• fuckwit_mcbumcrumble@lemmy.world
        link
        fedilink
        English
        arrow-up
        26
        ·
        9 months ago

        There was a conversation the other day on this, but I forget the exact details.

        Open sign up is nothing is required to let you sign up.

        Closed is obviously invite only/manually must be accepted.

        But there’s the middle ground that wasn’t technically open sign up, where the only requirements are filling out a captcha, and usually email verification.

      • PlexSheep@feddit.de
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        9 months ago

        On feddit.de, when I registered (during the great reddit migration), I had to write a short introduction about myself too. I believe it was read by a moderator and manually accepted, but I’m not sure.

        • Scrubbles@poptalk.scrubbles.tech
          link
          fedilink
          English
          arrow-up
          12
          ·
          9 months ago

          That’s how I did it. Ask a question that would be easy for anyone wanting to join, and manually accept. For my instance I never want it so big that I have to automate it anyway.

        • Nath@aussie.zone
          link
          fedilink
          English
          arrow-up
          6
          ·
          9 months ago

          We require an email address and a response to a question on our signups. The response doesn’t need to be more than about 5 words, it’s just to stop bots putting random characters or single words in there.

          So far, it has seemed to ride that balance between low bar of entry and too hard to spam with bot applicants.

          That said, if I wanted to spam the Fediverse, I’d just spin up my own instance of Lemmy or Mastodon.

          • JonEFive@midwest.social
            link
            fedilink
            English
            arrow-up
            7
            ·
            9 months ago

            That said, if I wanted to spam the Fediverse, I’d just spin up my own instance of Lemmy or Mastodon.

            Its actually smarter for spammers to infiltrate populated servers. Admins aren’t going to have a problem defederating from a pure spam instance. They’ll think twice about defederating from an instance with lots of legit users.

            • Skull giver@popplesburger.hilciferous.nl
              link
              fedilink
              English
              arrow-up
              1
              ·
              9 months ago

              From what I can tell, all the spam is originating from Mastodon servers running ancient versions with only one original user that stopped posting a few years ago. There are a lot of Mastodon servers just hanging out there, effectively being free replacements for temporary servers set up for spamming.

              I’ve started defederating from spamming servers because banning accounts doesn’t help. So far it seems to work, but no doubt there will be another wave of spam at some point.

        • neutron@thelemmy.club
          link
          fedilink
          English
          arrow-up
          5
          ·
          9 months ago

          So it’s somewhere between Open-Closed:

          • open signup (no invite required), instant availability
          • open signup (no invite required), manual approval required
          • closed signup (invite required)
      • Setarkus.LW@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        9 months ago

        I think open signups allow people to create an account without verification like email. I’m not sure about captchas, those might also count as a kind of verification.

      • BentiGorlich@gehirneimer.de
        link
        fedilink
        arrow-up
        4
        ·
        9 months ago

        open signups mean you just register via email and password (on mastodon you still have to verify your mail) and you’re good to go. On a lot of platforms you have an “approval” mode were admins have to approve each account that wants to register

  • technomad@slrpnk.net
    link
    fedilink
    English
    arrow-up
    44
    ·
    9 months ago

    This seems like a good opportunity to prove the resiliency of the protocol to me.

    We will weather this shit.

    • bender223@lemmy.today
      link
      fedilink
      English
      arrow-up
      21
      ·
      9 months ago

      Yeah, I mean, dealing with issues like this is still better than being on a corporate monarchy like twitter or fb 🤷‍♂️

      • Scrubbles@poptalk.scrubbles.tech
        link
        fedilink
        English
        arrow-up
        14
        ·
        9 months ago

        I remember at it’s worst spam being every third post on insta and FB.

        And by spam I mean ads.

        And by at it’s worst I mean so far.

        So I’m still very happy with the switch

        • strawberrysocial@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          9 months ago

          I haven’t had a FB account in years, but a friend has been on it for nearly 2 decades. They said there’s no longer any posts from people on their Friends lists, it’s become nearly all ads/spam as they scroll.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      The protocol isn’t designed to defend against these threats. It does, however, provide the tools to authenticate both the sender and the sender’s server, so Fediverse servers can set up their own spam filter policies relatively securely.

      Unfortunately, very few Fediverse projects seem to have paid any attention to spam filters.

  • donio@lemmy.world
    link
    fedilink
    English
    arrow-up
    34
    ·
    9 months ago

    How visible is this to the average user? Just wondering because I have yet to see any spam at all in my Mastodon feeds. Big thanks to the admins for being on top of it!

    • JonEFive@midwest.social
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      9 months ago

      I saw a little of it. Then I saw the offending instances quickly banned. Then I saw a comment from the admin that they didn’t like having to implement bans of entire instances, but it became a necessity until admin of those offending instances took action.

      I dunno, seems like it is working exactly as intended to me.

      And it’s far better than a monolithic tech giant. Pointing at Mastodon and calling out spam is utterly silly when compared to the amount of spam on large services. This article reads like a hit piece sponsored by Xitter.

      • remotelove@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        It’s leaking over into Lemmy as well from random instances. Anyone has been browsing All for the last few days has probably seen a couple specific URL-based post titles a few times a day for the last few days.

    • Kayn@dormi.zone
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      The spammers are using a limited number of scraped Fediverse actors, which also included a handful of Lemmy communities.

      If you weren’t part of that list, you were mostly safe.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    14
    ·
    9 months ago

    This is the best summary I could come up with:


    Over the past several days, attackers have targeted smaller Mastodon servers, taking advantage of open registrations to automate the creation of spam accounts.

    While this is not the first spam attack that has impacted the Fediverse, Rochko notes that only larger servers like Mastodon.social had been targeted previously.

    What’s different this time is that the spammers targeted the smaller and even abandoned servers offering open registration, allowing the bad actors to quickly create accounts and generate spam.

    Because Mastodon’s smaller servers are often hobbyist projects run by enthusiasts they were vulnerable to this sort of attack.

    Many servers were simply shut off as their admins decided it would be easiest to wait out the attack or abandon Mastodon altogether.

    “At the moment, there are no good built-in tools to handle this, as this is a complex issue — federated networks are not easy!


    The original article contains 1,023 words, the summary contains 143 words. Saved 86%. I’m a bot and I’m open source!

    • Uhrbaan@feddit.ch
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      I believe pixelfed has a good anti-spam filter, at at least I saw @dansup@pixelfed.social promoting it

  • THE MASTERMIND@feddit.ch
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    To peoplw who hasn’t seen any spam next time there is a wave block some of the subs you don’t like, disable show read post , enable mark as read on scroll and set sort to all and top hour. I found it buy runjing out of conetent on all top day