On February 15th, newly-created Fediverse accounts started posting spam messages from various instances, sending invites to a Discord server for a Japanese troll organization. This spam was widespread across the Fediverse. The posts frame ap12 from “KuronekoServer” as the culprit behind the operation.
Looking at their spam content (in Japanese)
A really interesting look at the recent spam wave.
Many Fediverse instances have open sign-ups without proper limits, enabling this to even happen in the first place.
Open registrations should NEVER be enabled on instances without proper protections and monitoring.
It’s important to note that this attack doesn’t require any novel exploit, just the existence of unmonitored, un-protected instances with open registration. From what we’ve seen, these are usually smaller instances.
If you must have open registrations on your instance, use the proper anti-spam and anti-bot mechanisms.
We also recommend blocking sign-ups using Tor IP addresses and temporary email domains.
hypothetically, what stops a spam group from creating their own instance to register accounts on, or several such? It’d get defederated quickly once the attack got going, sure, but it would take time for this to get done, and in the meantime the spam gets in
Takeaways
All pulled from the analysis, emphases are mine:
hypothetically, what stops a spam group from creating their own instance to register accounts on, or several such? It’d get defederated quickly once the attack got going, sure, but it would take time for this to get done, and in the meantime the spam gets in