There's a lot of shit flying in the #Fediverse lately and a lot of times perspective seems to get lost. Yes, there are things we need to talk about, and yes there are things we will not agree on. And that's okay.
But leave the pitchforks and torches out of this.
Fedi admins put in the hours and effort and emotion into making fedi happen. Sometimes they make decisions we might not agree with. We should criticize, but we should not pile-on.
To all Fedi Admins Currently Being hit with a Spam Wave:
This kind of spam is now over! Unmute all the instances no longer on my list!
I've just released v4.0.0 of The UNmute List! I'd be very happy about a small donation because I have very little time and I cannot really justify working on this list with my current schedule :mycomputer:
There is a new type of spam, the same instances are affected as before. Those responsible in Japan are said to have been arrested.
Simply import this list and you'll mute the 47 worst spam instances currently known to me! I've worked on it for multiple weeks, sometimes ~9 hours at a time verifying all lists sent to me manually.
Limit first, defederate only in worst situations!
Consider re-federating with and un-silencing any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started.
Ban Spam Accounts via their E-Mail Domain
Block the following E-Mail Domain and whatever temp Mail provider it resolves to: chitthi.in
Just to be safe, block these ones too (same provider)
mailto.plus
fexpost.com
fexbox.org
mailbox.in.ua
any.pink
All our spam accounts came from these E-mails.
Since you probably have some of these accounts sleeping:
https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in there just select all and press “Ban”.
Find Remaining Spammers
I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway:
These spammers seem to be using the TOR Network as all of their IPs are TOR Exit Node IPs, hence an idea (with some collateral damage if executed) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (political refugees, leakers of important documents, etc.) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.
How To Block All Temp E-Mails in the Future
If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:
In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.
Why did this happen?
The real reason hundreds of us spent hours of our days during the spam on mitigating it is the following:
As instance #admin I do NOT want to moderate DMs. The last three spam waves from mastodon.social however were sent as DMs.
I therefore urge @Gargron to make it the default that DMs can only be send between users that have a follow relationship.
The current default is that anyone can send anyone DMs. I consider this to be a loophole that spammers will continue to exploit, causing a lot of extra work for site admins in an area they should keep out of, in the interest of user privacy.
If you're creating custom emoji, remember to fill in the section marked "Shortcode" with a short text description of the emoji. Blind people's screen reader software will be able to read the shortcode aloud so that they can hear what the emoji is.
If the emoji's shortcode includes multiple words, split them up with underscores like_this or CamelCase, so that screen readers will be able to read each word correctly.
One of the sessions yesterday at the #FediForum focused on CSAM, quite a tough topic.
If you host your own instance, even if it's just YOU on that instance, you need to read this and consider taking action to protect yourself and your moderation team.
Kudos to @thisismissem and @iftas for exploring new ways to manage this without scarring moderators for life.
On multiple occasions I've listened to instance admins speak about high S3 costs. The sheer amount of data absolutely balloons the more activity your server sees, I get it.
What I don't get is whether there's some unknown fedi ethical reason everybody insists on setting up an S3 cache (followed immediately by complaining about it).
Y'all want to know what the rest of the web does? Hosts their own uploaded media, and links out to the rest...
The reason I'm suggesting this, is because if you are a small/medium instance with open registrations, and spammers find and abuse your instance, I imagine that other instances will limit/suspend your instance without hesitation, given how willing some were to limit/suspend the much larger mastodon.social.
But do note this comment on the PR:
“To give some context to people seeing this: this is an emergency feature backport from Glitch SOC to help mitigating an ongoing spam wave, this feature may not make it in a next release, or with significative changes.”
Edited to add: multiple people have rightly commented on the accessibility concerns with hCaptcha: hCaptcha is really really really bad for blind and visually impaired people.
Please have a look at this excellent reply for more details:
We, the moderation and administration of tech.lgbt, are signing the Anti-Meta Fedi Pact in fellowship with our peer communities. (https://vantaa.black/pact)
There is over a decade of precedent that Facebook will not have users' best interests as their guiding principle but rather profit margins, if it joins the Fediverse.
We at tech.lgbt have long held the belief that corporation owned instances are a threat to the core of the Fediverse: freedom for users to be themselves and to be a part of their communities. The 2010s saw the loss of online freedom when the majority of the Web was consolidated into a few destinations, and Facebook entering here could lead us back to centralization. Furthermore, NDAs for server admins will constrain our sovereignty online by binding us legally from disrupting their business.
