chikorita157 🐰 on Nostr: Once the SPAM attack is fully under control and the curprit is stopped, I think this ...
Once the SPAM attack is fully under control and the curprit is stopped, I think this instance shows what I am concerned about for the last year administering a Mastodon server.
The time to implement anti-SPAM measure was when it first happened last spring in 2023 when the Doge spammers created accounts and mass spammed DMS to everyone. That should be the time to add tools to fight SPAM and implement anti-spam features. However, the Mastodon devs dragged their feet until the problem got worse here.
Misskey has some protections like word filters, banned words, and email domain blocks but it’s still not good enough. Sharkey is slightly better since it has account approvals, which is better, but it's still tedious moderating accounts and cleaning up the SPAM.
Perhaps, Akkoma is the least affected because of the MRF feature, which allows you to create rules to reject certain posts. It’s a good thing that the Sharkey team is potentially coming up with something like this to fight SPAM.
Also, Pixelfed has Anti-SPAM protection that is proven to work.
I think the Mastodon team needs to use this opportunity to learn from the mistakes as script kiddies can easily abuse small instances with open registration without any protections in place to send SPAM. If there are anti-spam filters for newly created accounts as seen with Pixelfed and even Forum software like Xenforo (which can use Akismet/StopForumSpam), it would have mostly stopped spammers easily.
#infosec #mastodon #mastoadmin
The time to implement anti-SPAM measure was when it first happened last spring in 2023 when the Doge spammers created accounts and mass spammed DMS to everyone. That should be the time to add tools to fight SPAM and implement anti-spam features. However, the Mastodon devs dragged their feet until the problem got worse here.
Misskey has some protections like word filters, banned words, and email domain blocks but it’s still not good enough. Sharkey is slightly better since it has account approvals, which is better, but it's still tedious moderating accounts and cleaning up the SPAM.
Perhaps, Akkoma is the least affected because of the MRF feature, which allows you to create rules to reject certain posts. It’s a good thing that the Sharkey team is potentially coming up with something like this to fight SPAM.
Also, Pixelfed has Anti-SPAM protection that is proven to work.
I think the Mastodon team needs to use this opportunity to learn from the mistakes as script kiddies can easily abuse small instances with open registration without any protections in place to send SPAM. If there are anti-spam filters for newly created accounts as seen with Pixelfed and even Forum software like Xenforo (which can use Akismet/StopForumSpam), it would have mostly stopped spammers easily.
#infosec #mastodon #mastoadmin