Renaud ChaputOct 17, 2024

I would encourage every Fediverse software project to implement a “dead-man switch" on registrations: if nobody with moderator permissions has been active in the last week, then disable new account creation.

The Fediverse has a significant number of abandoned instances that are used by bad actors to create accounts and send spam.

We implemented this in Mastodon (https://github.com/mastodon/mastodon/pull/29318) and it has been highly effective.

Automatically switch from open to approved registrations in absence of moderators by ClearlyClaire · Pull Request #29318 · mastodon/mastodon

This is not meant to replace #29280, but supplement it to avoid unmonitored servers keeping open registrations indefinitely. Automatically switch away from open registrations if no user with the pe...

GitHub
Show threadScandinavian ⁂ Architect
@renchap abandoned instances are, well, abandoned, so there’s a big chance they won’t be updated, isn’t it?
Oct 17, 2024 at 9:41pmWeb
Show threadEndlessMasonOct 17, 2024

It's just a matter of waiting for somebody to find a decent vuln in old versions, and they'll kinda "take care of themselves"

@Seth @renchap

Show threadGunChleocOct 18, 2024

@EndlessMason @Seth @renchap It does help with instances that will be abandoned in the future.

We can't fix the past, so I have written a script to silence or block outdated software versions: https://codeberg.org/GunChleoc/mastodon-scripts/src/branch/main/blocklists

mastodon-scripts

Useful scripts for Mastodon moderation/administration

Codeberg.org
Show threadScandinavian ⁂ ArchitectOct 18, 2024

@gunchleoc oh, this is nice!

@EndlessMason @renchap

Show threadAndromeda YeltonOct 18, 2024
@Seth @renchap but not-yet-abandoned instances are not-yet-abandoned
Show threadScandinavian ⁂ ArchitectOct 18, 2024

@thatandromeda @renchap sure.

Anyway I don’t understand how people can “forget” they have an instance. If I were paying for a server and domain name I wasn’t using I’d totally delete it. Or at least give the keys to the room to someone else.

Show threadThéotimeOct 18, 2024
@thatandromeda @renchap @[email protected] I can imagine someone having a server with a Fedi instance + something else they use more
Show threadfox (witch (prey) )Oct 18, 2024

@Seth @thatandromeda @renchap

There's forgetting sure, but maybe more likely I'll health being taken away, a crisis that means they can't focus on their instance. Or just getting bogged down with all the bullshit around moderating an instance and taking an unplanned mh break that goes on too long... I can see a lot of reasons someone wouldn't be available.

Show threadSchwarzeLockeOct 19, 2024
@Seth back in the day I had a TeamSpeak server running on my web server. I used it less and less and at some point completely forgot about it. A year or two later, when I was preparing a hardware change, I noticed it was still running and it was in use as a primary server of a clan I never heard of.
Show threadScandinavian ⁂ ArchitectOct 20, 2024

@SchwarzeLocke oh yeah someone also mentioned this situation when you have a service installed on a server you still use for something else. Didn’t think of that when I posted my previous post !

Everyone’s on Discord now, but I miss Mumble ^^ (even lighter than teamspeak if I recall correctly)