Here's a version of the block list you can dump in your nginx to get rid of the bots:
The advantage of using nginx here instead of your firewall/iptables is that you'll have an easier time checking for false-positives in logs (in case I fucked up); the bots follow a predictable pattern (GET / then GET /auth/sign_up) while real traffic would stand out.
Here's a slightly revised CIDR list that seems to cover all the IPs used by the spammers so far:
(some CIDRs are redundant because they're from different sources)
Hopefully that'll do for now.
Definitely looks like a spam campaign. So far all accounts signed up from the same ISP. Here's a script you can paste in your rails console to find all users from IP ranges belonging to that ISP (assuming I didn't miss any):
To get to the rails console, run this in /home/mastodon/live as the mastodon user:
RAILS_ENV=production bundle exec rails c
You might also want to temporarily ban those IP ranges if the sign-ups don't stop. I did.
Anyone else seeing spammy-looking signups from QUALITYNETWORK IP ranges? #mastoadmin
#Pinafore v0.2.0 is out!
- new "Sorcery" theme by @mlcdf
- block/unblock accounts
- mute/unmute accounts
- CSP for better security
- fix emojos in CWs
- perf and UI fixes
#Pinafore v0.1.4 is out:
- hit Ctrl-Enter / Cmd-Enter to post a toot
- new Cobalt dark theme
Thanks very much @SpankyWorks @codl @chris ! https://github.com/nolanlawson/pinafore/releases/tag/v0.1.4
mastodon.at admin | Software Development | DevOps | InfoSec | @patfigel on Twitter | keybase.io/pfg | GPG: 286BE9D35F9FE18A | DM for Signal | Vienna, Austria
mastodon.at is open to all users and federates with most instances.
🇩🇪 🇦🇹 🇨🇭 mastodon.at ist offen für alle User und ist mit vielen anderen Instanzen verbunden.