Just had to block the first spam account on https://infosec.exchange. I suspect Mastodon is going to quickly need to implement defensive tools to combat automated spam account registrations, as has had to be done on other sites, like blogs and forums. My wordpress instance for defensivesscurity.org, for example, has about 2k-3k attempted spam account registrations per day. Given the nature and reach of Mastodon, I suspect spammers will focus their efforts here soon
@stolas @bortzmeyer @gougerenet I hope you’re right. But I see a possibly different nightmare scenario. Given that these campaigns are often completely automated, there’s little difference to a spammer spamming 1 instance or 1000. In any event, it’s pretty manageable now, but I’ve seen how bad it can get and I don’t think GS/Pleroma/Mastodon/et al have the tools in place for admins to cope without disabling registrations
In German but EN translation is:
Unfortunately, our little toot.BERLIN was discovered by scriptkiddies, who created tons of accounts and post spam. We have temporarily suspended the registration of new accounts. If you want to help with cleaning up, please report all spam accounts that come in contact with you via the report function in Mastodon. Danke Unse
@jerry do you use wordfence by any chance?
A Mastodon instance for info/cyber security-minded people.