Yeah, don't offer open signups, kids.
Fediverse
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
What exactly is an "open" signup? Is it as opposed to invite only?
There was a conversation the other day on this, but I forget the exact details.
Open sign up is nothing is required to let you sign up.
Closed is obviously invite only/manually must be accepted.
But there's the middle ground that wasn't technically open sign up, where the only requirements are filling out a captcha, and usually email verification.
Ah, I see. Thank you, Sir Fuckwit McBumCrumble. 👍
On feddit.de, when I registered (during the great reddit migration), I had to write a short introduction about myself too. I believe it was read by a moderator and manually accepted, but I'm not sure.
That's how I did it. Ask a question that would be easy for anyone wanting to join, and manually accept. For my instance I never want it so big that I have to automate it anyway.
We require an email address and a response to a question on our signups. The response doesn't need to be more than about 5 words, it's just to stop bots putting random characters or single words in there.
So far, it has seemed to ride that balance between low bar of entry and too hard to spam with bot applicants.
That said, if I wanted to spam the Fediverse, I'd just spin up my own instance of Lemmy or Mastodon.
That said, if I wanted to spam the Fediverse, I'd just spin up my own instance of Lemmy or Mastodon.
Its actually smarter for spammers to infiltrate populated servers. Admins aren't going to have a problem defederating from a pure spam instance. They'll think twice about defederating from an instance with lots of legit users.
So it's somewhere between Open-Closed:
- open signup (no invite required), instant availability
- open signup (no invite required), manual approval required
- closed signup (invite required)
I think open signups allow people to create an account without verification like email. I'm not sure about captchas, those might also count as a kind of verification.
open signups mean you just register via email and password (on mastodon you still have to verify your mail) and you're good to go. On a lot of platforms you have an "approval" mode were admins have to approve each account that wants to register
This seems like a good opportunity to prove the resiliency of the protocol to me.
We will weather this shit.
Yeah, I mean, dealing with issues like this is still better than being on a corporate monarchy like twitter or fb 🤷♂️
I remember at it's worst spam being every third post on insta and FB.
And by spam I mean ads.
And by at it's worst I mean so far.
So I'm still very happy with the switch
I haven't had a FB account in years, but a friend has been on it for nearly 2 decades. They said there's no longer any posts from people on their Friends lists, it's become nearly all ads/spam as they scroll.
How visible is this to the average user? Just wondering because I have yet to see any spam at all in my Mastodon feeds. Big thanks to the admins for being on top of it!
I saw a little of it. Then I saw the offending instances quickly banned. Then I saw a comment from the admin that they didn't like having to implement bans of entire instances, but it became a necessity until admin of those offending instances took action.
I dunno, seems like it is working exactly as intended to me.
And it's far better than a monolithic tech giant. Pointing at Mastodon and calling out spam is utterly silly when compared to the amount of spam on large services. This article reads like a hit piece sponsored by Xitter.
I saw zero spam and multiple posts talking about spam.
It's leaking over into Lemmy as well from random instances. Anyone has been browsing All for the last few days has probably seen a couple specific URL-based post titles a few times a day for the last few days.
The spammers are using a limited number of scraped Fediverse actors, which also included a handful of Lemmy communities.
If you weren't part of that list, you were mostly safe.
I get 10-15 spam messages a day
This is the best summary I could come up with:
Over the past several days, attackers have targeted smaller Mastodon servers, taking advantage of open registrations to automate the creation of spam accounts.
While this is not the first spam attack that has impacted the Fediverse, Rochko notes that only larger servers like Mastodon.social had been targeted previously.
What’s different this time is that the spammers targeted the smaller and even abandoned servers offering open registration, allowing the bad actors to quickly create accounts and generate spam.
Because Mastodon’s smaller servers are often hobbyist projects run by enthusiasts they were vulnerable to this sort of attack.
Many servers were simply shut off as their admins decided it would be easiest to wait out the attack or abandon Mastodon altogether.
“At the moment, there are no good built-in tools to handle this, as this is a complex issue — federated networks are not easy!
The original article contains 1,023 words, the summary contains 143 words. Saved 86%. I'm a bot and I'm open source!
I believe pixelfed has a good anti-spam filter, at at least I saw @dansup@pixelfed.social promoting it
To peoplw who hasn't seen any spam next time there is a wave block some of the subs you don't like, disable show read post , enable mark as read on scroll and set sort to all and top hour. I found it buy runjing out of conetent on all top day
here we go time to die and go back to instagram or whatever