<![CDATA[Well this is concerning.]]>Well this is concerning.

I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.

Thanks to IFTAS SW-ISAC for noting and reporting the bots.

]]>https://forum.fedi.dk/topic/735ee172-f71a-4bb5-81b2-25e80d1a1e38/well-this-is-concerning.RSS for NodeThu, 14 May 2026 14:18:06 GMTSat, 02 May 2026 17:22:00 GMT60<![CDATA[Reply to Well this is concerning. on Sun, 03 May 2026 06:23:41 GMT]]>@leo thanks for keeping vigilant, Leo!

]]>https://forum.fedi.dk/post/https://cosocial.ca/users/evan/statuses/116509207483483049https://forum.fedi.dk/post/https://cosocial.ca/users/evan/statuses/116509207483483049Sun, 03 May 2026 06:23:41 GMT<![CDATA[Reply to Well this is concerning. on Sun, 03 May 2026 06:17:57 GMT]]>@leo aren't traditional capchas kind of a solved problem in machine learning?

]]>https://forum.fedi.dk/post/https://layer8.space/users/nihilistic_capybara/statuses/116509184957075492https://forum.fedi.dk/post/https://layer8.space/users/nihilistic_capybara/statuses/116509184957075492Sun, 03 May 2026 06:17:57 GMT<![CDATA[Reply to Well this is concerning. on Sun, 03 May 2026 05:44:19 GMT]]>@curiously @leo Yes, thanks a million. It is really appreciated.

]]>https://forum.fedi.dk/post/https://mastodon.nz/ap/users/115828656027457735/statuses/116509052757903077https://forum.fedi.dk/post/https://mastodon.nz/ap/users/115828656027457735/statuses/116509052757903077Sun, 03 May 2026 05:44:19 GMT<![CDATA[Reply to Well this is concerning. on Sun, 03 May 2026 03:34:26 GMT]]>@ariarhythmic @leo This is how it's being done by the 'Portal Kombat' crew. They use existing accounts and use server invites to bypass registration checks.

]]>https://forum.fedi.dk/post/https://olifant.social/users/oli/statuses/01KQNYDMR29QX21E67SKET4KHFhttps://forum.fedi.dk/post/https://olifant.social/users/oli/statuses/01KQNYDMR29QX21E67SKET4KHFSun, 03 May 2026 03:34:26 GMT<![CDATA[Reply to Well this is concerning. on Sun, 03 May 2026 03:33:38 GMT]]>@leo ims i had to give a reason to join

]]>https://forum.fedi.dk/post/https://twit.social/users/BeeT1123/statuses/116508538838903558https://forum.fedi.dk/post/https://twit.social/users/BeeT1123/statuses/116508538838903558Sun, 03 May 2026 03:33:38 GMT<![CDATA[Reply to Well this is concerning. on Sun, 03 May 2026 02:10:59 GMT]]>@leo thanks for putting in the effort to keep this instance clean!

]]>https://forum.fedi.dk/post/https://twit.social/users/roryh/statuses/116508213868989412https://forum.fedi.dk/post/https://twit.social/users/roryh/statuses/116508213868989412Sun, 03 May 2026 02:10:59 GMT<![CDATA[Reply to Well this is concerning. on Sun, 03 May 2026 00:32:17 GMT]]>@leo thanks for keeping this server safe. 👍

]]>https://forum.fedi.dk/post/https://twit.social/users/brothercasas/statuses/116507825737089629https://forum.fedi.dk/post/https://twit.social/users/brothercasas/statuses/116507825737089629Sun, 03 May 2026 00:32:17 GMT<![CDATA[Reply to Well this is concerning. on Sun, 03 May 2026 00:01:46 GMT]]>@leo yeah, there was a wave of bots that joined my instance. Enabling Captcha didn’t slow them down at all. The only thing that helped was requiring new accounts to write a reason to join. Haven’t seen a bot since.

]]>https://forum.fedi.dk/post/https://retro-gaiden.com/users/Oregon_Pacifist/statuses/116507705795494673https://forum.fedi.dk/post/https://retro-gaiden.com/users/Oregon_Pacifist/statuses/116507705795494673Sun, 03 May 2026 00:01:46 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 22:33:35 GMT]]>@leo hey thanks for your work in finding and removing these bots. Much appreciated the horde of admins across the Fediverse do an awesome job keeping this a safe place that's people first. Thank you.

]]>https://forum.fedi.dk/post/https://mastodon.au/users/curiously/statuses/116507359032432691https://forum.fedi.dk/post/https://mastodon.au/users/curiously/statuses/116507359032432691Sat, 02 May 2026 22:33:35 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 22:00:06 GMT]]>@leo looking at the account in modtools should say the inviter name, just ban them too

]]>https://forum.fedi.dk/post/https://jorts.horse/users/scattapilla/statuses/116507227382975541https://forum.fedi.dk/post/https://jorts.horse/users/scattapilla/statuses/116507227382975541Sat, 02 May 2026 22:00:06 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 21:23:26 GMT]]>@leo Can I confirm - this is on Mastodon's server software?

]]>https://forum.fedi.dk/post/https://mewblog.thepolarbear.co.uk/notes/alsexmosp15eleb7https://forum.fedi.dk/post/https://mewblog.thepolarbear.co.uk/notes/alsexmosp15eleb7Sat, 02 May 2026 21:23:26 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 20:25:48 GMT]]>@leo concerning is an understatement here, Leo.

]]>https://forum.fedi.dk/post/https://tlv.cool/users/god/statuses/116506856555314960https://forum.fedi.dk/post/https://tlv.cool/users/god/statuses/116506856555314960Sat, 02 May 2026 20:25:48 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 19:03:47 GMT]]>@leo

How did they circumvent your manual process?

]]>https://forum.fedi.dk/post/https://babka.social/users/serge/statuses/116506534077597511https://forum.fedi.dk/post/https://babka.social/users/serge/statuses/116506534077597511Sat, 02 May 2026 19:03:47 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 18:14:38 GMT]]>@leo Are existing members allowed to create invites that bypass review?

]]>https://forum.fedi.dk/post/https://ohai.social/ap/users/115628614496668967/statuses/116506340817739389https://forum.fedi.dk/post/https://ohai.social/ap/users/115628614496668967/statuses/116506340817739389Sat, 02 May 2026 18:14:38 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 17:30:24 GMT]]>@anticomposite @leo oh interesting - you think there are approved accounts already in there that are farming invites out to the bots?

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116506166867475390https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116506166867475390Sat, 02 May 2026 17:30:24 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 17:29:12 GMT]]>RE: https://mastodon.iftas.org/@iftas/116426965511875330

@Viss @leo the current tactic seems to be getting a legit-looking account through review, then using invites (which bypass review) to create the spam accounts.

]]>https://forum.fedi.dk/post/https://wikis.world/users/anticomposite/statuses/116506162144551985https://forum.fedi.dk/post/https://wikis.world/users/anticomposite/statuses/116506162144551985Sat, 02 May 2026 17:29:12 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 17:29:06 GMT]]>@leo is that perhaps the period where your subscription had expired?

]]>https://forum.fedi.dk/post/https://twit.social/users/andrewh/statuses/116506161750200552https://forum.fedi.dk/post/https://twit.social/users/andrewh/statuses/116506161750200552Sat, 02 May 2026 17:29:06 GMT<![CDATA[Reply to Well this is concerning. on Sat, 02 May 2026 17:24:19 GMT]]>@leo this is a pretty big deal. if youre running the stock mastodon code and not something like glitchsoc, this is worth submitting an issue to github about

]]>https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116506142946399517https://forum.fedi.dk/post/https://mastodon.social/users/Viss/statuses/116506142946399517Sat, 02 May 2026 17:24:19 GMT