Well this is concerning.
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo this is a pretty big deal. if youre running the stock mastodon code and not something like glitchsoc, this is worth submitting an issue to github about
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo is that perhaps the period where your subscription had expired?
-
@leo this is a pretty big deal. if youre running the stock mastodon code and not something like glitchsoc, this is worth submitting an issue to github about
RE: https://mastodon.iftas.org/@iftas/116426965511875330
@Viss @leo the current tactic seems to be getting a legit-looking account through review, then using invites (which bypass review) to create the spam accounts.
-
RE: https://mastodon.iftas.org/@iftas/116426965511875330
@Viss @leo the current tactic seems to be getting a legit-looking account through review, then using invites (which bypass review) to create the spam accounts.
@anticomposite @leo oh interesting - you think there are approved accounts already in there that are farming invites out to the bots?
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo Are existing members allowed to create invites that bypass review?
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
How did they circumvent your manual process?
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo concerning is an understatement here, Leo.
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo Can I confirm - this is on Mastodon's server software?
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo looking at the account in modtools should say the inviter name, just ban them too
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo hey thanks for your work in finding and removing these bots. Much appreciated the horde of admins across the Fediverse do an awesome job keeping this a safe place that's people first. Thank you.
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo yeah, there was a wave of bots that joined my instance. Enabling Captcha didn’t slow them down at all. The only thing that helped was requiring new accounts to write a reason to join. Haven’t seen a bot since.
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo thanks for keeping this server safe.
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo thanks for putting in the effort to keep this instance clean!
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo ims i had to give a reason to join
-
@leo Are existing members allowed to create invites that bypass review?
@ariarhythmic @leo This is how it's being done by the 'Portal Kombat' crew. They use existing accounts and use server invites to bypass registration checks.
-
@leo hey thanks for your work in finding and removing these bots. Much appreciated the horde of admins across the Fediverse do an awesome job keeping this a safe place that's people first. Thank you.
@curiously @leo Yes, thanks a million. It is really appreciated.
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo aren't traditional capchas kind of a solved problem in machine learning?
-
Well this is concerning.
I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.
Thanks to IFTAS SW-ISAC for noting and reporting the bots.
@leo thanks for keeping vigilant, Leo!
-
T tanyakaroli@expressional.social shared this topic
