Since the beginning of the recent spam attack https://mastodon.social/@Gargron/111953045633249137, I have been monitoring Masto.host and, when possible, taking action to mitigate the effects of this attack.
All actions I made should have minimal impact. Still, in cases where that was not so I have communicated those actions to the admins. So, if you have not received my email, no action was taken on your server.
1/3
Today, I noticed that some accounts started to send spam even on instances that changed the registration mode to require manual validation. This was because the accounts were created when registrations were open but never sent a message, so they were not identified as problematic.
2/3
To find all accounts that may still exist in a similar situation, I will run a script on all instances that should suspend accounts from this attack even if they have not sent any message. This script was tested on several cases, thousands of accounts, and no false positives were found. Once that is done, you can check the moderation action log to see if any accounts on your server were suspended.
To do so a restart be required that will cause around 30 seconds of downtime.
3/3
Masto.host
hybrid havoc