209
submitted 1 month ago by ardi60@reddthat.com to c/technology@lemmy.ml
all 42 comments
sorted by: hot top controversial new old
[-] Dave@lemmy.nz 114 points 1 month ago

I'm gonna take this opportunity to mention LemmyAutomod, for Lemmy instance admins.

This massive spam attack was unrelenting, but it came in the form of a large number of spam posts that had a small amount of variation. Using the above tool, it really helped to catch most of the spam within seconds or minutes of being posted.

The dev is really helpful, which is good because I needed some hand-holding, but it has been a fantastic tool with this latest spam wave being the first true test of it. When the spammers started posting images of URLs instead of links, the dev added functionality to detect images that were the same or similar to a reference image.

In addition, there's also a Lemmy spam defense Matrix chat set up by Lemmy.world where instance admins post spam accounts so others can ban them on their own instances (and add them to their automod).

[-] Fisch@lemmy.ml 24 points 1 month ago

Tbh this is kinda making me want to spin up a Lemmy instance to try out this tool haha

[-] onlinepersona@programming.dev -3 points 1 month ago* (last edited 1 month ago)

In addition, there’s also a Lemmy spam defense Matrix chat set up by Lemmy.world where instance admins post spam accounts so others can ban them on their own instances (and add them to their automod).

Lemmy doesn't have subscriptions to ban lists? 🤔

CC BY-NC-SA 4.0

[-] Dave@lemmy.nz 8 points 1 month ago

Lemmy doesn't have a lot of things. It's not a finished product, but more like something that was in the process of being built when suddenly tens of thousands of people started using it. They didn't even finish the planned roadmap as they had to pivot to rewrite stuff to handle the influx of users.

[-] neuracnu@lemmy.blahaj.zone 69 points 1 month ago

These are legitimate challenges that activitypub faces. I’m glad that they’re popping up like this so they can be observed, mitigated and planned for in the future.

[-] Pronell@lemmy.world 57 points 1 month ago

So I assume this attack was reported by the perpetrators, as spam on Twitter, Facebook, and Reddit are far far worse problems.

[-] Kbin_space_program@kbin.social 25 points 1 month ago

Kbin, literally haven't seen any spam, seen lots about how the fediverse Admins are taking care of it.

So, thank you mods and admins.

[-] kreynen@kbin.melroy.org 5 points 1 month ago

@Kbin_space_program@kbin.social

@ardi60@reddthat.com This has not been my experience at all. There was/is a lot of spam lingering on KBin long after it was removed from the federated source. I don't know if that's an issue with the removal being done in an unfederated way (bulk deletes at the db level), a sync issue cause by the recent kbin.social outages or just a general federation bug.

My kbin.social account has been @'ed in hundreds of comments and some of the most popular Kbin magazine where Earnest remains the sole moderator were flooded with spam.

Even this morning I tried reporting spam from a kbin.social account only to be told it had already been report... and yet 16 hours later the bot is still posting with this account.

I'm glad you've found kbin.social usable through all this, but the spam is tbere.

[-] independantiste@sh.itjust.works 14 points 1 month ago

On Fosstodon I didn't see a single spam message, the only reason I learned there was a spam attack was through people complaining about it. I guess it comes down to selecting an instance with good moderation

[-] tedu@azorius.net 8 points 1 month ago

The list of accounts mentioned in the spam posts were harvested from the misskey.io timeline, so if you don't have followers there you did not receive any.

[-] autotldr@lemmings.world 12 points 1 month ago

This is the best summary I could come up with:


Over the past several days, attackers have targeted smaller Mastodon servers, taking advantage of open registrations to automate the creation of spam accounts.

While this is not the first spam attack that has impacted the Fediverse, Rochko notes that only larger servers like Mastodon.social had been targeted previously.

What’s different this time is that the spammers targeted the smaller and even abandoned servers offering open registration, allowing the bad actors to quickly create accounts and generate spam.

Because Mastodon’s smaller servers are often hobbyist projects run by enthusiasts they were vulnerable to this sort of attack.

Many servers were simply shut off as their admins decided it would be easiest to wait out the attack or abandon Mastodon altogether.

“At the moment, there are no good built-in tools to handle this, as this is a complex issue — federated networks are not easy!


The original article contains 1,023 words, the summary contains 143 words. Saved 86%. I'm a bot and I'm open source!

[-] Grouchy@lemmy.grouchysysadmin.com 9 points 1 month ago

Mastodon and friends are built as open conduits with very little in the way of safety or permissions. Spam should be expected.

It's not a Fediverse vulnerability. It's a Mastodon vulnerability. Don't want spam? Use a better fediverse technology.

[-] SnotFlickerman@lemmy.blahaj.zone 12 points 1 month ago

Or find a better Server Admin and Server.

[-] guts@lemmy.ml 5 points 1 month ago

Which countries are these spams coming from?

[-] 7heo@lemmy.ml 0 points 1 month ago* (last edited 1 month ago)

RU / CN / KP / IR (strike out what does not apply)

[-] TheAnonymouseJoker@lemmy.ml 1 points 1 month ago

Ah yea never US / CA / UK / DE / FR / IT / AU / NZ, always the same map.

[-] 7heo@lemmy.ml 1 points 1 month ago

Why would the countries that literally can MITM and censor content at the source would ever do spam campaigns? 🤨

At some point, use your brain... As with the freedom of speech, if you don't use it, it will become powerless.

[-] TheAnonymouseJoker@lemmy.ml 1 points 1 month ago

Because it happens? Use your own advice. Western countries do that enough to need to formulate propaganda about "foreign" enemies. Guess who invented telemarketer spam and email spam?

[-] aeharding@lemmy.world 4 points 1 month ago

I haven’t seen any spam ¯\_(ツ)_/¯

[-] WarmSoda@lemm.ee 2 points 1 month ago* (last edited 1 month ago)

Deleted. I dumb.

this post was submitted on 21 Feb 2024
209 points (94.5% liked)

Technology

32951 readers
742 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS