To all Fedi Admins Currently Being hit with a Spam Wave:
This kind of spam is now over! Unmute all the instances no longer on my list!
I've just released v4.0.0 of The UNmute List! I'd be very happy about a small donation because I have very little time and I cannot really justify working on this list with my current schedule :mycomputer:
There is a new type of spam, the same instances are affected as before. Those responsible in Japan are said to have been arrested.
Simply import this list and you'll mute the 47 worst spam instances currently known to me! I've worked on it for multiple weeks, sometimes ~9 hours at a time verifying all lists sent to me manually.
Limit first, defederate only in worst situations!
Consider re-federating with and un-silencing any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started.
Ban Spam Accounts via their E-Mail Domain
Block the following E-Mail Domain and whatever temp Mail provider it resolves to: chitthi.in
Just to be safe, block these ones too (same provider)
mailto.plus
fexpost.com
fexbox.org
mailbox.in.ua
any.pink
All our spam accounts came from these E-mails.
Since you probably have some of these accounts sleeping:
https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in there just select all and press “Ban”.
Find Remaining Spammers
I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway:
These spammers seem to be using the TOR Network as all of their IPs are TOR Exit Node IPs, hence an idea (with some collateral damage if executed) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (political refugees, leakers of important documents, etc.) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.
How To Block All Temp E-Mails in the Future
If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:
In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.
Why did this happen?
The real reason hundreds of us spent hours of our days during the spam on mitigating it is the following:
Well, that didn't take long. Though threads.net is not yet federating with the wider fediverse, they are currently home to several hate groups such as Libs of Tik Tok and their ilk. We will not federate with any instance that knowingly chooses to house hate speech, so a full defederation of threads.net has been made by blahaj.zone
The reason I'm suggesting this, is because if you are a small/medium instance with open registrations, and spammers find and abuse your instance, I imagine that other instances will limit/suspend your instance without hesitation, given how willing some were to limit/suspend the much larger mastodon.social.
But do note this comment on the PR:
“To give some context to people seeing this: this is an emergency feature backport from Glitch SOC to help mitigating an ongoing spam wave, this feature may not make it in a next release, or with significative changes.”
Edited to add: multiple people have rightly commented on the accessibility concerns with hCaptcha: hCaptcha is really really really bad for blind and visually impaired people.
Please have a look at this excellent reply for more details:
If you run a Mastodon server, especially if it's small and only lightly moderated, I would STRONGLY suggest enabling 'Approval required for sign up'. It means that your server is MUCH less likely to become the next source of spam in this wave we're seeing.
Yet another question people are asking me: "How can I, a common person, help hasten the demise of #Meta through #ActivityPub?"
Again, I want to re-emphasize this. #Fediblock is not an all-purpose tool. It's useful as a hammer. But in this scenario, we don't just need a hammer. We need drills, pliers, saws, and blowtorches.
That said, we must protect communities that choose to defederate from Meta. Which means that if those servers don't want to receive messages from any Meta-owned services, we must not only be respectful of that, we should make damn sure that those servers are quarantined from Meta. So much of the success of fighting Meta will require safe spaces from Meta.
The next thing we need is lots and lots of nodes. Currently, we only have ~25,000 nodes on the Fediverse but we need more. Preferably, these nodes should be small, agile, and well-moderated. If you have the finances and/or skill to run a node, it's important that you do so. To compete with Meta, we need to build scale -- and the easiest way to build scale is by adding more nodes to the Fediverse.
What will also be key is lobby servers. These will be servers specifically set up for migrants from Meta-owned services to help onboard them towards the rest of the Fediverse. To run such a lobby server, they need to be welcoming, moderated well, and free of the elitists and gatekeepers that poison so much of the Fediverse currently.
How to get people from Meta to try out the rest of the Fediverse? We need people willing to be ambassadors on #P92 who are ready and willing to evangelize the rest of the Fediverse. Folks like @tchambers are very good at this on Twitter, and I have no doubt that we can do the same with P92. Except this time we'll have the benefit of federation already happening 😉
Now if there's one thing I've learned about the growth of the Fediverse it's that bad corporate decisions pay dividends. We've already experienced waves of migration from Tumblr, Twitter, and Reddit. And I have no doubt that it's only a matter of time before Meta makes another corporate mistake -- as they tend to do.
