Post AVvMP5Dmnjsg6ZHpmi by konni@toot.kartonrad.de
(DIR) More posts by konni@toot.kartonrad.de
(DIR) Post #AVvJisforcFp7M9DHs by kaia@brotka.st
2023-05-22T19:57:24.470293Z
0 likes, 1 repeats
anyone with a recommendation how to defend against the spam attacks from new accounts of instances with their registration open? :akko_please:
(DIR) Post #AVvJwIIssoGgN9oe36 by FrailLeaf@silliness.observer
2023-05-22T19:59:49.401670Z
1 likes, 0 repeats
@kaia https://256.lt/mrf/similar_policy.ex># needs build_cachex("spam", limit: 1024) in lib/pleroma/application.ex># and {:ex_lsh, version: "~> 0.4"} in mix.exsthen>sudo -Hu pleroma MIX_ENV=prod mix deps.get>sudo -Hu pleroma MIX_ENV=prod mix ecto.migrate>restart pleroma/akkomaare you familiar with editing the source? I ask because i don't see you programming posting much
(DIR) Post #AVvJwhUnDfeGVKa0a8 by crafti@akkoma.0x68756773.moe
2023-05-22T19:58:28.462911Z
0 likes, 0 repeats
@kaia not really until fedi software has safe guards for this
(DIR) Post #AVvJwiFaPh4wqSTNWC by kaia@brotka.st
2023-05-22T19:59:47.663317Z
0 likes, 0 repeats
@crafti can we have a domain whitelist? :thinking_cirno:
(DIR) Post #AVvJyfBslD0nw0fd2m by FrailLeaf@silliness.observer
2023-05-22T20:00:18.198819Z
0 likes, 0 repeats
@kaia this MRF has guarded me against the latest attack
(DIR) Post #AVvK4nZ4XTLpdyRVwm by kaia@brotka.st
2023-05-22T20:01:24.178284Z
0 likes, 0 repeats
@FrailLeaf thank you! I'll pass it to my system's engineering team
(DIR) Post #AVvKAo47adDuvzpYzQ by FrailLeaf@silliness.observer
2023-05-22T20:02:26.689484Z
1 likes, 0 repeats
@kaia lol
(DIR) Post #AVvKEiWA9rRit2oNIO by crafti@akkoma.0x68756773.moe
2023-05-22T20:01:56.018469Z
1 likes, 0 repeats
@kaia it would be nice, perhaps simple heuristics like: how old is the account? how many posts were made? does it have any info? was any other DMs with several mentions received?
(DIR) Post #AVvKJ7VvAISrZLnXJw by ahriboy@mk.absturztau.be
2023-05-22T20:03:32.532Z
1 likes, 0 repeats
@kaia@brotka.st approvals would be the best option, *key doesn't have it, only invite only option.
(DIR) Post #AVvKLsr67a0cyY1MZM by stanford@social.arclight.pro
2023-05-22T20:00:34Z
1 likes, 0 repeats
@kaia Not sure about akkoma, but on Mastodon you can disable DMs from accounts you don't follow.
(DIR) Post #AVvKMsbeX6UgUbGu6S by stanford@social.arclight.pro
2023-05-22T20:02:15Z
1 likes, 0 repeats
@kaia @crafti It would probably block a ton of smaller instances :(
(DIR) Post #AVvKNZSxBK5LQ4X40u by FrailLeaf@silliness.observer
2023-05-22T20:04:46.489559Z
3 likes, 1 repeats
@kaia @crafti NO? that goes against the idea of federation pal
(DIR) Post #AVvKPvIMzYMzhWhfmq by kaia@brotka.st
2023-05-22T20:05:12.696250Z
0 likes, 0 repeats
@eris is that preferable over blocking in AdminFE?
(DIR) Post #AVvKfavySi07BXhVpI by Jain@blob.cat
2023-05-22T20:08:03.425542Z
1 likes, 0 repeats
@kaiafirst thing is to reject them... anything your instance miss can be refetched later...second: if you are fast enough, just delete the accounts in admin fe and wait 2-3 days until the admin fixed the issues and the queues got cleared and remove the block again.
