To all Fedi Admins Currently Being hit with a Spam Wave:
This kind of spam is now over! Unmute all the instances no longer on my list!
I've just released v4.0.0 of The UNmute List! I'd be very happy about a small donation because I have very little time and I cannot really justify working on this list with my current schedule 
β
There is a new type of spam, the same instances are affected as before. Those responsible in Japan are said to have been arrested.
Without further ado...
Limit these instances:
[Full List of Affected Instances Here]
Just get the list to download and import here.
Simply import this list and you'll mute the 47 worst spam instances currently known to me! I've worked on it for multiple weeks, sometimes ~9 hours at a time verifying all lists sent to me manually.
Limit first, defederate only in worst situations!
Consider re-federating with and un-silencing any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started.
Ban Spam Accounts via their E-Mail Domain
Block the following E-Mail Domain and whatever temp Mail provider it resolves to: chitthi.in
Just to be safe, block these ones too (same provider)
mailto.plusfexpost.comfexbox.orgmailbox.in.uaany.pink
All our spam accounts came from these E-mails.
Since you probably have some of these accounts sleeping:
https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in there just select all and press βBanβ.
Find Remaining Spammers
I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway:
mamot.fr/@vincib/1119467019292β¦
IP Bans and TOR
These spammers seem to be using the TOR Network as all of their IPs are TOR Exit Node IPs, hence an idea (with some collateral damage if executed) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (political refugees, leakers of important documents, etc.) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.
How To Block All Temp E-Mails in the Future
If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:
- Here is the list of all Temp email providers (there are both blocklist and allowlist)
- Here how to install it in Mastodon
- The script that automatically pulls the list via Cronjob and imports it into Mastodon
- Script template
Because of this, hessen.social, for example, was not affected by the spam attack! They had already banned the email domain the spammers used ages ago.
In future updates on Mastodon, maybe Admins can simply click a button that says βBan Temp E-Mail Providersβ Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.
Why did this happen?
The real reason hundreds of us spent hours of our days during the spam on mitigating it is the following:
Cyberbullying Gone Global: Fediverse Spam and Operation Beleaguer
This is the full exposΓ© @cappy has been working on regarding the February 15th Spam Attacks!
Thank you @BrodieOnLinux for mentioning this post in a video!
Good luck, everyone!
Thanks for participating in the Fediverse Experiment!
GitHub - disposable-email-domains/disposable-email-domains: a list of disposable and temporary email address domains
a list of disposable and temporary email address domains - disposable-email-domains/disposable-email-domainsGitHub
Hi, admin of PIAILLE.FR here, we've taken steps to delete all spam accounts and block ips/mails domains which they originated from.
Please can you cross our name out ?
thanks !
Roland Häder likes this.
reshared this
Roland Häder, 800mi, Castopod :podcasting2:, wakest β, Yogthos, Jacob Urlich π, Venn Stone, π· π ~hyde, Strypey, Doug Whitfield [Minneapolis] and Brodie Robertson reshared this.
thibault
in reply to Erik Uden π • • •Please can you cross our name out ?
thanks !
Roland Häder likes this.
Roland Häder reshared this.
Southern Wolf π§π¦
in reply to Erik Uden π • • •Southern Wolf π§π¦
in reply to Southern Wolf π§π¦ • • •@crashdoom Crap, I spoke too soon. Just got a bunch of reports on our sister instance, pawb.fun...
Varwest.fr
Ipv6.social
Neubau.social
Fanfare.horse
Southern Wolf π§π¦
in reply to Southern Wolf π§π¦ • • •And now more just came in here too...
asturias.red
tabletop.vip
fluffs.au
terapeldigitaal.nl
terere.social
Erik Uden π
in reply to Southern Wolf π§π¦ • • •Southern Wolf π§π¦
in reply to Erik Uden π • • •Yeah, I can't access that reported post from Neubau, they might have already handled it. But yes, you're absolutely welcome! You're running the best list if this junk as it's happening, so I'll definitely pass on more as they come in.
Credit to @soatok for that last batch of reports too, btw.
Southern Wolf π§π¦
in reply to Southern Wolf π§π¦ • • •got another one for you. This one targeted Lemmy it seems, was wondering if it would spill over to there.
madworld.social
Erik Uden π
in reply to Erik Uden π • • •List of Instances that have / had spam
If you're an admin of the spam instances:
Take a look at the post this is a reply to in order to stop the spam on your instance.
If you're an admin from an instance that receives spam:
REMEMBER THAT DEFEDERATION WITH BIG INSTANCES IS A HARMFUL ACT AS IT SILENTLY REMOVES ALL FOLLOWERS FROM AND TO THAT INSTANCE FROM YOURS WHICH CANNOT BE UNDONE - RECONSIDER DOING THIS IF YOU DO NOT HAVE ANY SPAM FROM THESE INSTANCES YET
Possibly only defederate from instances if no connections are lost in the process.
Reconsider re-federating with any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started!
Defederate from:
social.cutefunny.net(warning: CSAM)cunnyborea.top(still spam)Consider defed
... show moreList of Instances that have / had spam
If you're an admin of the spam instances:
Take a look at the post this is a reply to in order to stop the spam on your instance.
If you're an admin from an instance that receives spam:
REMEMBER THAT DEFEDERATION WITH BIG INSTANCES IS A HARMFUL ACT AS IT SILENTLY REMOVES ALL FOLLOWERS FROM AND TO THAT INSTANCE FROM YOURS WHICH CANNOT BE UNDONE - RECONSIDER DOING THIS IF YOU DO NOT HAVE ANY SPAM FROM THESE INSTANCES YET
Possibly only defederate from instances if no connections are lost in the process.
Reconsider re-federating with any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started!
Defederate from:
social.cutefunny.net(warning: CSAM)cunnyborea.top(still spam)Consider defederating from:
mstdn.xicon.eufckmsk.socialmastodon.tnfreemasonry.socialvarwest.fripv6.socialfanfare.horse(Spam ongoing)asturias.redtabletop.vipfluffs.auterapeldigitaal.nlterere.social(*Spam ongoing)madworld.social(Spam ongoing)worldtravel.photosandrew.xyzsquabble.orgmas.atmx.caamerica.socialtribe.netRefederate with:
These instances had spam but since have taken action in order to stop it. If any other lists tell you to defederate from these instances, they're probably outdated.
m.mxin.moe(fixed)friendsyu.me(fixed)mastodon-swiss.org(fixed)wehavecookies.social(fixed)planetearth.social(fixed)det.social(fixed)squawk.mytransponder.com(fixed)piaille.fr(fixed)mastodon.free-solutions.org(fixed)Erik Uden π
2024-02-16 08:50:43
Castopod :podcasting2: reshared this.
Strypey
in reply to Erik Uden π • • •> In future updates on Mastodon, maybe Admins can simply click a button that says βBan Temp E-Mail Providersβ Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails
Maybe this needs to be the default, with a button to undo it.
Erik Uden π
in reply to Strypey • • •