We are not products. We are people, and we do not welcome Facebook in this space.
question for #MastoAdmin#FediAdmin — how IS the money side of things going for y’all? are you paying for it all out of pocket or are your users helping out? is this a hobby (that you invest in) or a side job (that provides some extra pocket money) for you? what are the numbers looking like?
because i see so many articles claiming that it’s impossible to run a social media service and not charge your users or bombard them with ads, but i see preciously few instance admins actually ask for help with costs other than hiding a donation link somewhere you can find it if you go looking. so what’s the truth?
Does anyone have a very detailed and comprehensive guide on how to scale up a Mastodon server?
I'm pretty noobish to Linux but I can follow guides if they have commands and stuff. Though, the only guides I could find were very light on the commands for certain steps.
My Sidekiq has been getting backed up every now and then with thousands of jobs. Of course they eventually clear out but I'd like to just mitigate it by adding more processes or whatever because I'm not even using 50% of my server resources🤷♂️
Any help would be much appreciated.
PS. My server is currently backed up so if you reply to this, I probably won't see it for a bit.😬
Hallo alle Fedi-Admins die Probleme mit Spam haben!
Die Mute-Liste 2.2.2
Ich habe die Spam-Liste aktualisiert und ~104 zusätzliche Instanzen gefunden, die weiterhin spammen! Ich habe, mit viel Hilfe von anderen Fedi Admins, die Instanzen in einer Liste zusammengestellt, die sie stumm schaltet und nicht von ihnen deföderiert!
Ich würde mich sehr über eine kleine Spende hier freuen, da Ich wirklich hart und lange an der Erstellung dieser Liste gearbeitet habe, was Ich angesichts meines aktuellen Zeitplans kaum rechtfertigen kann! Dankeschön!
Es gibt eine neue Art von Spam, die gleichen Instanzen sind betroffen wie vorher. Die Verantwortlichen in Japan sollen verhaftet worden sein.
Ist diese Liste importiert ist ein Großteil des Spams vorbei. Das ganze ist für euch leicht, geht mit einem klick! Zudem wird keinerlei Instanz für immer geblockt, keinerlei Follower etc. zerstört oder deföderiert, sondern nur stummgeschaltet. Das ist sehr leicht umkehrbar.
Ihr könnet diese Liste einfach importieren, indem ihr auf https://yourinstance.tld/admin/export_domain_blocks/new geht und yourinstance.tld durch die Domain derer Instanz ersetzt, von der ihr der Administrator seid!
Alternativ könnt ihr auch auf Einstellungen => Moderation => Föderation => Importieren drücken, um diese Liste zu importieren.
Beachtet, dass zwar alle Instanzen mit einem Klick importiert werden können, dass aber diese Instanzen einzeln entfernt werden müssen, wenn der Spam vorbei ist.
Beachtet auch, dass es nur Sinn ergibt, diese Liste zu importieren und die Spam-Instanzen stumm zu schalten, wenn ihr euren Spam lokal und nachhaltig blockiert habt, wie hier beschrieben.
HIGHLY recommend Fediblock for user '@MKULTRADiamond' as they're tagging random users and spamming porn with no CW. Receipts attached in the screenshot.
Edit: The whole instance is Freeze Peach. Toss it in the trash.
this enables full-text search for posts you haven't interacted with, as well as full-text search for accounts, and includes several advanced filtering operators and parser fixes.
Hi Fediverse admins / devs! I've got a question about instance software.
Up until now, I've been running a fork of glitch-soc that has served me well. Unfortunately, however, I'm starting to run up against some of Mastodon's limitations and the effort to maintain my own fork is just too much. (seriously, fuck Rails and especially Webpacker :blobfoxangry:) I'd like to switch instance software to something with more features out-of-the-box. I'm considering Calckey, but I don't have any experience with it or any other Misskey derivative. The feature set looks great on paper but I'd like to hear from someone who has actually run it (or at least seriously evaluated the software). I'd greatly appreciate any and all input! I'm especially curious about these questions:
The "Fediverse Software Comparison" table has a few mistakes in the Mastodon and glitch-soc columns. They're minor, but it makes me wonder if that table is really trustworthy? The table is based on personal knowledge
FediFetcher is a simple Python script that can help you pull missing responses from other #Fediverse instances into your own #Mastodon instance. It can also backfill profiles of new followers and followings.
It can be run as cron job, container, or even a GitHub action, meaning you don't need any infrastructure at all.
So....I want to migrate from Mastodon to Sharkey. The catch is, I would LIKE to end up back on my current domain....is this possible at all?
I have a domain I could park a Sharkey instance to migrate to, but if I make a new Sharkey instance on my current domain after I shut the Mastodon instance down, will I be able to migrate back with little issue?🤔