I've noticed a very slow trickle of fake accounts registering at my instance recently.
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb scary.....
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb
Any important elections coming up? -
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb A lot of times, nefarious accounts just sit idle for a long time before being called into action.
It's also worthy to note, with Mastodon, users can setup interactions to be filtered under a special area in notifications for news accounts, as well as other settings... So, if a new account tries to send spam within the first 30 days, it will get filtered behind a special area in notifications. They could be for future nefarious use,
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
Whatever it is, I wouldn't count on it being anything good! Something smells like billionaire to me...
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb
Possibly data harvesting while waiting for some command?I think IFTAS had a post quite recently about a whole botnet that's creating tons of accounts, behaving kind of normally for awhile before they start doing... whatever it is they start doing (wow, having a short sleep is doing wonders for the memory).
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb definitely will be used later. Had that happen here, they’d look legit for a while then start spamming. Luckily recently for me all of the spam signups have been pretty dang obvious.
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
Sounds like sleeper bot accounts.
They're most likely monitoring your public instance feed, including non-federated instance-local-only posts as I noticed some aren't following other accounts, but check if an account is following them.
I'd also check for any unexpected traffic to/from your instance on the wire when there shouldn't be any, just in case.
But it's concerning.
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb
This sounds similar to a bot campaign which has recently unfolded on a number of instances including ours. They can talk their way through a manual signup review, leading some to think humans initiate the accounts. The Kolektiva bots initially boosted a few toots from local accounts. They post squalls of stochastic automated text, first in English, and then switching to Greek (!). They also post slop graphics. A thematic that emerges through the nonsense is clear, a focus on the Ukraine war which is derogatory to Ukrainians. IOW, actual Russian bots -
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
I've noticed similar accounts commenting on YouTube.
They have been created years ago with minimal information, and suddenly they come out and go full throttle with pro-Russian arguments in debates on videos related to the US, EU and Ukraine.
It's not ideal that Hetzner is hosting the email for them, but then again - if the Hetzner account is created by a EU citizen with Russian ties, it's almost impossible to detect.
Personally I would contact the account owner and ask them a couple of follow-up questions and tell them to go elsewhere if I felt something was fishy.