In which case, we need to strike fast. When another Cambridge Analytica happens, we need to remind everyone on Meta about the lobby servers that are on standby, and ready to take them on. Unlike previous migrations, let's not be unprepared for this. Let's be especially prepared since Meta plans to join the Fediverse.
Finally, we need more devs. Specifically, we need devs willing to build innovative server and client software that takes aim at Meta. And to do that, we need to support the devs that currently exist -- show evergreen devs pondering whether they should invest here that we, as a community, are appreciative of our current devs.
If you like #Mastodon, #Calckey, #Kbin, #Friendica, etc., it's important that you open up your hearts as well as your wallets and fund the next stage of Fediverse development.
This will take a lot of work. But if you want to fight Meta, challenge their dominance of social media, this is what must be done.
Personally, I'm hyped about the future of the Fediverse -- regardless of whether Meta eventually lives to tell the tale.
#FediBlock snarfed.org and brid.gy for bridging fediverse folks to Bluesky against their will (and in likely contravention of GDPR in the EU) with typical Silicon Valley techbro sense of entitlement:
“[O]pt in results in far fewer users, and users are critical for a bridge to be useful.”¹
In case you needed yet another reason to block newsie.social, and every other site that Jeff runs, newsie.social has now decided that platforming far-right hate is appropriate:
Can't stay quiet about this as much as I don't like namedropping or any kind of blaming even when there is a reason. But there is this one Mastodon admin who refuses to take any responsibility of his server. He literally said on other social site: "I'm not doing anything about it, just writing this comment is too much trouble for that shit."
I confonted him and said: "So you want to give free server capacity to criminals and spammers. Because quite a few vulnerabilities have come out since 4.1.4. So you want to let the spambots continue their work in peace? Good luck with that 🫡"
He answered "Yes" and blocked me. This is disturbing to say the least. Don't know how to react.
Embrace: what they are doing now, launch a competing but compatible service with that of Mastodon. The vast majority of users, most of whom don't care about the privacy and intimacy of the Mastodon network will go with the brand with the most name recognition.
Extend: attract users to their centralized network with features like search, which they have the resources to do but the rest of the Mastodon network does not. But also include features for tracking and advertising, sell this as a good thing, "a better place to grow your perasonal brand, your business."
Extinguish: after attracting a critical mass of users large enough to decimate the user base of the competing Mastodon network, queitly remove compatibility with the Mastodon network, this will effect only 10% of Mastodon users because the other 90% will be on Threads. "Who cares if we lose contact with that tiny minority of old Mastodon users, they should have just joined Threads by now anyways, they still can. It has search, and more people voted for it with their patronage it, and you don't have to think about what instance to join, its easier!"
Enshittification: without any real competition to keep people from leaving for an alternative, start exploiting users for more and more content for ad revenue, exploit advertisers with ever-increasing costs of ad revenue.
They are scared to death about losing control over the Internet that they had gained over the past 15 years or so, and they are fighting to take that control back for themselves. We built this, but now a corporation like Meta/Facebook feels they have the right to exploit it for all its riches until it is destroyed.
Don't let it happen. #Fediblock is the only way to protect our home-grown community from corporate take-over.
Blocking detroiriotcity.com for hate speech and lack of moderation.
PartyOn is a proudly Black run mastodon instance. We don't tolerate hate speech, and we're continuing to build tools to rapidly resolve these types of reports. Another one goes into the training dataset.
You can tip our mod team below, it helps keep the lights on and pisses off the racist.
We have suspended access to the account associated with Newsmax, a far-right disinformation outlet from the US, and have limited (silenced) the 'newsie.social' instance as a whole for platforming such nonsense, including the rejection of all media from that instance.
If you are a news outlet, we strongly recommend that you move to your own instance, as others, including The Markup and the Texas Observer, have already done.
