✨Soff✨ Mawr Jul 11

Spammers have been programmatically creating accounts on Mastodon instances for years. Sometimes they post once and never again, sometimes they post on a schedule. Sometimes they never post, like a waiting botnet.

As Mastodon's anti-spam solutions are effectively nonexistent, most instances in our network require manual approval of new accounts. Up until recently, it was easy to spot a spammer; their join reasons were generic.

ChatGPT spammers have now arrived.

#MastoAdmin #FediAdmin #spam

Show thread✨Soff✨ Mawr Jul 11

Besides the logic of inspecting username against email, the join reason statement structure and content, etc- are there external tools you use to vet users?

Example: I use arin.net to check the IP address of a prospective user. Is the IP block registered to a datacenter, or an ISP? If it's an ISP, I'll check the origin country against the interface language for a match.

What have y'all had luck with?

#MastoAdmin #FediAdmin #spam

Show threadcraftxboxJul 11
@mawr I am finding that these spambots (we just got two of them) are using residential IP ranges
Show thread✨Soff✨ Mawr 
@craftxbox I've seen that as well, for quite some time now. I suspect a malware botnet of some kind
Jul 11 at 8:39pmWeb