I would encourage every Fediverse software project to implement a “dead-man switch" on registrations: if nobody with moderator permissions has been active in the last week, then disable new account creation.

freeplay@wetdry.world

@renchap wondering if something similar could be done for rejecting incoming activitypub requests maybe ? or is that a bad idea

mware@mstdn.ca

@renchap tagging @dansup

dansup@mastodon.social

@mWare @renchap That's a great idea, will be implementing that after work!

mware@mstdn.ca

@dansup @renchap wait you have a job OUTSIDE of Pixelfed?

... is it tending to that sweet tuxxy kitty of yours?

radmin@limepeeps.perchinup.top

@[email protected] Huh, was this why the recent enspammification a few days ago didn't turn out so effectively?

Aside from that, though, promising work! It's encouraging to see our devs not just be better than Twitter, but build up moderation tools to keep up with the growing userbase (and thus pool of bad actors).

justinh@twit.social

@renchap New accounts can't "push" anything until they're followed on another instance, correct?

Not that the idea of a dead-mans switch is a bad one! I would like to see other dead-man switches too such as warning existing users that their accounts could disappear when an admin goes awol.

bob@beamship.mpaq.org

@renchap

I like the idea. Is it in 4.3 already? Couldn't tell from the comments.

jupiter_rowland@hub.netzgemeinde.eu

@⁂ Justin (StayGrounded.online) @Renaud Chaput Also, if you want to protect your instance from being overrun by spammers, there should be more that you can do than close registrations.

How about manual approval by an admin? Does Mastodon have this feature? Because Hubzilla, (streams) and Forte do.

#FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Spam #Mastodon #Hubzilla #Streams #(streams) #Forte

qbi@freie-re.de

@renchap Can you tell how many instances have switched over time?

dansup@mastodon.social

This post is deleted!

gunchleoc@mastodon.scot

@freeplay https://mastodon.scot/@gunchleoc/113327196499943561

renchap@oisaur.com

@jupiter_rowland yes, Mastodon supports requiring approval for accounts

renchap@oisaur.com

@bob it was even backported in 4.2 last february

gunchleoc@mastodon.scot

@radmin @renchap It was a combination of this and of notifying vulnerable servers during the previous spam wave. Many admins took action on the open signups back then.

gunchleoc@mastodon.scot

@jupiter_rowland Yes, Mastodon has had this feature for a while, to set registrations to require approval.

gunchleoc@mastodon.scot

@JustinH They can by mentioning people, which is what this spam bot does - it mentions 4 accounts per post.

gunchleoc@mastodon.scot

@qbi @renchap This was introduced with version 4.2.8. You can do the math from there: https://fedidb.org/software/mastodon/versions roughly 80% of Mastodon servers are already running this patch.

renchap@oisaur.com

Another consideration: new installations should not allow open registrations by default. This should be a setting that the administrator needs to opt into, and this is a good place to inform them that open registration instances require moderation resources.

In Mastodon, we display a warning when the admin chooses this option. Mastodon also support requiring moderator/admin approval for new sign ups, which helps a lot in preventing automated registrations.

gossithedog@cyberplace.social

@renchap also the Captcha support helps a whole lot. I’ve had open registrations for approaching two years and have had none of the Japanese spam waves, as an example.

renchap@oisaur.com

@GossiTheDog It helps with some actors, but it is not an issue with many others, including the ones that use captcha-busting software (there are now even “dark" SAAS for this), or for human-generated spam using content farms (we see a lot of those in some countries like Nigeria and Vietnam)