Fediverse

28277 readers

654 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago

MODERATORS

[email protected]

108

Cyberbullying Gone Global: Fediverse Spam and Operation Beleaguer (blog.fyralabs.com)

submitted 8 months ago by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

A really interesting look at the recent spam wave.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 35 points 8 months ago* (last edited 8 months ago) (1 children)

Takeaways

All pulled from the analysis, emphases are mine:

Many Fediverse instances have open sign-ups without proper limits, enabling this to even happen in the first place.
Open registrations should NEVER be enabled on instances without proper protections and monitoring.
It's important to note that this attack doesn't require any novel exploit, just the existence of unmonitored, un-protected instances with open registration. From what we've seen, these are usually smaller instances.
If you must have open registrations on your instance, use the proper anti-spam and anti-bot mechanisms. We also recommend blocking sign-ups using Tor IP addresses and temporary email domains.

[–] [email protected] 13 points 8 months ago (3 children)

hypothetically, what stops a spam group from creating their own instance to register accounts on, or several such? It'd get defederated quickly once the attack got going, sure, but it would take time for this to get done, and in the meantime the spam gets in

[–] [email protected] 10 points 8 months ago

Why use your own resources when you can use someone else's?

[–] [email protected] 7 points 8 months ago

I don't think really anything, it just takes more effort and they'd need to change the domain every time they get blocked. I have seen a few services hosted solely for spam and bad faith practices, though they were Mastodon, Plemora, and Kbin servers, not Lemmy.

[–] [email protected] 7 points 8 months ago

It's probably more expensive and inconvenient.

Also it might only take one report for an active mod team to ban a server. How long can that take? An hour? Less? If they're on servers that real people use, bots have to be banned one by one, so the spam can last a lot longer and reach more people.