A Content Nation indexa toots públicos e os torna pesquisáveis quando alguém digita o @ de um usuário do fediverso.
Não parecem considerar se a pessoa quer o perfil indexado, todos podem ter os toots puxados. Encontrei 1 toot meu e de alguns de seguidores como @ana e @duran.
Eles aceitam pedidos de retirada via GDPR, mas avisam que não vão impedir que o conteúdo seja puxado de novo.
I just noticed a couple of very suspicious applications for a Mastodon account on SDF.
The interesting thing was: the IP address traced back to a block owned by a company named iboss, Inc. I suspect this company is being used to hide the original IP address of the applicant, for nefarious purposes.
Does anyone with experience with iboss can confirm this, or am I just being paranoid?
How do you balance between a wide range of content and massive following (I'm at > 800) and handpicked timeline?
I know there are lists and there are relayServers (I'm operating a #GoToSocial instancen), but I still miss a lot of posts in the flood called timeline.
As #fediadmin I'm still experiencing an annoying wave of spam from bot accounts infiltrating small instances. I can only suspend with the kind help of our community member, but I am not defederating any instance because they may still be legit. Any remediation advice would be appreciated. On my side we are already invite-only, but the spam coming from the federation is becoming annoying.
New version 4.2.8 of #Mastodon has just been released, containing some changes to help contain the current spam wave by making changes to account approval and defaulting to NOT have open registrations anymore. https://github.com/mastodon/mastodon/releases/tag/v4.2.8
The nicest thing about adding active users who are friends like @slade to my server is now I don’t look like a raving lunatic talking to themselves when I check the local feed of my personal mastodon server.
I run a couple of Fediverse servers; on a daily basis the delivery queue can build up as it tries to deliver to non-responsive servers. I need to know if this is a temporary issue, or a longer-term problem spanning many days -- in which case I may stop delivery to the server.
#FediCheck was born. It's simple but useful (to me at least). I'm putting it out in the wild today for others to test.
They are on MastoHost but are raging because their instance will be auto managed under certain circumstances to limit spam.
If they don't care about limiting spam, then why should we all care to stay federated?
Again, they're on MastoHost so the spam problem won't be an issue, but the admin not caring about potentially spreading spam is quite worrying to say the least...
On multiple occasions I've listened to instance admins speak about high S3 costs. The sheer amount of data absolutely balloons the more activity your server sees, I get it.
What I don't get is whether there's some unknown fedi ethical reason everybody insists on setting up an S3 cache (followed immediately by complaining about it).
Y'all want to know what the rest of the web does? Hosts their own uploaded media, and links out to the rest...
Interesting, a site whose admin is a bot. As well as some of the more "prolific" accounts, AND open account registry. Well, that's a quick de-fed. don.neet.co.jp for the #fediadmin folk.
So here's what I've been doing about the spam. I immediately report and block the sender, and if I get a 404 when trying to create the report, this typically means the account has already been deleted on the remote end (good). But if not I then take a look at the instance in question in a new tab.
I look at the version of Mastodon and the user count, if it is an older version vulnerable to security flaws with a low user count, that is a serious strike. I check the profiles directory on the instance looking at that instance only and check recently active and new arrivals, noting if yggwe is there (the spammer may not show up here). If the dates on regular users are quite old since their last post and they are following a handful of people, I suspend the instance, as I have no patience.
However if the site is active, with recent posts from regular users, I send a DM to the admin account. This does take a bit to do all this, but it is worth it. Here's the template I use when contacting the instance:
Hey <@ admin> there is a user/bot on your instance named <xxx> who is sending out a lot of spam. <optional>Additionally there is an account on your system called yqqwe whose presence is a type of "hobo sign" for bot accounts.
After you've deactivated/deleted those accounts, here are steps to prevent spammers:
Log in on your server's website
Go to Preferences
Go to Administration
Go to Server Settings
Click the Registrations tab at the top
In the "Who can sign up" menu select "Approval required for sign-up" (optionally also tick the box for requiring a reason)
Click "Save Changes" button
Spammers can exploit servers with instant signups.
Thanks for being here in the fediverse, and good luck!
I should note that I am doing the initial steps from my "personal" account, often on my phone, and use my admin account on a laptop where I handle the reports. I use the reports to kind of keep track of things, but as stated previously I don't have a lot of patience (from years of administering a mail server and fighting spam). All in all, with a small instance it doesn't take long or too much effort.
Increasing bandwidth usage to the registration page this morning. Same IP, lots of requests per seconds, fail2ban trying to keep up. Guess this round two.
There really needs to be a way for an instance admin to be able to automatically ignore reports from a specific server. Especially when those users have no fucking clue what it is they're reporting.
An account marked as "bot" on an instance made the same report 355 times between 2:18pm CET and 2:31pm CET.
The 355 reports included the same toot (a regular, non-spam, valid tool), for reason "other".
At the peak of the reporting wave, this bot account made 85 reports per minute.
It took me 50 minutes in the /admin/reports web interface to resolve each of them.
I've suspended that instance to prevent further DDoS death by bot fake reports.
I have applied a web filter called Caterpillar because there was too much spam coming into my server in the fediverse, making it difficult to operate normally.
Since then, my server has not been under spam attack. :)
So, quick Linux Mastodon Admin question from a noob...
If I want to cronjob certain tootctl commands to run weekly can I just put them in the crontab with @weekly? I tried using the script from https://ricard.dev/improving-mastodons-disk-usage/ but it doesn't seem to run anymore after the last few Mastodon updates.
When setting up the script originally, I used the traditional way of setting it weekly, but I saw in the crontab that there's a few already in there with @weekly set so I was wondering if I could just set the commands themselves in the crontab like that.
Also, if anyone knows a list of instances that previously had spam in the recent spam attack, and have since fixed it, I'd appreciate a link to the list 😅
Dear #fediadmin / #mastoadmin folks: Does the community have any experience or guidance about incorporating a nonprofit entity to manage a fedi server?
Building a charitable nonprofit to legally hold and maintain a medium-sized, community-serving instance strikes me as a good idea, along the lines of a charity that runs a small public garden. (We have a lot of these, in New York…)
I'm interested to hear any stories or advice folks might have about this!
Several months ago Mastodon created an update that forced spam reports not only to the SOURCE instance admins, but also to the admins of instances that are mentioned or tagged in post.
A horrible decision that has only made running Masto 1000% harder.
:boost_love: Boost if you think groups like @NGIZero@nlnetlabs and others should band together and fund a hard fork of #Mastodon that prioritizes trust and safety, and the needs of #Fediverse admins to protect their users from abuse.
⭐ Favorite if you would support with a little money, too.
Maybe I'm missing the point, but why a fork, instead of implementing these features, and push them upstream? If then the main mastodon maintainer isn't cooperative, you can still easily use your code as a fork. Thats pretty much the same effort, but less drama, and probably a better result, because then all mastodon admins will get these features.