(DIR) Post #AVvKq8DxXrO9KQ8b1E by Jain@blob.cat
2023-05-22T20:09:57.632659Z
1 likes, 0 repeats
@kaia if its too much work to do it in admin-fe, then i recommend either exporting the users via sql and do either block them by sending them to the blocking api or use sql to delete all activites, objects, notifications and users
(DIR) Post #AVvL9FAjw7v4NakG1I by crafti@akkoma.0x68756773.moe
2023-05-22T20:05:11.629125Z
0 likes, 0 repeats
@stanford @kaia a combination of those + should trigger on DM
(DIR) Post #AVvL9FjTqxi07L00Aa by stanford@social.arclight.pro
2023-05-22T20:08:17Z
1 likes, 0 repeats
@crafti @kaia What about something like "Account age < 2 weeks" block DM ?
(DIR) Post #AVvLA3rLTzi1aD3zN2 by Jain@blob.cat
2023-05-22T20:13:33.784918Z
0 likes, 0 repeats
@kaia @eris :blobcatgoogly: a hosts file can only block outgoing requests but not incoming requests?
(DIR) Post #AVvLQYh6biMnqh8kwC by Jain@blob.cat
2023-05-22T20:16:32.698437Z
1 likes, 0 repeats
@stanford @kaia thats very very bad tho... fedi doesnt have something like a bounce message / deny message... if a unrelated user send you a DM the admins of their instance and your instance probably cant really comprehend why its not working as expected
(DIR) Post #AVvLbqunCfF7XqvZSK by Jain@blob.cat
2023-05-22T20:18:35.136223Z
0 likes, 0 repeats
@FrailLeaf @kaia does that work even when its not the same user?
(DIR) Post #AVvLguFsDF5JLsCKGm by FrailLeaf@silliness.observer
2023-05-22T20:19:25.794779Z
1 likes, 0 repeats
@Jain @kaia yeah, its hashing the post content
(DIR) Post #AVvM9Ujw9k1YcFtM92 by crafti@akkoma.0x68756773.moe
2023-05-22T20:14:16.653014Z
0 likes, 0 repeats
@stanford @kaia account age is easy to avoid, I think it's really just a mix. I think "if user is not being followed by your peers""if user has not interacted with you prior"=> block DM
(DIR) Post #AVvM9WcDBR26QsIDNg by crafti@akkoma.0x68756773.moe
2023-05-22T20:17:08.624941Z
0 likes, 0 repeats
@stanford @kaia of course "if user has no biography || (account age < 2 weeks && no users following)" => block dm, is a good idea tooyou can get creative 🤷
(DIR) Post #AVvM9XAx6Gp2AcXxWy by crafti@akkoma.0x68756773.moe
2023-05-22T20:20:36.648625Z
1 likes, 1 repeats
@kaia @stanford Imagine if Pleroma had a "DIY MRF" with this interface lmao
(DIR) Post #AVvMD68RZt87Sq4Zns by stanford@social.arclight.pro
2023-05-22T20:19:48Z
0 likes, 0 repeats
@Jain @kaia You maybe could do some sort of auto-respond?
(DIR) Post #AVvMFf3IjCUWKvtDMW by kaia@brotka.st
2023-05-22T20:25:46.338296Z
0 likes, 0 repeats
@stanford @Jain auto-respond? :blobcatsweat:
(DIR) Post #AVvMP3QpSH7qYRNDpw by konni@toot.kartonrad.de
2023-05-22T20:25:55Z
1 likes, 0 repeats
@kaia "joined at" type field??I mean somehow have a list of vulnerable or often spammed instancesThen for those block certain interactions from youg accountsRely on admins cleaning up the bots in time for the... say 1 month thresholdI'd disallow dms, but allow mentions, and follow relationships should not be affected
(DIR) Post #AVvMP5Dmnjsg6ZHpmi by konni@toot.kartonrad.de
2023-05-22T20:26:33Z
1 likes, 0 repeats
@kaia i mean idk if youre looking for a configOr implementation idea
(DIR) Post #AVvNFKqlwGchdRRCjo by stanford@social.arclight.pro
2023-05-22T20:31:21Z
1 likes, 0 repeats
@kaia @Jain I send you a message, your instance/system whatever blocks it based on your conditions and then automatically replies to it informing me it got blocked due to spam reasons.Like when you send an email to somewhere where the mailserver have blocked you.
(DIR) Post #AVvSi3xeJJYDQJAjcu by Jain@blob.cat
2023-05-22T21:38:08.547596Z
0 likes, 0 repeats
@stanford @kaia tbh, idk if that is a good idea... but it could be a solution... point is, one should build a specification or at least talk, and both of that wasnt done by mastodon even tho they implemented this feature already in a more or less broken state... thats kinda bad tho