gunchleoc,
@gunchleoc@mastodon.scot avatar

Script to identify abandoned versions of Mastodon and create a blocklist for manual upload: https://codeberg.org/GunChleoc/mastodon-scripts/src/branch/main/old_versions

I have some ideas for extra features, but this should do if you're still being hit by the current spam wave.

gunchleoc,
@gunchleoc@mastodon.scot avatar

I have added the most popular Fediverse software to the sample config. Firefish versioning needs a custom regex 😬

Anything that's older than ca. 1-3 months gets silenced by this config, and versions that are ca. 1 year or older get suspended.

The script will demote any suspend to silence if the server knows about a follow relationship.

The current sample config will block around 4000 outdated servers 😱

gunchleoc,
@gunchleoc@mastodon.scot avatar

Does anybody know which versions of glitch.social are patched? Does it follow the same pattern as vanilla mastodon?

michael,
@michael@thms.uk avatar

@gunchleoc thing with glitch is that manual patching appears to be quite common.

I know several admins that are running very outdated versions of glitch, but have cherry picked the security patches.

michael,
@michael@thms.uk avatar

@gunchleoc aside from that glitch doesn’t usually do versions at all…

gunchleoc,
@gunchleoc@mastodon.scot avatar

@michael Thanks!

I'll keep it excluded from the list for now.

michael,
@michael@thms.uk avatar

@gunchleoc good to know I don’t need to update anymore then 🤪

jay,
@jay@toot.zerojay.com avatar

@gunchleoc My current version of glitchsoc: v4.3.0-alpha.3+glitch.0225_25ac55e

shanie,
@shanie@tails.ch avatar

@gunchleoc 1-3 months behind on patching gets silenced?

Like I know this is FireFish, but I assume it’ll affect mastodon too, where 4.2.7, which is the last major security patch, was Feb 16 which is almost 1 month ago.

If you’re setting it to one month you’re getting pretty close to “current version” as 4.2.8 only does important things if you’re a new instance.

Just my opinion, but rooted in something sensible I think, that you set that more to three months than one month.

gunchleoc,
@gunchleoc@mastodon.scot avatar

@shanie It's a manual configuration, so I'll never go automatically by date. For software that gets updates less often, I am definitely giving more time.

I should actually silence anything that doesn't have the latest security patch yet, but I'm giving people more time to be fair. Most of us are volunteers after all.

I also found out that Yunhost is behind on some stuff, so I pushed the dates further back for those.

Here's the current configuration I'm using: https://codeberg.org/GunChleoc/mastodon-scripts/src/branch/main/old_versions/config.sample.toml

m0bi13,
@m0bi13@pol.social avatar

@gunchleoc

cc

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • mdbf
  • DreamBathrooms
  • cisconetworking
  • magazineikmin
  • InstantRegret
  • everett
  • thenastyranch
  • Youngstown
  • rosin
  • slotface
  • khanakhh
  • Durango
  • kavyap
  • ethstaker
  • megavids
  • anitta
  • modclub
  • osvaldo12
  • normalnudes
  • ngwrru68w68
  • GTA5RPClips
  • tacticalgear
  • provamag3
  • tester
  • Leos
  • cubers
  • JUstTest
  • lostlight
  • All magazines
    •