Unfortunately, the bots are not only there. Here's one on your instance:

https://det.social/@f2shpmpcsa/111940463653151627

I almost suspended det.social, assuming it was a spambot factory like the top 3 you mentioned.

ein weiterer Punkt, der meiner Erfahrung nach sehr gut gegen Spam geholfe hat, ist, die Registrierung so einzuschränken, dass man ein paar Worte zu seiner Registrierung schreiben muss. Zum Beispiel, warum man beitreten will oder welche Interessen man hat.

Dadurch haben wir auf metalhead.club extrem wenige Fälle von (eigenen) Spam-Accounts gehabt bisher. Vielleicht magst du das ja oben noch aufnehmen, wenn du es auch sinnvoll findest.

I advise to be careful with quick defederation (except maybe for instances where you don't have any connections with).

All connections (follows) between your instance and the blocked instance will silently disappear, and people even won't even notice.

It's really hard to rebuild the connections afterwards and some peers will be lost forever.

This spam wave is the result of admins having open registration. Although it is nice and welcoming if people can set up an acc on your instance instantly, it opens the door for spambots.

So please, dear admins: switch to account request "appproval needed".
This will save us a lot of headache.

(Not a solution for the bots that are already present in the current wave).

@ErikUden

Just a note: "CP" or "child pornography" is a word that many people are moving away from, because seeing children sexually abused is horrifying and not pornographic for the vast majority of humanity.

Another term is CSAM, "child sexual abuse materials", and I tend to use that now.

incase you need an update, the admin of "m.mxin.moe" alread posted his/her clarification on here:

This is the translated version: The site was attacked and caused spam on other sites, I'm very sorry, the site is now restricted from registering and posting characters

铭心 (@mxin)

站点被攻击导致其他站点出现了垃圾信息，非常抱歉，该站点目前已经限制了注册及发帖角色

^MXIN-MissKey

friendsyu.me have also fixed spam wave: https://friendsyu.me/notes/718dadc340bad251d7df82db

wehavecookies.social: https://wehavecookies.social/@admin/111939992679250475

planetearth.social: https://planetearth.social/@leon/111940469269635302

mastodon.free-solutions.org and piaille.fr also appear to have cleaned up the spam accounts, though I can't find any admin posts about it

このは(Re) (@konoha)

【お知らせ】 弊サーバの復旧作業が完了しました。 なお、スパム対策のため新規登録を停止しています。もし、ご登録を希望の方は、**このアカウント**までリプください。

^friendsyu.me

Das hatte ich schon öfter bemerkt, nicht nur im Austausch mit mastodon.de sondern auch mit anderen Instanzen.

Fast alle Edits sollen 15 Minuten vor dem Screenshot erfolgt sein.

@martinmuc

sed 's/^\(.\)/127.0.0.1\ \1/' disposable_email_blocklist.conf

copy in /etc/hosts

Thanks for the guide!

Looks like these domains are also being hit as well:
beekeeping.ninja
misskey.kuromame048.net

Thank you!! for posting this.

I had 628 of these accounts opened overnight, but all still in the confirming state. I was luckily able to suspend them before they converted to real accounts.

"Because of this, hessen.social, for example, was not affected by the spam attack! They had already banned the email domain the spammers used ages ago."

Well done @moomendemol & @eichkat3r

squawk.mytransponder.com has resolved the spamming issues AFAICT. Local feed is clear of any spam posts, and the admin has suspended all of the spam accounts and blocked the respective chitthi.in email domain used for the spam account signups.

https://squawk.mytransponder.com/@chiefpilot/111941934637959462

UPDATES:

- mastodon-swiss.org appears to have suspended all of the spam accounts, and the Local feed is clear of any spam posts now. I couldn't find an official announcement regarding this from the site admin(s) however.

- social.cutefunny.net appears to have completely vanished(?) and just shows a "404 page not found" error when loaded.

- cunnyborea.top still appears to be getting flooded with spam posts.

Content warning: racism, racist language (obviously negative toward it, callout of it, not being racist - hopefully! -) Click to open/close

List of Instances that have / had spam

I've moved the collaborative list here

Me and a team of people will constantly monitor the spam situation, add instances to the list that have fallen victim to the spam and kick instances off the list when they're freed again.

I've worked on this all day - I hope it'll help some admins struggling to find a solution!

If you're an admin of the spam instances:
Take a look at the post this is a reply to in order to stop the spam on your instance.

Is the Spam Over?

No

Have a great day!

Erik Uden 🦣🍑:coffefied:

2024-02-16 08:50:43

To all Fedi Admins Currently Being hit with a Spam Wave:

This kind of spam is now over! Unmute all the instances no longer on my list!

I've just released v4.0.0 of The UNmute List! I'd be very happy about a small donation because I have very little time and I cannot really justify working on this list with my current schedule ​

There is a new type of spam, the same instances are affected as before. Those responsible in Japan are said to have been arrested.

Without further ado...

Limit these instances:

[Full List of Affected Instances Here]

Just get the list to download and import here.

Simply import this list and you'll mute the 47 worst spam instances currently known to me! I've worked on it for multiple weeks, sometimes ~9 hours at a time verifying all lists sent to me manually.

Limit first, defederate only in worst situations!

Consider re-federating with and un-silencing any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started.

Ban Spam Accounts via their E-Mail Domain

Block the following E-Mail Domain and whatever temp Mail provider it resolves to: chitthi.in

Just to be safe, block these ones too (same provider)

• mailto.plus
• fexpost.com
• fexbox.org
• mailbox.in.ua
• any.pink

All our spam accounts came from these E-mails.

Since you probably have some of these accounts sleeping:

https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in there just select all and press “Ban”.

Find Remaining Spammers

I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway:

https://mamot.fr/@vincib/111946701929274350

IP Bans and TOR

These spammers seem to be using the TOR Network as all of their IPs are TOR Exit Node IPs, hence an idea (with some collateral damage if executed) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (political refugees, leakers of important documents, etc.) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.

How To Block All Temp E-Mails in the Future

If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:

• Here is the list of all Temp email providers (there are both blocklist and allowlist)
• Here how to install it in Mastodon
• The script that automatically pulls the list via Cronjob and imports it into Mastodon
• Script template

Because of this, hessen.social, for example, was not affected by the spam attack! They had already banned the email domain the spammers used ages ago.

In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.

Why did this happen?

The real reason hundreds of us spent hours of our days during the spam on mitigating it is the following:

Cyberbullying Gone Global: Fediverse Spam and Operation Beleaguer

This is the full exposé @cappy has been working on regarding the February 15th Spam Attacks!

Thank you @BrodieOnLinux for mentioning this post in a video!

Good luck, everyone!
Thanks for participating in the Fediverse Experiment!

#FediBlock #FediAdmin

GitHub - disposable-email-domains/disposable-email-domains: a list of disposable and temporary email address domains

a list of disposable and temporary email address domains - disposable-email-domains/disposable-email-domains

^GitHub