Is anyone else getting traffic from 216.106.86.232 ?
I will open a report with the ISP
=======================
I'm putting this under #FediBlock because I've noticed that since 12 PM EDT yesterday (30-Apr-2024), API requests coming in from 216.106.86.232 have been returning 500 errors constantly from my server. No other 500 errors were being returned.
I blocked the IP at the Cloudflare firewall and now the 500 errors have stopped. There were more than 93K 500 return codes in total until now!
I have no idea what the requests are, and it's too late at night to do more research, but I'm passing this along to other Admins as a warning and to see if anyone else is seeing similar behavior.
@Gargron
Here's what I see in Cloudflare for the last one hour before blocking the IP address. Notice all the requests returning 500 are from this single IP. There are no page views. It's all API requests. And 500 errors stopped after I blocked it.
Is anyone else getting traffic from 216.106.86.232 ?
I will open a report with the ISP
=======================
I'm putting this under #FediBlock because I've noticed that since 12 PM EDT yesterday (30-Apr-2024), API requests coming in from 216.106.86.232 have been returning 500 errors constantly from my server. No other 500 errors were being returned.
I blocked the IP at the Cloudflare firewall and now the 500 errors have stopped. There were more than 93K 500 return codes in total until now!
I have no idea what the requests are, and it's too late at night to do more research, but I'm passing this along to other Admins as a warning and to see if anyone else is seeing similar behavior.
Here's what I see in Cloudflare for the last one hour before blocking the IP address. Notice all the requests returning 500 are from this single IP. There are no page views. It's all API requests. And 500 errors stopped after I blocked it.
Admins, is there some reason you have decided to ignore reports about your Holocaust-denying users? Surely five days is enough time, and surely suspension is the only reasonable response.
あなたがあなたのホロコーストを否定するユーザーのレポートを無視することを決めた理由はありますか? 確かに5日間は応答を期待するのに十分な時間です。
@jackyan They’ve created a new instance: mastodom.deepspace.cafe.
Absolutelyhar.am and mastodon.social have already nuked them. I’ve reported them to paktodon.asia, and put up a #fediblock post (that folks will most likely ignore since I’m a nobody 🤣).
To all Fedi Admins Currently Being hit with a Spam Wave:
This kind of spam is now over! Unmute all the instances no longer on my list!
I've just released v4.0.0 of The UNmute List! I'd be very happy about a small donation because I have very little time and I cannot really justify working on this list with my current schedule :mycomputer:
There is a new type of spam, the same instances are affected as before. Those responsible in Japan are said to have been arrested.
Simply import this list and you'll mute the 47 worst spam instances currently known to me! I've worked on it for multiple weeks, sometimes ~9 hours at a time verifying all lists sent to me manually.
Limit first, defederate only in worst situations!
Consider re-federating with and un-silencing any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started.
Ban Spam Accounts via their E-Mail Domain
Block the following E-Mail Domain and whatever temp Mail provider it resolves to: chitthi.in
Just to be safe, block these ones too (same provider)
mailto.plus
fexpost.com
fexbox.org
mailbox.in.ua
any.pink
All our spam accounts came from these E-mails.
Since you probably have some of these accounts sleeping:
https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in there just select all and press “Ban”.
Find Remaining Spammers
I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway:
These spammers seem to be using the TOR Network as all of their IPs are TOR Exit Node IPs, hence an idea (with some collateral damage if executed) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (political refugees, leakers of important documents, etc.) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.
How To Block All Temp E-Mails in the Future
If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:
In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.
Why did this happen?
The real reason hundreds of us spent hours of our days during the spam on mitigating it is the following:
We have suspended peertube.biz and comics.peertube.biz today. After receiving a report about one of their users, we took a look at the instances and found them hosting neonazi content all the way up to reuploads of Trump staffers' videos, as well as racist, queerphobic, and antifeminist content.
I recommend that admins #Fediblockbofh.social and queerfedi.net. The admin of both servers is, in this post, calling for ethnic cleansing against Jews in the [edit for clarity: historic] Palestine (called Israelis because of the supposed state most of them have the right to hold a passport from).
Nós, comunidade da Ayom no Fediverso, estamos vindo a público anunciar o bloqueio (#fediblock) da
instância de Mastodon Clube Social (clube.social).
A instância está sendo bloqueada por ferir os princípios da Ayom, que se coloca
explicitamente como uma comunidade de esquerda, anti-fascista e defensora dos
direitos humanos. Os motivos estão delimitados e descritos extensivamente no seguinte link: https://cloud.ayom.dev/s/d9TSK8Lx9SsMS3M
Consideramos as provas mostradas no arquivo sinais de que o administrador da Clube
Social na verdade procura vigiar grupos de esquerda no Fediverso, ou aproximar
deles para se infiltrar.
Instâncias amigas da Ayom já haviam denunciado os acontecimentos em 2022 e chamado pelo #fediblock.
Estamos vindo a público em 2024, portanto, para atualizar e reforçar o incentivo de fediblock da clube.social, que não é compatível com boas relações fraternas no Fediverso,
seja a parte dele brasileira ou não.
First, I gave villagers the ability to spew absolutely horseshit takes for you to disagree with
But if you disagree with a villager that's higher on the oppression totem pole than you, you get a #fediblock, which is like a normal block except that it can only get engagement by being an internet hall monitor"
Ihr lieben Tröten, ihr wisst, ich bin äußerst zurückhaltend, was das Blockieren oder Melden bekloppter Pappnasen hier angeht & konter lieber mit nem blöden Spruch.
Doch bitte meldet diesen rechten Hetzer, der unter Posts von @auschwitzmuseum Nazi-Lügen verbreitet!
Mich macht es wahnsinnig wütend, dass die Opfer des Holocausts von dieser Person noch einmal posthum verhöhnt & verspottet werden!!!
I've a big whish. Please add the possibility to follow a single person from another instance (which is potentially blocked by my instance), via the timeline feature.
It's possible to follow a complete Mastodon instance with #fedilab, but it would be nice to follow only a single account (like @potus), because following @threads.net makes no sense (for me).