I would like to congrat all the fuckers who DM me for using fediblock wrong one time since i didn't know the fucking #FediblockMeta existed, great way to communicate guys clearly.
Not even 5 minutes between op and edit but guess that enough to attack another #fediadmin
EDIT: I will start deferating instances at this point, FFS
someone on a Japanese hacker forum decided it was a good idea to spam the entire Fediverse because they wanted to cancel a minor that DDoSed a Discord bot which apparently made them lost millions (what?)
A Discord bot. I can't make this shit up man.
The real culprit seems to be someone who goes by mumei in the ctkpaarr.org forums, whose first post was literally a threat to ap12, that if they don't delete their "Kuroneko Server" Discord bot, they will spam every blog, forum and SNS and cancel him.
This shit is ridiculous.
The ap12 account from mastodon-japan was actually fake, and this dude impersonated a minor to get all of the Fediverse (us) to bully him.
Today's attack proved that the Fediverse is unfortunate pretty vulnerable even to just a skid (or maybe OP who warned the skid).
The cause of the attack includes:
insufficient moderation on some servers allowing mass account creation.
no good methods to filter out even just a keyword for an entire instance.
Even though most of us survived the first wave, we have to prepare for the second and future ones:
Servers should enable the equivalent feature in their software that enables moderators to check if an account is ok first before letting them post anything.
Mastodon, Misskey and major software should implement a regex filter that ignores posts from any instances.
To all Fedi Admins Currently Being hit with a Spam Wave:
This kind of spam is now over! Unmute all the instances no longer on my list!
I've just released v4.0.0 of The UNmute List! I'd be very happy about a small donation because I have very little time and I cannot really justify working on this list with my current schedule :mycomputer:
There is a new type of spam, the same instances are affected as before. Those responsible in Japan are said to have been arrested.
Simply import this list and you'll mute the 47 worst spam instances currently known to me! I've worked on it for multiple weeks, sometimes ~9 hours at a time verifying all lists sent to me manually.
Limit first, defederate only in worst situations!
Consider re-federating with and un-silencing any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started.
Ban Spam Accounts via their E-Mail Domain
Block the following E-Mail Domain and whatever temp Mail provider it resolves to: chitthi.in
Just to be safe, block these ones too (same provider)
mailto.plus
fexpost.com
fexbox.org
mailbox.in.ua
any.pink
All our spam accounts came from these E-mails.
Since you probably have some of these accounts sleeping:
https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in there just select all and press “Ban”.
Find Remaining Spammers
I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway:
These spammers seem to be using the TOR Network as all of their IPs are TOR Exit Node IPs, hence an idea (with some collateral damage if executed) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (political refugees, leakers of important documents, etc.) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.
How To Block All Temp E-Mails in the Future
If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:
In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.
Why did this happen?
The real reason hundreds of us spent hours of our days during the spam on mitigating it is the following:
There's currently an incident involving some kind of Japanese skids who call themselves the "Kuroneko" organization.
They seem to be attempting to commit DDoS attacks on Misskey servers, constantly creating new accounts on compromised instances and spamming advertisements for their hacking services.
Admins who are federating with these compromised servers, while they might not get compromised themselves, may be affected by the sheer amount of traffic volume from their spam.
Admins are advised to #fediblock or temporarily stop sending requests to affected servers for now, if they don't want to get secondhand DoS'd
IMO I never expected them to be Japanese out of all things, kinda funny. They also host VOICEROID and VOICEVOX TTS bots on their Discord apparently. Kinda a weird flex I guess.
#fediadmins are advised to temporarily disable sign-ups for now, or implement some anti-spam measure to limit signups to not get spammed.
Currently they are targeting #misskey and #mastodon, but other #activitypub servers may soon be targeted.
Zu hülf! Wer kennt sich aus? Ich habe eine Datenbank die gehört zu einer php Anwendung (pixelfed) wie finde ich im code raus wo welche Dinge gespeichert werden (alt text zu Bildern)?
Mein Problem: Der Alt-Text wird nach 191 chars abgeschnitten, und ich vermute die colum in der pasenden table hat einfach das falsche Datenformat und das will ich ändern. #mariadb#pixelfed#fediadmin
If you have previously blocked px.mathias777.com, it seems as though the admin has been made aware of the disengenuous activity emanating from their instance and is taking out the trash.
As of this writing, the cute_doggo account remains with the 19k+ accounts that they've followed. However, the admin has attempted to contact them to no avail so far. The admin posted directly on the cute_doggo account giving them one last chance to act and remove the follows. I've attached that post as an image below
If the cute_doggo removes the follows or is banned by tomorrow, I see no reason to keep the instance blocked as the admin has made seemingly stopped the offending activity.
Just thought I'd be kind and make a post, considering the Fedi admins who have blocked the instance, won't see any posts he's made regarding the issue.
Thanks for reading and if you don't mind, please boost for reach. Thanks.
I know it's been a long time since I tagged a new version of FediFetcher, but it's time to do so again:
I just released version 7.0.3. This is mostly a maintenance release fixing a number of bugs, but we also introduce support for the Iceshrimp fork of Misskey.
Please check the release notes for full details including update instructions:
I think this is actually the first release where I haven't contributed any code myself. A huge thank you to the amazing contributors @toadking, @root, @zotan, @jonas, @jaytay, and IhoBas (sorry, I don't know your fedi handle)