Spammers have been programmatically creating accounts on Mastodon instances for years. Sometimes they post once and never again, sometimes they post on a schedule. Sometimes they never post, like a waiting botnet.

As Mastodon's anti-spam solutions are effectively nonexistent, most instances in our network require manual approval of new accounts. Up until recently, it was easy to spot a spammer; their join reasons were generic.

ChatGPT spammers have now arrived.

#MastoAdmin #FediAdmin #spam

Besides the logic of inspecting username against email, the join reason statement structure and content, etc- are there external tools you use to vet users?

Example: I use arin.net to check the IP address of a prospective user. Is the IP block registered to a datacenter, or an ISP? If it's an ISP, I'll check the origin country against the interface language for a match.

What have y'all had luck with?

#MastoAdmin #FediAdmin #spam

@mawr Here's a cute idea:

Tell them to type a word in quotes. If they fail to do it, they can't read. If they use curly quotes, it's an LLM. Absolutely nobody knows how to type a curly quote, but LLMs love them.

If you're in the habit of typing your text in another application and pasting it, many use typographer's quotes by default.

Also, it's super easy to type curly quotes on Macs. I used to do that on a daily basis for my job.

@bluestarultor @mawr

@EverydayMoggie @mawr Most people aren't going out of their way to do either for a few sentences in a sign-up reason. People don't even bother to capitalize half the time. If it already sounds like ad copy and you see curly quotes, I think your server will survive missing out on the 0.0001% who are that desperate to impress. XD