Anyone else seeing spammy-looking signups from QUALITYNETWORK IP ranges? #mastoadmin
Here's a slightly revised CIDR list that seems to cover all the IPs used by the spammers so far:
(some CIDRs are redundant because they're from different sources)
Hopefully that'll do for now.
@pfigel Is there an easy way to put that into iptables or maybe nginx?
I don't have anything with iptables to hand to try this out with (my stuff all runs nftables), but here's the rough idea:
If someone more familiar with this stuff can verify what I wrote is sane, I'd be grateful!
@pfigel Sidenote but - I hope there is a nice list :3
Here's a version of the block list you can dump in your nginx to get rid of the bots:
The advantage of using nginx here instead of your firewall/iptables is that you'll have an easier time checking for false-positives in logs (in case I fucked up); the bots follow a predictable pattern (GET / then GET /auth/sign_up) while real traffic would stand out.
mastodon.at is open to all users and federates with most instances.
🇩🇪 🇦🇹 🇨🇭 mastodon.at ist offen für alle User und ist mit vielen anderen Instanzen verbunden.