notes (@notes@nya.social)
is anyone seeing OVH GRA1 down #fediadmin #fediadmins #fedimins
Show Original Post
notes (@notes@nsfw.social)
Heads up perverts! 😜 In an effort to be more transparent we are now publishing our moderation settings for both nsfw.social and nsfw.lgbt:
- List of Sensitive Words
- List of Prohibited Words
- Hidden Hashtags
- Silenced Instances
- Media Silenced Instances
- Blocked Instances (Defederated)
Any time we make a change we'll (try to remember to) update the pages so our moderation actions and activities remain transparent.
More information is available here:
https://info.nsfw.social/doku.php/admin/start
#nsfwadmin #fediadmin #administrivia
Show Original Post
notes (@notes@nsfw.lgbt)
Heads up perverts! 😜 In an effort to be more transparent we are now publishing our moderation settings for both nsfw.lgbt and nsfw.social:
- List of Sensitive Words
- List of Prohibited Words
- Hidden Hashtags
- Silenced Instances
- Media Silenced Instances
- Blocked Instances (Defederated)
Any time we make a change we'll (try to remember to) update the pages so our moderation actions and activities remain transparent.
More information is available here:
https://info.nsfw.lgbt/doku.php/admin/start
#nsfwadmin #fediadmin #administrivia
Show Original Post
vantablack (@vantablack@cyberpunk.lol)
when i say fake verification spam i mean this btw
Show Original Post
vantablack (@vantablack@cyberpunk.lol)
⚠️ FOLLOWUP PSA ⚠️
if you have open registrations on your instance this current spam wave would be a great impetus to switch to approval-based signups
the extra moderation workload for having fully open signups is MASSIVE and for basically zero reward. it doesn't take much time or effort to vet and approve new users, but it takes much more to clean up the damage a shitload of spam accounts can do
Show Original Post
vantablack (@vantablack@cyberpunk.lol)
⚠️ PSA ⚠️
been seein lotsa fake verification spam out on the timeline today!!!
don't just ignore these! be sure to report them to your instance admins so we can ban them and keep them from pestering anybody else. be sure to forward the reports, too, so remote admins can ban them at the source!!!
Show Original Post
notes (@notes@nsfw.lgbt)
This is mainly for my nsfw.lgbt users -
Terms of Service, Privacy Policy, Acceptable Use Policy, Content Policy, and Impressum have been fixed and updated. You can read the most current versions by clicking on the Instance Information pop-up in the upper-left corner of the main site page.
#administrivia #nsfwadmin #fediadmin
Show Original Post
notes (@notes@enby.life)
Content warning:RE: fedi admin PSA, account verification spam
Fedi admins: do not forget that this will not just affect mastodon instances. This will affect all fedi software with mastoAPI support enabled, including Pleroma/Akkoma/forks, Sharkey/forks, IceShrimp (both JS and .NET), any Misskey fork that allows mastodonAPI support, and GoToSocial. Even if the API to register or log into an account is disabled, all a bad actor needs to do is log in manually, generate an access token with note creation access or get the native token (which is bad!), and plug it into the spam bots.
For instances running software that does not require mastoAPI to function: please consider disabling mastoAPI support to remove extra attack surfaces. Do this either natively, if your software supports that, or by blocking it through your reverse proxy (NGINX, Caddy, etc.).
@hazelnoot
#FediAdmins #FediAdmin #PSA #Spam
Show Original Post
notes (@notes@enby.life)
Content warning:fedi admin PSA, account verification spam
The scammers are beginning to pivot away from brand-new accounts in favor of re-using existing accounts with leaked or compromised credentials. This has significant impact on the heuristic patterns:
- Spam accounts may not be brand new.
- Usernames might sound normal instead of random.
- Accounts may have an established post history.
- Spam messages could originate from instances with registration closed.
- Spam accounts will have recently changed display name, PFP, and bio.
Instances using "newly created account" as a filter heuristic may need to revise their configurations. Other heuristics, including the content patterns used on Enby.Life and our local bubble, remain effective for now.
It remains to be seen whether the scammers will commit to using hijacked accounts, or if we'll see a return to the automated fake accounts on open-reg instances. We're currently seeing only a small percentage of spam from stolen accounts so this is likely some type of A/B test.
Please stay safe out there, and feel free to reach out if you have questions!
#FediAdmins #FediAdmin #PSA #Spam
Show Original Post
notes (@notes@nsfw.social)
This is mainly for my nsfw.social users -
Terms of Service, Privacy Policy, Acceptable Use Policy, Content Policy, and Impressum have been fixed and updated. You can read the most current versions by clicking on the Instance Information pop-up in the upper-left corner of the main site page.
#administrivia #nsfwadmin #fediadmin
Show Original Post
christian_freiherr_von_wolff (@christian_freiherr_von_wolff@gts.pebcak.me)
Apologies to most but not all of the instances who've been trying to federate with me but keep getting blocked. This instance is sitting behind an AdGuard Home server running an extremely large blocklist. I made said blocklist myself by simply concatenating a bunch of blocklists that already existed. It's definitely a double edged sword now that I'm running my own Fediverse instance. There are definitely, literally a few, instances who've been trying to talk to me who are about to get domain blocked for real (meaning here). I've also had to (in AdGuard Home) unblock a few big instances I'm already familiar with who are no problem at all. The percentage of domains blocked at the DNS level has literally increased from low single digits to mid-twenties percent since I've started running this thing. In both cases, before and after, that's over the last 24 hours. I've had my own server on the Fediverse for about 22–23 hours now. So the thing's a tad bit touchy… I'm working on it, lol.
#FediAdmin #AdGuardHome
Show Original Post
tux (@tux@burningboard.net)
Du hast recht – wer sich hier anmeldet, bringt in der Regel schon ein gewisses Maß an Bildung mit. Es gibt allerdings auch "echte" & möglicherweise gefährliche Spambots, die lediglich Accounts erstellen und danach inaktiv bleiben. Auf unserer Instanz haben wir selbst schon Dutzende Konten, die nur angelegt wurden, ohne jemals aktiv geworden zu sein. Ich könnte mir vorstellen, dass es irgendwann eine koordinierte Desinformationskampagne gibt – massenhaft, an einem einzigen Tag, möglicherweise gesteuert aus Russland.
Show Original Post