clonedhuman8h ago
stux⚡️

Oof. A massive spam attack just now on mstdn.social

A few thousand signups all accounts starting with "SAAR_"

I STRONGLY recommend admins to BLOCK this name from signing up 🚨

8:06pmWeb
Show threadstux⚡️11h ago

This goes on for a while..

All suspended and signups closed

Show threadstux⚡️10h ago

It seems email domains are reused, here are some to block:

reevalmail.com
bientotmail.com
sabesmail.com
bonjourfmail.com

Show threadStéphanie10h ago
@stux @andrew Flagging!
Show threadAndrew Dunham10h ago
@stephanie @stux Thanks! Added ✅
Show threadRetro Cozy!10h ago
@stux @Oregon_Pacifist Here's something you may want to see.
Show threadJimmothy Baggins10h ago
@stux Don’t forget whitehouse.gov
Show threadRichie Rich9h ago
@64bithero @stux or @ theRealDonaldTrump
Show threadstux⚡️9h ago

@RichieRich @64bithero Or this sucker his site

https://jdvance.com/

OH WAIT 😆

JD Vance for U.S. Senate

JD Vance: Conservative Outsider Running for U.S. Senate in Ohio.

JD Vance for Senate Inc.
Show threadRichie Rich7h ago
@stux @64bithero Aaah, malware! This is awful. 😆
Show threadDB Schwein10h ago

@stux

Yikes.

Hey @trumpet, in case you're seeing any of this.

Show threadCaesarNK 𒄷10h ago
@deirdrebeth @stux @trumpet I thought mas.to was invite only?
Show threadDB Schwein10h ago

@cnk @stux @trumpet

Ah right! That does tend to solve these types of issues 🙂

Show threadstux⚡️10h ago

@deirdrebeth @cnk @trumpet ish 😉

If they manage to get an unlimited invite you're still oof if that's not blocked

Keep an eye out

Show threadCaesarNK 𒄷10h ago
@stux @deirdrebeth @trumpet good point
Show threadstux⚡️10h ago

@cnk @deirdrebeth @trumpet For now these 4 email domains seems to be it, plus the "SAAR_" in the username

It was a bad bot but super duper mega fast..

Show threadMïkê 💚 👑🐉🗡️🏳️‍⚧️5h ago
@stux @admin
Show threadAdmin Jerry5h ago

@mikelovesbikes @stux
Thank you both for bringing this to my attention.

I blocked sign-ups that begin with SAAR_ and I've blocked the 4 email domains.

Show threadAmy Maybe11h ago
@stux gross
Show threadstaringatclouds10h ago
@stux Thank you ❤️
Show threadBuage10h ago
@stux That's crazy..
Show threadFaraiwe11h ago
@stux 😬
Show threadJames 🌈💜11h ago
@stux Soundvoice's new AI? Or someone exploiting it to fuel spam.
Show threadBill11h ago
@stux You can do that? With a partial string match like that? Zesty.
Show threadstux⚡️10h ago
@Sempf Yup, "equals" or "contains"
Show threadBill10h ago
@stux Wow! Neat feature for an open source project. Me likey.
Show threadHeliograph10h ago
@stux @xrobau 🔥👆
Show threadKierkethumbs up convincingly10h ago
@stux spambots as a resource
Show threadFrank Heijkamp10h ago
@stux At least those are easy to block. Very odd.
Show threadGustavo10h ago
@alterelefant @stux Exactly. I wonder if there is something we are missing. Maybe there is something else going on.
Show threadjarinks10h ago
@stux they seem to originate from Asia
Show threadjarinks10h ago
@stux
Show threadTrebach10h ago
@stux cc @mdallastella in case anyone has tried to apply for an account consistent with this behavior
Show threadstux⚡️10h ago

@trebach @mdallastella They also send massive amounts of applies, still costing money for all mails  

Be careful

I've turned off signups completely now

Show threadAngua 10h ago
@stux

​ ​​ ​​ ​

Well done.

So sad so many ... individuals of dubious origin ... try to exploit & ruin things for everyone.
Show threadFallsMom 🌻10h ago

@stux

I'm glad to be under the stux umbrella!

Show threadstux⚡️10h ago
@FallsMom 
Show threadFallsMom 🌻10h ago

@stux

I made an annual donation back in Feb via Patreon, hope you received it!

Show threadstux⚡️10h ago
@FallsMom Thank you ❤️ it means a lot  Amazing to see we can build something wonderful together!
Show threadFallsMom 🌻10h ago
@stux 
Show threadCarlos Solís10h ago
@stux From what I gather, they were spamming invites to a Discord room with the code "krebble" - they were trying to DDOS #KrebsOnSecurity, and I think they also doxxed one of their members.
Show threadjarinks9h ago
@csolisr @stux pretty bad opsec for them to not use any vpns nor proxies doing that
Show threadCarlos Solís8h ago
They explicitly boasted about having thousands of domains and millions of residential IPs at their disposal. Being very public about it was part of their advertisement strategy
Show threadKris The Red Panda9h ago
@stux blocked a couple of those accounts already, got fed up with them continuously following me back after repeated attempts at removing them from my follower list.
Show threadClaire, The Ultimate Worrier9h ago
@stux @sakurajima
Show threadKSHernandez ♊(she/her/they)8h ago
@stux I've heard that instance is always under some kind of attack... is that true?
Show threadstux⚡️6h ago

@kshernandez Haha no ♥️😸 I can know since I own it!

I keep an close eye but since we are one of the bigger instances we often are a target if something happens

Show threadKSHernandez ♊(she/her/they)6h ago
@stux Ah! Yes, then you would know. lol :)
Show threadKSHernandez ♊(she/her/they)5h ago
@stux Are you ok with me dm'ing you about something?
Show threadSpaceLifeForm8h ago

@stux

The attackers will just change the prefix.

Show threadLisPi3h ago
@stux One has to wonder why they so conveniently make it stand out.
Show threadnicolaottomano2h ago
@stux
@amministratore @devol