Since the beginning of the recent spam attack https://mastodon.social/@Gargron/111953045633249137, I have been monitoring Masto.host and, when possible, taking action to mitigate the effects of this attack.
All actions I made should have minimal impact. Still, in cases where that was not so I have communicated those actions to the admins. So, if you have not received my email, no action was taken on your server.
1/3
Today, I noticed that some accounts started to send spam even on instances that changed the registration mode to require manual validation. This was because the accounts were created when registrations were open but never sent a message, so they were not identified as problematic.
2/3
To find all accounts that may still exist in a similar situation, I will run a script on all instances that should suspend accounts from this attack even if they have not sent any message. This script was tested on several cases, thousands of accounts, and no false positives were found. Once that is done, you can check the moderation action log to see if any accounts on your server were suspended.
To do so a restart be required that will cause around 30 seconds of downtime.
3/3
@fribygda I don't feel like it is.
I am informing admins of this action, I am not destroying any data and admins can see what was done and remove the suspension if they don't like it. If they decide to do that, the accounts will be reverted to the state they were before running this script.
That's milldy better than it initially sounded.
But how do you know if the admins even see your message?
That's one important reason for why you need consent, not just so that they can for whatever reason say no, but so that you have confirmation they even know it happened.
Wait for them to respond and agree. That's what I suggest. It's not really your problem to begin with, it's the server admin's problem. The demarcation line of responsibility, and thereby privacy and soverreignty, must start somewhere.
I'm not even most worried about this situation, but about the precedent for server break-in that it sets.
@fribygda I didn't think that waiting for them one by one to reply or not reply and having accounts on my servers continue to send spam would be the best solution.
Sending spam is not only a usage that I don't want on my infrastructure but it is in fact my problem because if one of my IP gets blocked, multiple instances are affected. It's exactly the same reason your email provider doesn't allow you to send spam and will block your account for doing so.
Then it's better to momentarily take the server down and to let the admin know, than to interfere inside the server without consent.
The fact that you have a history of going into servers to enforce your own moderation rules is appalling and only shows that the problem of provider policing is more severe and that you don't respect your clients on an important point.
@mastohost Okay, but how do you define a spam attack? And are spam attacks the only thing you'll enter our servers to automatically moderate?
What I experience is someone suddenly using a lot power I never thought they'd use, and now I don't know your boundaries anymore. I don't know what could happen or what you could rationalize doing because somebody else pushed you to.
@fribygda I can't provide you of a list of reasons why in the future I might do this or that.
My boundary is what I already told you, being transparent in what I do in Masto.host.
What I thought 7 years ago when I started Masto.host is not valid today, same for last month. The Fediverse is new and nobody has ever had to deal with the challenges that we are facing.
I'm learning daily and doing what I believe is right. I will admit mistakes but don't feel this is the case in this situation.
"My boundary is what I already told you, being transparent in what I do in Masto.host"
That's not a boundary, or if you tried to make it boundary, it is no boundary at all - you may allow yourself anything in the end, and we'll just have to take it.
Because we have no power in the end.
Other than voting with our feet, I suppose.
However, there's also the fact that Masto.host is a big provider. I don't know the numbers, but I've thought that maybe you are the biggest single provider of them all.
This means that your actions may affect the whole fediverse, not just the individual server.
Your actions could shape the fediverse to some extent. Even voting with one's feet may not escape the reach of your power then, as you, like the tech billionaires, have control of our relationships.
that is a good and admirable decision
@fribygda Yes, you have all the power! You own your servers data and are free host it however you like. That is the most power you can have online.
I don't know if what the future brings will make you more or less uncomfortable. I could never imagined last week the amount of work I had to do this week and all that this attack involved. So, I can't say what I might have to do next week.
Masto.host
Fribygdas Natteravn 
