Please report any account that claims that you need to verify your #Mastodon account to continue using it. It is a scam. Don't click the links. Real staff accounts either have a special role badge on their profile or are verified through the joinmastodon.org domain.
like this
reshared this
Mastodon.social Staff
in reply to Mastodon.social Staff • • •reshared this
Cainmark Does Not Comply π², D. Olifant, marzuq märzenbecher, Debbie Goldsmith π³οΈβ§οΈβΎοΈπΊπ¦, Aubrieta, Muscaria, Mastodon, Eric de Redelijkheid, lashman, Ineke, The Nexus of Privacy, Das große Lu und das kleine la, CaveDave, Carl Myrland, Wolfgang Hagen, Jules πΊ, Horrabin, ΧΧΧΧ ΧΧ§ (MSc), Moskitokönig Kevin, Sneezy π :antifa: π³οΈβ§οΈ π€, Omega_Scribet, Kierunkowy74, Nick Stevens Graphics, Magnus Lundberg βοΈ, stuxβ‘, Walrus π΄σ §σ ’σ ·σ ¬σ ³σ Ώ, Rokosun, Spookybot, ADRIAN π³οΈπ, PaulNickson ποΈποΈπΌ, Shannon Prickett, Beachbum, Su_G, Soh Kam Yung, Martin, Claire ππͺπΊπ«π·π, Franz Graf and Katro reshared this.
Michael Salbeck
in reply to Mastodon.social Staff • • •So, we rejected all such account requests.
haui
in reply to Mastodon.social Staff • • •You're being attacked most likely by political actors due to allowing criticism of certain regimes.
I suggest you communicate where those attacks are coming from as an effective method to stop them.
Otherwise, good luck and thank you for your service. π
Pam C
in reply to Mastodon.social Staff • • •Stefan
in reply to Mastodon.social Staff • • •stuxβ‘
in reply to Stefan • • •@stefan Oh thats a nice one!
Or maaaybe some sort of REGEX filter on signup? Since they seem to use a pattern maybe
Martin Dougiamas
in reply to Mastodon.social Staff • • •Emelia πΈπ»
in reply to Martin Dougiamas • • •Martin Dougiamas
in reply to Emelia πΈπ» • • •Emelia πΈπ»
in reply to Martin Dougiamas • • •@martin so the spam waves we're seeing are quite advanced and adaptive, it's not like the script kiddie spam from last year.
With this spam wave, I'm still analyzing the data, but:
- we've seen at least 13 different domains used for the phishing site
- we've seen them using CWs when spamming publicly
- we've seen them use multiple different scripts (what's written), including multiple languages
Regexp and publicly available lists of data are not something that would particularly help, as as soon as you publish & block keywords or domains, the attack changes.
If a server admin is not vigilant, then they should not have open registration (ex. Mastodon.social), but there's servers out there that are several versions out of date, so they don't get any of the new mitigation features or warnings (there's a big warning about open registration in the admin panel since 4.3.x)
reshared this
Ben Royce πΊπ¦ πΈπ©, mau π³οΈπ#EndFossilFuels and MFennVT reshared this.
Ben Royce πΊπ¦ πΈπ©
in reply to Emelia πΈπ» • • •@staff
would limiting rate of posts for new accounts help?
so you make a new account, you only get 3 posts on your first day for example
but... they'll just register and go dormant for a period of time
no, you could still do it:
rate limit number of first few posts, no matter account age
so... they post innocuous garbage to get past that hurdle
but that's still useful
put up these kinds of barriers to make spamming hard, while not interfering with regular users
Gabriel H. Nunes
in reply to Mastodon.social Staff • • •Your account isn't yet verified in any way, though.
#Mastodon #MastodonSocial #MastodonOnline
Cainmark Does Not Comply π²
in reply to Gabriel H. Nunes • • •Good catch.
Mastodon.social Staff
in reply to Cainmark Does Not Comply π² • • •Cainmark Does Not Comply π² reshared this.
Gabriel H. Nunes
in reply to Mastodon.social Staff • • •@cainmark
Thank you for that information! I'm on mastodon.social, but I'm usually on a third-party app, #Fedilab, which doesn't show badges, so domain verification is still important.
On that, why not verify through mastodon.social and mastodon.online instead of joinmastodon.org?
#Mastodon #MastodonSocial #MastodonOnline
Fedilab Apps
in reply to Gabriel H. Nunes • • •At least, when opening the profil remotely, you should see the badge with Fedilab. So there is an issue on our end. Bookmarked for a fix.
@staff @cainmark
S.R. Weaver
in reply to Mastodon.social Staff • • •Su_G
in reply to Mastodon.social Staff • • •Mastodon.social Staff
Unknown parent • • •Cainmark Does Not Comply π² reshared this.
Dawn Ahukanna
in reply to Mastodon.social Staff • • •Also indicates a gap in providing admin level messages, similar to old school forum discussion boards or SMS from mobile phone provider.
Piiieps & Brummm
Unknown parent • • •Yes, I agree. Praise to the admins!
Yesterday I saw my first post of the sort as a comment on a post I was reading. When I saw it, the commented post was less than 5 minutes old. I _tried_ to report it, but the account was already suspended by the time and a reload showed, that the spam was deleted.
Really outstanding work by all the admins!
@staff
Edits: typos
Tofm2 π«π· πΊπ¦ πͺπΊ
in reply to Mastodon.social Staff • •Edit: done.
Tracy Thomas
in reply to Mastodon.social Staff • • •Tofm2 π«π· πΊπ¦ πͺπΊ likes this.
Matija Nalis
in reply to Tracy Thomas • • •It would also would be good to additionally report the phishing URL itself on safebrowsing.google.com/safebrβ¦ (I'm not big fan of Google, but that safe browsing list is used by different browsers, Firefox included, and may help if people do click on those links) #safebrowsing
@staff
Clinton Anderson SwordForHire
in reply to Mastodon.social Staff • • •Mastodon needs a way to "verify" that doesn't require having some other website
If I could follow "Real people only" I absolutely would.
Pam C
Unknown parent • • •F4GRX SΓΒ©bastien
in reply to Mastodon.social Staff • • •