Thinking about closing registrations for infosec.exchange due to the crazy number of spam registration attempts.
@jerry Approve-based registrations feature is in progress right now. Although I am currently unsure how you would be able to tell in advance if they are going to misbehave...
@Gargron That will be difficult, though I will say that looking at the email addresses is often a giveaway... spammers seem of often use complicated local parts @ gmail/yahoo/msn/etc. It's not an exact science, for sure.
@gargron @jerry A two week (or month) period of observation where you get reported any links that get posted, and fires a flag if you get multiple coincidences of one domain, and which new accounts posted it, along with their percentage of posts with links from their grand total.
Noticing how many followed people they have, and whether they follow each other might also be useful. But that might require advanced techniques for network detection.
@jerry Create an infosec capture-the-flag challenge for new accounts ;)
@bcl oh, that's a good idea!
Is there an easy/obvious way to tell these are spam? Is the intent to create and account and use it to spam the instance? Commercial? Ideological? Other?
@smays Some of them are pretty obvious, like "firstname.lastname@example.org", among others. They're all commercial - trying to sell term paper writing services, bedroom furniture, fake norton antivirus, and all sorts of other stuff.
Bots? Humanoid? Both?
@jerry is there a way regular users can help with this issue?
@jerry This seems acceptable. You can also look into nominating some moderators so that you can share the load :)
@jerry What about adding some kind of hoop to jump through?
A Mastodon instance for info/cyber security-minded people.