Today’s version of Spamhammer blocks 100% of this wave of “Mastodon Support Team” and “verify your account” spam.

I’ve also moved it off GitHub and to a self-hosted Forgejo server.

Summary: Mastodon has few tools for automatedly fighting spam and abuse so I gave up and made one.

We’ve been swamped with a flood of spam for the last few days. Some loser is creating hundreds or thousands of accounts on undermoderated servers and pestering the whole fediverse with junk. Mastodon itself provides no mechanism for admins to reject statuses that contain certain strings, even though many people have begged for this over the years. And while I could learn enough Ruby on Rails to implement such a feature myself, I’m not confident that it would be accepted into the main project and I don’t want to maintain a fork.

This updates my last blog post where I said that we’re getting a flood of spambots. Summary: if you’re an admin affected by this, you must act now.

I’ll cut to the chase. It seems that this week’s collection of spammer registrations come from Russia. I think that the spam they’re sending today is a probe to see who will respond to it. My prediction is that instances who don’t act quickly will see those accounts stop posting and drawing attention to themselves. In a few months, say nearing the American mid-term elections, they’ll wake up and start steering the inevitable political conversations in directions that we, the instance admins, had not intended. By that time it will be too late to easily root them out because their numbers will have exploded during the time we were looking the other way and hoping the problem will go away.

Admins of Mastodon:

I’ve deleted four bot accounts that were spamming movie streaming links, with captions like:

• Tickling Giants Film Gomovies Super Streaming keine Anmeldung putlockers
• Kostenloser Stream Attack on Titan Season 3 tamilisch Ganzer Film Youtube Ohne Anmeldung Sonnenfilme
• Movie The Insanity of God Film complet 720px pas de login Youtube putlockers
• Movie Stream Little Shop of Horrors: The Director’s Cut 123movies Without Signing Up Watch Here putlockers in Hindi
• En el Septimo Dia (On the Seventh Day) Regarder gratuitement double audio en hindi gostream gomovies pas d’inscription

Not on my instance. You might want to keep a lookout, too.

One of my users complained that they received spam from @mastodon_user_matching@2.distsn.org, whose timeline currently looks like:

It turns out this whole instance is screaming with spam red flags:

• It doesn’t verify email addresses¹,
• The site that the spambot is advertising, MastodonUserMatching.tk, is a redirect to vinayaka.distsn.org (which is on the same domain as the Mastodon instance²), and
• The bot’s source has the same name (“vinayaka”) as the subdomain it’s spamming ads for.

I conclude that this instance is specifically deployed to allow and assist spamming, and as such, I’m suspending the 2.distsn.org domain effective immediately.