Someone appears to have implemented an interesting public service bot that may demonstrate a potential attack.
Overnight, someone opened an account on my server to advertise a gambling website. I suspend these account types every morning.
But, this morning I saw a report about the account, which surprised me, since the offending account hadn't posted anything. Why would anyone have seen it?
The report was placed by a bot, @mastodon.internal.
If this is a bot that finds scam/spam accounts, it is helpful. But, I didn't know bots could open reports and this is what bothers me.
Can a bot open countless reports as a DOS attack against a server?
Is there anyone who can comment on this?
Do you happen to know how reporting works with the #ActivityPub protocol? Is it part of the protocol, or something #Mastodon added on, or is it part of the protocol but just transmitted through a standard bit of content addressed to the admin?
I’d go look it up myself but I am on my phone right now, so I’d be interested if you happen to know.
