,023 words, the summary contains 143 words. Saved 86%. I'm a bot and I'm open source!
I believe pixelfed has a good anti-spam filter, at at least I saw @dansup@pixelfed.social promoting it
To peoplw who hasn't seen any spam next time there is a wave block some of the subs you don't like, disable show read post , enable mark as read on scroll and set sort to all and top hour. I found it buy runjing out of conetent on all top day
here we go time to die and go back to instagram or whatever
