Conversation

Notices

1. Embed this notice
   Eugen Rochko (gargron@mastodon.social)'s status on Friday, 18-Apr-2025 21:53:28 JST Eugen Rochko

   in reply to

   • かき@GNUsocialJP
   • Admin Jerry
   • ClearlyClaire

   @admin @ClearlyClaire There is a sign-up API, probably using that. That would be `POST /api/v1/accounts`

   • Embed this notice
     Admin Jerry (admin@hear-me.social)'s status on Friday, 18-Apr-2025 21:53:29 JST Admin Jerry

     • ClearlyClaire

     Riddle me this. How can a spammer start their account creation from /auth/confirmation? He does this every week. He never accesses /auth/sign_up. He always first shows up in the logs accessing /auth/confirmation.

     I have his ASN blocked by the Cloudflare firewall from accessing /auth/sign_up. I see in the Cloudflare logs that he tried to access /auth/sign_up but got a 403 from Cloudflare. The request is nowhere in my logs. It was truly blocked by the proxy server.

     But, then suddenly he's using /auth/confirmation with the same blocked ASN seconds later and creates the account. Today I added the same ASN restriction to /auth/confirmation to try to stop future sign-ups, but this is beside the point.

     It's like he tries to go to sign_up, gets a 403, and then uses some alternative means to begin the signup process.

     He's not getting in with an invitation code, either.

     Can he be using an existing account in some way to get an access token for an API call of some type to begin registration?

     How does he do this?

     #MastoAdmin #MastoDev @Gargron @ClearlyClaire