83
Erik Uden 🦣🍑:coffefied: (@ErikUden@mastodon.de)
mastodon.de# To all Fedi Admins currently being hit with a spam wave:
***Limit these instances:***
[[Full List of Affected Instances Here](https://github.com/Mastodon-DE/blocklists/blob/main/spam/2024-02-15/2024-02-15-spam-mute-list.md)]
Just get the list to download and import [here](https://github.com/Mastodon-DE/blocklists/blob/main/spam/2024-02-15/2024-02-15-spam-domain_mutes-erik-uden.csv).
Simply import this list and you'll mute the 63 worst spam instances currently known to me! I've worked on it since today 11 AM (*9 hours*) verifying all lists sent to me manually.
Limit first, defederate only in worst situations!
**Reconsider re-federating with any of the mentioned instances once the spam is mitigated.** The admins of some of these may have just been asleep when this all started.
## Ban Spam Accounts via their E-Mail Domain **Block the following E-Mail Domain** and whatever temp Mail provider it resolves to: `chitthi.in` Just to be safe, block these ones too (*same provider*) - `mailto.plus` - `fexpost.com` - `fexbox.org` - `mailbox.in.ua` - `any.pink` All our spam accounts came from these E-mails. Since you probably have some of these accounts sleeping: `https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in` there just select all and press “Ban”. ## Find Remaining Spammers I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway: https://mamot.fr/@vincib/111946701929274350
## IP Bans and TOR These spammers seem to be using the **TOR Network** as all of their IPs are TOR Exit Node IPs, hence an idea (*with some collateral damage if executed*) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (*political refugees, leakers of important documents, etc.*) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.
## How To Block All Temp E-Mails in the Future *If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:* - **[Here is the list of all Temp email providers](https://github.com/disposable-email-domains/disposable-email-domains/)** (*there are both blocklist and allowlist*) - **[Here how to install it in Mastodon](https://codeberg.org/stvo/mastodon-ansible-nodocker#disposable-mail-blocking)** - **[The script that automatically pulls the list via Cronjob and imports it into Mastodon](https://codeberg.org/stvo/mastodon-ansible-nodocker/src/branch/main/playbooks/no_disposable_mail.yml)** - **[Script template](https://codeberg.org/stvo/mastodon-ansible-nodocker/src/branch/main/playbooks/templates/home/mastodon/addmaildomains.sh.j2)** Because of this, [hessen.social, for example, was not affected by the spam attack](https://darmstadt.social/@stvo/111940755074991980)! They had already banned the email domain the spammers used ages ago. In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.
## Why did this happen? We're probably all looking for answers as to why this spam wave happened to begin with. As much as I do not want to believe this was the real reason hundreds of us spent hours of our day today on mitigating this issue, here is a real explanation on why this spam wave came to be: **Part 1:** https://fedi.fyralabs.com/notes/9psdqurvye **Part 2:** https://fedi.fyralabs.com/notes/9psnooe6p1 **Part 3:** https://fedi.fyralabs.com/notes/9pth6oh3xr As noted, @cappy@fedi.fyralabs.com is working on a full exposé regarding the origin of the February 16th Spam Attacks. I'm patiently awaiting their work's publishing! **Good luck, everyone!** Thanks for participating in the Fediverse Experiment! #FediBlock #FediAdmin
## Ban Spam Accounts via their E-Mail Domain **Block the following E-Mail Domain** and whatever temp Mail provider it resolves to: `chitthi.in` Just to be safe, block these ones too (*same provider*) - `mailto.plus` - `fexpost.com` - `fexbox.org` - `mailbox.in.ua` - `any.pink` All our spam accounts came from these E-mails. Since you probably have some of these accounts sleeping: `https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in` there just select all and press “Ban”. ## Find Remaining Spammers I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway: https://mamot.fr/@vincib/111946701929274350
## IP Bans and TOR These spammers seem to be using the **TOR Network** as all of their IPs are TOR Exit Node IPs, hence an idea (*with some collateral damage if executed*) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (*political refugees, leakers of important documents, etc.*) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.
## How To Block All Temp E-Mails in the Future *If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:* - **[Here is the list of all Temp email providers](https://github.com/disposable-email-domains/disposable-email-domains/)** (*there are both blocklist and allowlist*) - **[Here how to install it in Mastodon](https://codeberg.org/stvo/mastodon-ansible-nodocker#disposable-mail-blocking)** - **[The script that automatically pulls the list via Cronjob and imports it into Mastodon](https://codeberg.org/stvo/mastodon-ansible-nodocker/src/branch/main/playbooks/no_disposable_mail.yml)** - **[Script template](https://codeberg.org/stvo/mastodon-ansible-nodocker/src/branch/main/playbooks/templates/home/mastodon/addmaildomains.sh.j2)** Because of this, [hessen.social, for example, was not affected by the spam attack](https://darmstadt.social/@stvo/111940755074991980)! They had already banned the email domain the spammers used ages ago. In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.
## Why did this happen? We're probably all looking for answers as to why this spam wave happened to begin with. As much as I do not want to believe this was the real reason hundreds of us spent hours of our day today on mitigating this issue, here is a real explanation on why this spam wave came to be: **Part 1:** https://fedi.fyralabs.com/notes/9psdqurvye **Part 2:** https://fedi.fyralabs.com/notes/9psnooe6p1 **Part 3:** https://fedi.fyralabs.com/notes/9pth6oh3xr As noted, @cappy@fedi.fyralabs.com is working on a full exposé regarding the origin of the February 16th Spam Attacks. I'm patiently awaiting their work's publishing! **Good luck, everyone!** Thanks for participating in the Fediverse Experiment! #FediBlock #FediAdmin
It’s mostly about mastodon, but spammers also have hit Lemmy communities. This mastodon post contains solutions to mitigate the wave for admins, and also link to the origin of the thread. Turns out they’re japanese kids from discord.
There’s an issue with spammer using temp email for this, perhaps if lemmy allow email filtering it would be easier.
Edit: also, that’s some juicy investigation. Tq to everyone who make fediverse nice!