Ludrol @ludrol@qoto.org

Hey everyone!

I'm working on a video to see what the Linux community (or at least people who follow me) actually use.

So, I created a little form, hosted on my Nextcloud (hopefully it's up to the task...)

It's only up for 2 days, so don't hesitate to share it around, it will help me "touch grass" and see if my preconceived notions are confirmed, or invalidated!

https://nextcloud.thelinuxexp.com/index.php/apps/forms/s/XQRzMrs8QTtCjDfSyP4koA9o

Of course, it's all anonymous, no personal data, it's just for the purposes of creating the video.

All this talk about #xzorcist over the weekend, I want to also point out that it's important to remember that the "software supply chain" largely does *not* exist in regards to open source, because most people have no real relationship other than parasitic consumption with the project.

@Di4na's great blog post on this topic explains it quite well: https://www.softwaremaxims.com/blog/not-a-supplier

software assisted egodeath

My thoughts on this xz/liblzma stuff[0] is that we're reaching a boiling point where no one checks anything. Until we make simpler systems with less moving parts this will continue to happen.

[0] https://www.openwall.com/lists/oss-security/2024/03/29/4

Hej, z racji tego że chcemy przeprowadzać pewnego rodzaju promocje Fediversum, potrzebujemy mieć do tego trochę danych, których bez Was nie zdobędziemy.
Dlatego proszę Was o wypełnienie krótkiej ankiety z 4 pytaniami.
Z góry dzięki!

https://nch.pl/apps/forms/s/ycfALeiy7LoQiHk94Dr9bsZd

Prośba o boost :)

Introducing Loops, a fediverse TikTok platform.

Explore and share short videos on the fediverse using your Pixelfed or Mastodon account.

Available Soon.

https://loops.video

Follow @loops for early access to the beta and updates.

#loops #pixelfed #pixelfedLoops

Saw a very pretty black catte chilling in a window in the sun and a very polite duck this morning on my walk, it was nice.

Z naszego serwera zamiast szmeru wydobywa się chwilowo biały szum...

Bardzo przepraszamy za utrudnienia w dostępie i postaramy się wrócić tak szybko jak to możliwe.

Introducing the Open Science Network
We're thrilled to be part of this initiative dedicated to building open and federated digital spaces to push the boundaries of open science and scholarly communication.
Explore more on the website: https://openscience.network
Dive into the details in our announcement blog post: https://bonfirenetworks.org/posts/openscience_network/
@brembs @UlrikeHahn @jorge @open_science
#openscience

Nya~!

To all Fedi Admins Currently Being hit with a Spam Wave:

This kind of spam is now over! Unmute all the instances no longer on my list!

I've just released v4.0.0 of The UNmute List! I'd be very happy about a small donation because I have very little time and I cannot really justify working on this list with my current schedule ​

There is a new type of spam, the same instances are affected as before. Those responsible in Japan are said to have been arrested.

Without further ado...

Limit these instances:

[Full List of Affected Instances Here]

Just get the list to download and import here.

Simply import this list and you'll mute the 47 worst spam instances currently known to me! I've worked on it for multiple weeks, sometimes ~9 hours at a time verifying all lists sent to me manually.

Limit first, defederate only in worst situations!

Consider re-federating with and un-silencing any of the mentioned instances once the spam is mitigated. The admins of some of these may have just been asleep when this all started.

Ban Spam Accounts via their E-Mail Domain

Block the following E-Mail Domain and whatever temp Mail provider it resolves to: chitthi.in

Just to be safe, block these ones too (same provider)

mailto.plus
fexpost.com
fexbox.org
mailbox.in.ua
any.pink

All our spam accounts came from these E-mails.

Since you probably have some of these accounts sleeping:

https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in there just select all and press “Ban”.

Find Remaining Spammers

I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway:

https://mamot.fr/@vincib/111946701929274350

IP Bans and TOR

These spammers seem to be using the TOR Network as all of their IPs are TOR Exit Node IPs, hence an idea (with some collateral damage if executed) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (political refugees, leakers of important documents, etc.) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.

How To Block All Temp E-Mails in the Future

If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:

Here is the list of all Temp email providers (there are both blocklist and allowlist)
Here how to install it in Mastodon
The script that automatically pulls the list via Cronjob and imports it into Mastodon
Script template

Because of this, hessen.social, for example, was not affected by the spam attack! They had already banned the email domain the spammers used ages ago.

In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.

Why did this happen?

The real reason hundreds of us spent hours of our days during the spam on mitigating it is the following:

Cyberbullying Gone Global: Fediverse Spam and Operation Beleaguer

This is the full exposé @cappy has been working on regarding the February 15th Spam Attacks!

Thank you @BrodieOnLinux@linuxrocks.online for mentioning this post in a video!

Good luck, everyone!
Thanks for participating in the Fediverse Experiment!

#FediBlock #FediAdmin

There's currently an incident involving some kind of Japanese skids who call themselves the "Kuroneko" organization.

They seem to be attempting to commit DDoS attacks on Misskey servers, constantly creating new accounts on compromised instances and spamming advertisements for their hacking services.

Admins who are federating with these compromised servers, while they might not get compromised themselves, may be affected by the sheer amount of traffic volume from their spam.

Admins are advised to #fediblock or temporarily stop sending requests to affected servers for now, if they don't want to get secondhand DoS'd

IMO I never expected them to be Japanese out of all things, kinda funny. They also host VOICEROID and VOICEVOX TTS bots on their Discord apparently. Kinda a weird flex I guess.

But yeah, probably just a bunch of skids.
#fediblock #fediadmin #fedadmins #mastodadmin #misskeyadmin