Spamhammer blocks all fake support spam
Today’s version of Spamhammer blocks 100% of this wave of “Mastodon Support Team” and “verify your account” spam.
I’ve also moved it off GitHub and to a self-hosted Forgejo server.
Today’s version of Spamhammer blocks 100% of this wave of “Mastodon Support Team” and “verify your account” spam.
I’ve also moved it off GitHub and to a self-hosted Forgejo server.
Summary: Mastodon has few tools for automatedly fighting spam and abuse so I gave up and made one.
We’ve been swamped with a flood of spam for the last few days. Some loser is creating hundreds or thousands of accounts on undermoderated servers and pestering the whole fediverse with junk. Mastodon itself provides no mechanism for admins to reject statuses that contain certain strings, even though many people have begged for this over the years. And while I could learn enough Ruby on Rails to implement such a feature myself, I’m not confident that it would be accepted into the main project and I don’t want to maintain a fork.
This updates my last blog post where I said that we’re getting a flood of spambots. Summary: if you’re an admin affected by this, you must act now.
I’ll cut to the chase. It seems that this week’s collection of spammer registrations come from Russia. I think that the spam they’re sending today is a probe to see who will respond to it. My prediction is that instances who don’t act quickly will see those accounts stop posting and drawing attention to themselves. In a few months, say nearing the American mid-term elections, they’ll wake up and start steering the inevitable political conversations in directions that we, the instance admins, had not intended. By that time it will be too late to easily root them out because their numbers will have exploded during the time we were looking the other way and hoping the problem will go away.
Admins of Mastodon:
I’ve deleted four bot accounts that were spamming movie streaming links, with captions like:
Not on my instance. You might want to keep a lookout, too.
One of my users complained that they received spam from @mastodon_user_matching@2.distsn.org, whose timeline currently looks like:
It turns out this whole instance is screaming with spam red flags:
I conclude that this instance is specifically deployed to allow and assist spamming, and as such, I’m suspending the 2.distsn.org domain effective immediately.