GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    K. Ryabitsev ???? (monsieuricon@social.kernel.org)'s status on Sunday, 18-Feb-2024 06:21:16 JST K. Ryabitsev ???? K. Ryabitsev ????
    FYI, the Fedi spam problem is only starting out. It won't take much effort for someone to write a payload running on random compromised webservers to send copious amounts of spam via activitypub, making blocklists ineffective.

    We will basically need to implement all the same anti-abuse stuff we're already doing for email in order to cope with it on the fediverse -- greylisting, dnsbl, domain authentication, etc.

    Sadly, the only way this won't happen is if ActivityPub stays sufficiently niche to make other targets more popular for spammers.
    In conversation about a year ago from social.kernel.org permalink
    • clacke likes this.
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Sunday, 18-Feb-2024 06:21:19 JST clacke clacke
      in reply to
      • marius
      @mariusor @monsieuricon Implement a Fedi server on the compromised web server.
      In conversation about a year ago permalink
    • Embed this notice
      marius (mariusor@metalhead.club)'s status on Sunday, 18-Feb-2024 06:21:20 JST marius marius
      in reply to

      > It won't take much effort for someone to write a payload running on random compromised webservers

      @monsieuricon that's not true because generally servers don't accept incoming payloads if they don't have a valid HTTP Signature.

      So a random compromised machine also needs access to a random compromised fediverse actor (in order to have access to its private key) so it can generate a valid signature/digest.

      It's not much harder, but still.

      In conversation about a year ago permalink
    • Embed this notice
      Hex Batch (hexbatch@mastodon.online)'s status on Sunday, 18-Feb-2024 06:21:23 JST Hex Batch Hex Batch
      in reply to
      • marius

      @mariusor @monsieuricon what happens if I or someone else registers thousands of new instances? Is this not hard to do? And what stops me from making tens of thousands each and day and flooding all the servers with advertisements? Each would have different and valid credentials. What if I had access to hundreds of thousands of ips from a botnet?

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Sunday, 18-Feb-2024 06:21:25 JST clacke clacke
      in reply to
      • marius
      • Hex Batch
      @hexbatch @mariusor Yes. At some point servers will have to require explicit admin approval to fully federate with newly discovered servers.
      In conversation about a year ago permalink
    • Embed this notice
      Hex Batch (hexbatch@mastodon.online)'s status on Sunday, 18-Feb-2024 06:21:26 JST Hex Batch Hex Batch
      in reply to
      • marius
      • Hex Batch

      @mariusor @hexbatch so eventually someone, or many, will try as the fediverse expands. There are hundreds of people and groups who do much what I describe weekly on the web to run advertisements and spam. it’s just blind luck nobody tried yet?

      In conversation about a year ago permalink
    • Embed this notice
      marius (mariusor@metalhead.club)'s status on Sunday, 18-Feb-2024 06:21:27 JST marius marius
      in reply to
      • Hex Batch

      @hexbatch yes

      In conversation about a year ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.