Mud (@Mud@kolektiva.social)
Content warning:pro-Russian bot campaign, continued [this is about a bot on our own instance]
It is really getting annoying. Even approval of registrations is not bot-proof anymore.
We ask during signup future users to describe themselves briefly. These texts are often really heartwarming. And until recently they were quite helpful to weed out bots. Not so easy anymore, it seems:
On June 1st, @Dikor requested an account:
"Interested in joining to connect with others and follow discussions. Known for a messenger bag aesthetic and work in Kuwait as Hotel Manager"
ok, not the most meaningful text, but also not immediately worthy of a reject. The request was granted.
ok, the email domain "@pulse25k.io.vn" is not the most common one, but not few of our users prefer remaining anonymous, which is understandable.
@Dikor was programmed to post during 10 days rather innocuous gibberish.
And then, yesterday, they started posting anti-Ukrainian propaganda in Spanish (Spain and Greece are particularly frequently targeted, it seems. The people behind the bots might have made an analysis about susceptibility of their propaganda).
I have frozen the account to leave it for a few days as an example for all of us to spot patterns. We'll suspend it soon.
It is interesting that, until now, the only large-scale bot campaigns trying to influence public opinion were or Russia- or Israel-adjacent.
The people from @iftas are doing some important structural support to tackle this bot campaign and helped us to spot several bots (important to note that there were also false positives, so each suggestion needs to be carefully revised). Anyway, thank you folks!
Disclaimer: it is important to note that not everybody who criticizes Ukraine is a bot or a pro-Russian troll. There is a lot of valid criticism about the actions of the Ukrainian government and NATO geopolitics are not to create peace but to project power. And not everything is as we are told our media. But we don't want cheap talking points shoved into our faces by coordinated bot campaigns. It's a bit of a bummer, really.
#Fediblock #FediAdmin #RussianSpambot #RussianBot #DisinformationCampaign #Disinformation
Show Original Post
ij (@ij@nerdculture.de)
Apropos fedisocial.de!
Das hier sind übrigens die zwei #n8n Workflows fuer die Registrierung...
... und da kommen noch einige Dinge dazu in der naechsten Zeit!
Show Original Post
Overgoddess (@Overgoddess@bardicperspiration.club)
As the Speakeasy discusses opening membership to more ppl, one of the biggest questions we have is "how do we age check?"
No, wait! Stop with the pitchforks! We don't mean it like corpos mean it. We just mean, we are an 18+ community and we'd prefer to stay that way, you know? Right now, we have a super long vibe check in secret where we figure it out, but that's just not easy to do if we're letting ppl sign up, even with spot vibe checking.
So, fedi admins, fedi mods... any privacy respecting ways u have found to do this? Or do we need to just saw ppl in half to count their rings?
#FediMod #FediAdmin #FediModeration
Show Original Post
welshpixie (@welshpixie@mastodon.art)
https://www.patreon.com/WelshPixie1/posts/couple-of-tools-160783243
New Patreon post: A couple of tools for battling AI/bot sign-ups.
Show Original Post
rugk (@rugk@chaos.social)
@cassidy
I wonder, can it (#coop) integrate into the #Fediverse / #Mastodon moderation system? Or is integration from Mastodon needed here? #fediadmin
Show Original Post
LinuxBSD (@LinuxBSD@piaille.fr)
🚨 Mettez à niveau vers Mastodon 4.5.11 🚨
Cette version inclut non seulement une importante mise à jour de sécurité, mais aussi un correctif visant à empêcher une attaque par déni de service (DoS).
⚠️ Concernant l’exploit DoS :
Un acteur malveillant peut choisir de ne pas lancer une attaque DoS complète, mais plutôt d’épuiser progressivement les ressources de votre site, augmentant ainsi vos coûts de serveur au fil du temps. 💸 💰 😈
Si vous n’utilisez pas la version 4.5.11 (ou une version plus récente), vous êtes exposé à ce risque. ⚠️
#Mastodon #Sécurité #Cybersécurité #MastoAdmin #FediAdmin #SécuritéEnLigne
Show Original Post
wir (@wir@graz.social)
Wir sind seit einigen Wochen wieder auf https://joinmastodon.social gelistet, in der Rubrik der regionalen Mastodon-Server. Seitdem ist die Anzahl der Neuanmeldungen von ein bis zwei am Tag auf vier bis fünf gestiegen.
Jedoch sind die meisten Anmeldungen dubios:
- augenscheinlich LLM-generierte deutsche Texte, die dass muss man zugeben, immer authentischer werden, aber (noch) zu aufgesetzt sind.
- Einmal-Mail-Adressen
- IP-Adressen außerhalb Europas
Im Zweifelsfall forden wir nochmal zur kurzen Interaktion auf, bis jetzt kam nie etwas zurück...
Show Original Post
welshpixie (@welshpixie@mastodon.art)
Content warning:Example of the racism that drives Black folk off fedi, still not moderated
This was reported to the instance, and nothing has been done.
The vibe at infosec.exchange always seems to be 'let's see what Jerry does' and Jerry ultimately does nothing.
Another white guy upholding whiteness at the expense of a diverse, safe, inclusive community.
Show Original Post
ellesaurus (@ellesaurus@toot.lgbt)
If I create and use a second Bookwyrm account, can I later move the first account to the second, or does it need to be fresh?
Show Original Post
Linux (@Linux@planet.moe)
🚨 Mastodon 4.5.11로 업그레이드하세요 🚨
이번 버전에는 중요한 보안 업데이트뿐만 아니라 서비스 거부(DoS) 공격을 방지하기 위한 패치도 포함되어 있습니다.
⚠️ DoS 취약점 관련 안내:
악의적인 공격자가 완전한 DoS 공격을 수행하지 않더라도, 사이트의 리소스를 서서히 소모시켜 시간이 지날수록 서버 운영 비용을 증가시킬 수 있습니다. 💸💰😈
현재 4.5.11(또는 그 이후 버전)을 사용하고 있지 않다면 위험에 노출되어 있습니다. ⚠️
#Mastodon #보안 #사이버보안 #MastoAdmin #FediAdmin #온라인안전
Show Original Post
NetscapeNavigator (@NetscapeNavigator@social.vivaldi.net)
🚨 Upgrade to Mastodon 4.5.11 🚨
This version not only includes an important security update, but also a patch to prevent a Denial of Service (DoS) attack.
⚠️ Regarding the DoS exploit:
A malicious actor may not fully commit to a complete DoS attack, but instead slowly drain resources from your site, increasing your server costs over time. 💸 💰 😈
If you're not running 4.5.11 (or newer), you're at risk. ⚠️
#Mastodon #Security #CyberSecurity #MastoAdmin #FediAdmin #OnlineSafety
Show Original Post
ruebe5w (@ruebe5w@layer8.space)
Ich überlege, einen lokalen Fediverse-Server für die kleine Stadt, in der ich wohne aufzusetzen.
Ich würde mal erstmal mit max. 50-100 Accounts rechnen.
Aktuell ist hier das meiste auf Insta und viel auch noch Facebook.
Vermutlich wirds Mastodon werden, bin aber auch durchaus offen für alles andere.
Ich finde im Internet ganz viel Tipps und Tricks zum Betreiben von ganz kleinen Instanzen, aber irgendwie nichts handfestes für bisschen größere:
Show Original Post