SPAM Wave Update - November 4th

spamjahy-1024x564.jpg
Ah s**t! Here we go again.
In the second time in a month, the same troll group has decided to SPAM the Fediverse around midnight last night. This time, the troll group used QR codes. You shouldn't scan the QR code, but decoding it leads to a Discord link to a familar Japanese trolling group, called the Arashi Kyoueiken (荒らし共栄圏, lit: Troll Prosperity Sphere). It started around midnight at 12 AM EST, which affected about 18 servers, about 6 servers are still sending SPAM. Most of the servers that are sending SPAM are limited with media rejected on our Mastodon and temporarily suspended on Sakurajima Social (suspensions do not break relations, unless the button is pressed to do so).

This is happening because of abandoned instances, and some active instances, that didn't block temporary emails, which are ripe for abuse. Now that Misskey started implementing the registration kill switch if an admin/mod is not seen for 7 days, it will turn off registrations.

Thankfully, in 6 hours after the SPAM attacks happened, there is a solution, at least for Mastodon to deal with rejecting posts with QR code that will be implemented soon.


Update: Reject Patterns for QR patterns are now implemented, and it will reject all the QR codes that contain the URL shortner used in the QR code.

This should be a wakeup call that simply having a registration kill switch is not enough, but there needs to be more tools to deal with SPAM. Enough kicking the can down the road.
 
Last edited:
I thought that the script kiddies were punished...
Thanks for the hard work moderating this wave
 
I thought that the script kiddies were punished...
Thanks for the hard work moderating this wave

Sadly no, but this one is a bit harder to deal with. Misskey doesn’t have a solution yet to check QR code contents, but at least there is a solution made today for Mastodon, so I guess that made the job easier on that side.
 
Sadly no, but this one is a bit harder to deal with. Misskey doesn’t have a solution yet to check QR code contents, but at least there is a solution made today for Mastodon, so I guess that made the job easier on that side.
Hope devs start working in anti spam features soon
 
Top