colin mitchell @muffinista@botsin.space

OK, I've switched botsin.space to require approval for new signups. Sorry for any inconvenience! I got tired of deleting right-wing spam accounts.

When I upgraded botsin.space yesterday, I skipped from v2.8.2 to v2.8.4, and totally ignored the fact that there was a database migration in the v2.8.3 release, which basically means that any timelines that had images in them weren't loading properly. Sorry about that!

hello from mastodon v2.8.4?

I've blocked social.librem.one from this instance for now as it appears they've removed the ability to report users [1].

That seems like such a fundamental requirement of large scale federation that I can't really imagine dealing with an instance like that. If they eventually provide a reasonable explanation, or just fix the problem, I'll remove the block.

1) https://source.puri.sm/liberty/smilodon/commit/9cae431902a2c0ce6438c6722a3a901e279c78fc

mastodon 2.8.0?

hello from mastodon v2.8.0!

PSA: I will likely upgrade botsin.space to v2.8 tomorrow if I'm feeling brave.

also, new account signups are still turned off for a little while, i'll reactivate those tonight or tomorrow

i strongly suspect i'm fighting a losing battle here, the only question is who runs out of energy first, me or whoever is running this spam farm

for context, there have been around 250 accounts that signed up in the last month which i've suspended for spam. Something like 175 of those were in the last week. They've sent thousands of spam statuses out. I've slowly ramped up tools to prevent that until this point.

re: datacenters, i pulled a set of 40 unique ip address of spammers. i can identify 35 of them as being in a datacenter. blocking those is an easy choice at that point.

Hi all, I've added some code to botsin.space to help fight spam. the changes are:

1) prevent account signups from datacenters

2) prevent unsolicited statuses (in most cases) to users you don't follow

#1 is going to block many spam accounts, but is also probably going to be an issue for Tor users who want to create an account here. Sorry about that.

#2 should block a bunch of spam, and ideally you shouldn't be sending unsolicited messages anyway.

Hi folks, new account signups are off for a bit while I hammer on some spam prevention

PSA: I wrote some code last night to prevent sending DMs to someone who does not follow you, if a link is included in the status. That's running on botsin.space now. Hopefully it helps with spam issues.

This is the commit: https://github.com/muffinista/mastodon/commit/45b0720bfaf7020385e00028f0929c40a637e679

If it works out, I'll refine it and write a PR for the main repo.

@muffinista@cybre.space testing this https://muffinlabs.com/

just to keep things interesting, while the traffic i'm dealing with comes from OVH, it does not appear to be using Tor

this whole thing sucks and is a huge weak spot in the fediverse right now

I am essentially left with three options:

1) Scan DMs for spam content
2) Block the IP range the content originates from
3) Shut down botsin.space

I will never do #1. I'd rather not do #3. That leaves #2

Meanwhile, I learned that a lot of Tor exit nodes are hosted on OVH. To be frank, your desire to maintain anonymity while viewing bots on the fediverse does not outweigh my needs to be a mentally healthy person. If I can find a way to allow Tor while blocking spam, I will do that, but I am not going to spend a lot of time on it because I don't expect it to be possible. I am truly sorry for any problems that causes. That said...

This is something I've been dealing with for a long time, and knowing that OVH won't do anything about it, I decided to block their netblocks from the botsin.space server.

I did that last night. This morning I removed those blocks, when I realized that a few mastodon instances are on OVH. I don't want to break federation so I'm going to rewrite the block rules to hopefully allow federation while blocking the spam.

As a professional sysadmin, I've been dealing with OVH almost since their inception and for most of that time it has been a source of a disproportionate amount of spam, server attacks, hacking attempts, and so on. What's more, I've experienced what amounts to criminal neglect when attempting to get them to deal with these sorts of issues.