No, not another can of SPAM!
Now that it’s almost the end of February, a lot has happened since the move, and I want to give my thoughts on what happened last weekend. As the image suggests, we had a SPAM wave, perhaps the biggest one.
What Exactly Happened?
It started last Thursday with some dispute over Discord. A few people picked it up: Mina from Makai picked it up at the beginning of the attack, and Cappy Ishara from Fyralabs covered it.
It started with a couple of Misskey instances. Then, on Friday, it spiraled out of control when the Script Kiddies started using Mastodon servers with open registrations, no temporary email rejections and no captcha. I suggest reading the whole article Cappy made for the full explanation. It’s about a Discord dispute between a Discord bot, and a script kiddie troll team called the Arashi Kyoueiken (荒らし共栄圏, lit: Troll Prosperity Sphere).
Either way, we were inundated with SPAM messages, which only targeted users who had their posts federated with Misskey Io (the official Misskey server). We were flooded with reports after I finally arrived for President’s Day weekend in New Jersey. My whole weekend was ruined dealing with this SPAM and the moderators. Thankfully, our servers were not used in part of the attacks because we already blocked the Tor exit nodes the hackers used, disallowed throw-away emails, and enabled some form of captcha.
Of course, I implemented three new moderation tools that some developers came up with. This includes the reject pattern, blur hash reject, and rejecting posts with disabled hashtags. Two of the features (reject pattern and rejecting posts from disabled hashtags) are some of the mod tools we were requesting to get added to Mastodon. The Blurhash reject feature didn’t quite work, so we had to deal with the images of spammers advertising their Discord and cans of SPAM with their invite link.
Yes, I was at my breaking point.
Eventually, it got really tiring. I got frustrated with the flood of reports from Sakurajima Social as the banned words feature didn’t work. The only thing that works is suspending the instances that sent spam (note: Misskey/Akkoma/Sharkey does not remove followers/posts when servers get suspended).
Now that the SPAM situation is under control thanks to proper filtering patterns and all the servers still sending SPAM are suspended, we can sigh relief. However, I’m very frustrated with the Mastodon team as they have done nothing to implement better moderation and Anti-SPAM tools.
They have disabled registrations by default and made it. Hence, registrations require approval if the mods disappear after a few weeks. Still, I feel these are half measures, and there is no excuse for them to take this long to make moderation tools and Anti-SPAM to prevent the problem. This problem already happened three times before with the DM spam. Now, with a SPAM attack on this scale, it really showed how unprepared Mastodon and Misskey/forks are in dealing with the SPAM. The only real winner is Akkoma, with the Message Rewrite Facility, which one can use to reject all the SPAM. However, it didn’t have to be this way.
Either way, While it was a rough few days, Sakurajima made it out quite well and SPAM-free. However, there are still servers dealing with the SPAM, although reduced as there are only around 26 servers still sending SPAM. However, they will eventually go down once their hard drive space becomes exhausted, which will take some time.
With that, I’m actively recruiting moderators for Sakurajima Social to help resolve reports and SPAM when it happens again. It won’t be the last time this will happen. I only need two, and they have to be on that server for at least a month, have no current strikes and be 18 years or older. You can apply by DMing @sakurajima@sakurajima.moe.
Hopefully, next month will be better, and there will be no more spam waves.
The post March 2024 Updates – Spam Wave Aftermath Edition appeared first on Sakurajima.
Continue reading...
