Post · bonfire.cafe

Well this is concerning.

I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.

Thanks to IFTAS SW-ISAC for noting and reporting the bots.

wtfismyip

@wtfismyip@gnu.gl · 3 hours ago

@leo I enabled server-status to investigate some other issue, but noticed there were a bunch of requests against my Mastodon instance.

Jonathan Hartley

@tartley@fosstodon.org · 13 hours ago

@leo for 14 of them, couldn't the owners have just registered/captched them manually?

Evan Prodromou

@evan@cosocial.ca · 20 hours ago

@leo thanks for keeping vigilant, Leo!

nihilistic_capybara

@nihilistic_capybara@layer8.space · 20 hours ago

@leo aren't traditional capchas kind of a solved problem in machine learning?

BeeT1123

@BeeT1123@twit.social · 23 hours ago

@leo ims i had to give a reason to join

Rory Hinnen

@roryh@twit.social · 24 hours ago

@leo thanks for putting in the effort to keep this instance clean!

Brother Holmes :apple_inc:

@brothercasas@twit.social · yesterday

@leo thanks for keeping this server safe. 👍

Oregon Pacifist :rg4:

@Oregon_Pacifist@retro-gaiden.com · yesterday

@leo yeah, there was a wave of bots that joined my instance. Enabling Captcha didn’t slow them down at all. The only thing that helped was requiring new accounts to write a reason to join. Haven’t seen a bot since.

Curious

@curiously@mastodon.au · yesterday

@leo hey thanks for your work in finding and removing these bots. Much appreciated the horde of admins across the Fediverse do an awesome job keeping this a safe place that's people first. Thank you.

ash kvetchum

@scattapilla@jorts.horse · yesterday

@leo looking at the account in modtools should say the inviter name, just ban them too

Yaniv Klein :tautau: 🎗️

@god@tlv.cool · yesterday

@leo concerning is an understatement here, Leo.

aria

@ariarhythmic@ohai.social · yesterday

@leo Are existing members allowed to create invites that bypass review?

D. Olifant

@oli@olifant.social · 23 hours ago

@ariarhythmic @leo This is how it's being done by the 'Portal Kombat' crew. They use existing accounts and use server invites to bypass registration checks.

Andrew H

@andrewh@twit.social · yesterday

@leo is that perhaps the period where your subscription had expired?

Viss

@Viss@mastodon.social · yesterday

@leo this is a pretty big deal. if youre running the stock mastodon code and not something like glitchsoc, this is worth submitting an issue to github about

AntiComposite

@anticomposite@wikis.world · yesterday

RE: https://mastodon.iftas.org/@iftas/116426965511875330

@Viss @leo the current tactic seems to be getting a legit-looking account through review, then using invites (which bypass review) to create the spam accounts.