Dick Morrell @cloudguy she wasn't attacking minorities It was intolerance that caused reaction and a demonstration by many of an inability to deal with the reality of life She didn't do anything for anyone to react to The only thing that happened was a bandwagon arrived for folk to demonstrate vocal intolerance and lack of community perspective Starting with those inane enough to block her
#OpenAI IP block ranges if you want to block them from your instance and scraping your content. I saw Mastodon devs added something to block #GPTBot via robots.txt a few days ago. Here are the IP ranges:
Admin announcement:
As of today, this instance blocks known domains associated with Meta's #project92, in accordance with the anti-Meta Fedi Pact (https://fedipact.online/)
In effect, this instance does not federate with the domains threads.net or threads.instagram.com. Further associated domains will be blocked, if discovered.
We are not personally against the users of Project 92, we are against Meta. We will not be giving them a chance. Their work is a threat to the Fediverse, as it has been a threat to other social spaces and open communities for years prior. They are not welcome in our homes.
Here's a list of #iptables and #ip6tables commands for admins can copy and paste into their #Fediverse server's command line to bulk-block all packets to and from IPv4 and IPv6 addresses owned by #Meta:
https://datakra.sh/assets/lizard.txt (the 2,024 domains listed here have been found to use either of 26 IPv4 addresses, which I have updated the list on my Google drive with.)
Hallo alle Fedi-Admins die Probleme mit Spam haben!
Die Mute-Liste 2.2.2
Ich habe die Spam-Liste aktualisiert und ~104 zusätzliche Instanzen gefunden, die weiterhin spammen! Ich habe, mit viel Hilfe von anderen Fedi Admins, die Instanzen in einer Liste zusammengestellt, die sie stumm schaltet und nicht von ihnen deföderiert!
Ich würde mich sehr über eine kleine Spende hier freuen, da Ich wirklich hart und lange an der Erstellung dieser Liste gearbeitet habe, was Ich angesichts meines aktuellen Zeitplans kaum rechtfertigen kann! Dankeschön!
Es gibt eine neue Art von Spam, die gleichen Instanzen sind betroffen wie vorher. Die Verantwortlichen in Japan sollen verhaftet worden sein.
Ist diese Liste importiert ist ein Großteil des Spams vorbei. Das ganze ist für euch leicht, geht mit einem klick! Zudem wird keinerlei Instanz für immer geblockt, keinerlei Follower etc. zerstört oder deföderiert, sondern nur stummgeschaltet. Das ist sehr leicht umkehrbar.
Ihr könnet diese Liste einfach importieren, indem ihr auf https://yourinstance.tld/admin/export_domain_blocks/new geht und yourinstance.tld durch die Domain derer Instanz ersetzt, von der ihr der Administrator seid!
Alternativ könnt ihr auch auf Einstellungen => Moderation => Föderation => Importieren drücken, um diese Liste zu importieren.
Beachtet, dass zwar alle Instanzen mit einem Klick importiert werden können, dass aber diese Instanzen einzeln entfernt werden müssen, wenn der Spam vorbei ist.
Beachtet auch, dass es nur Sinn ergibt, diese Liste zu importieren und die Spam-Instanzen stumm zu schalten, wenn ihr euren Spam lokal und nachhaltig blockiert habt, wie hier beschrieben.
Hello all Fedi Admins who have problems with spam!
The Mute List 2.2.2
I have been updating the spam list and found ~104 additional instances that continued spamming! I, with lots of help of other Fedi Admins, have compiled the instances into a list which mutes them, and does not defederate from them!
I'd highly appreciate a small donation here as I've worked really hard and long on creating this, which given my current schedule I can hardly justify! Thanks!
There is a new type of spam, the same instances are affected as before. Those responsible in Japan are said to have been arrested.
Once this list is imported, most of the spam is gone. The whole thing is easy for you, with just one click! In addition, no instance is blocked forever, no followers etc. are destroyed or unfollowed, only muted.
You can simply import this list by going to https://yourinstance.tld/admin/export_domain_blocks/new and replacing yourinstance.tld with the domain of the instance you are the administrator of!
Alternatively, you can also click on Settings => Moderation => Federation => Import to import this list.
Note that although all instances can be imported with one click, these instances must be removed individually when the spam is over.
Also note that it only makes sense to import this list and mute the spam instances if you have blocked your spam locally and permanently, as described here.