#fediblock #mastoadmin mstdn.social is also been attacked.
mastoadmin
#mastoadmin #fediblock #fediblockmeta
TAKE ACTION NOW
Between 5:12am and 6:15am UTC mstdn.plus was hit with 111 registrations that are suspected to be part of the Japanese-language spam. (They have been intercepted and no spam was resulted.)
1. The accounts have "$USERNAME@chitthi.in" as email.
2. They appear to be using Tor exit nodes. Some IPs involved (number of accounts):
- 185.220.101.0/24 (33)
- 192.42.116.0/24 (30)
- 185.220.100.0/24 (8)
Frantech IPs also observed.
TAKE ACTION NOW
as:Public will support (one-way) bridging to #BlueSky in a future release, along with account search (they both require that I add the concept of accounts)
As always, collection of statuses occurs from public firehose feeds, so instance blocks will not affect collection or bridging.
The amount of bullying I'm seeing towards the developers of an already-existing bridge is simply unacceptable. One of the primary goals behind the #asPublic project is to show that this sort of antisocial behavior is not how one gets what they want.
Mastodon 再次发布紧急安全更新。
请站长立刻更新。
更新描述为
安全性:修正对远端贴文的检查不足。
https://github.com/mastodon/mastodon/releases/tags/v4.2.7
目前暂时没有公开的安全告知:
https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36
#Mastodon #MastoAdmin #Security
@board @board@a.gup.pe
RE: https://tech.lgbt/users/ShadowJonathan/statuses/111940983829390502
Dear #mastoadmin TURN OFF OPEN REGISTRATIONS! Just fot a while. Set it to require moderator approval. Captchas apparently also help. Please stop the madness
Owners of public Mastodon servers, you might want to set your signups to approval mode to prevent spammers:
1. Log in on your server's website
2. Go to Preferences
3. Go to Administration
4. Go to Server Settings
5. Click the Registrations tab at the top
6. In the "Who can sign up" menu select "Approval required for sign-up" (optionally also tick the box for requiring a reason)
7. Click "Save Changes" button
Spammers can exploit servers with instant signups.
Re last: Please please please, don't use #HCaptcha! We blind people call it HateCaptcha, and it's for a reason. Their accessibility so-called innovative technology is simply broken and doesn't work reliably. You can't imagine how much time I spent fighting with this so-called accessibility cookie. Please don't use it, for goodness sake. #MastoAdmin
LOL, spammers got mad that we curtailed them through a one line patch.
Obviously we're moving ahead of them, but this is all a game to them (it won't be when criminal liability catches up with them)
We of course have other mitigation strategies in place too, we're just not disclosing what they are.
@board @board@a.gup.pe
注意本次攻击事件不是黑猫服务器所为,请不要因此攻击黑猫服务器及其成员
相关公告
Note that this attack is not done by Kuroneko server, please do not attack Kuroneko server and its staff for this reason
Related Announcement
#长毛象站长联谊会 #什么值得b #什么值得ban #联邦宇宙避雷针 #MastoAdmin #FediBlock #FediBlockMeta #Admin #Spam
Woha, this is unexpected: in a future update mastodon will automatically turn off open registration if no mod has logged in for a week or longer:
https://github.com/mastodon/mastodon/pull/29318
This is great news, and should hopefully significantly cut down on abandoned servers being used to send spam!
(And this is in addition to also having open registrations off by default on new servers.)
Great news!
What’s people’s thoughts about big brands coming to mastodon/fediverse? #mastoadmin #mastodon please boost for more opinions.
Options: (choose one)
My Mastodon server, cyberplace.social, has received a legal threat in an attempt to have a user's thread deleted. It is styled as a cease and desist.
I have published the email here:
https://github.com/GossiTheDog/Cyberplace/blob/main/LegalThreats/Cease%20and%20Desist%20Order%20-%20Felix%20Juhl
A so-called "AI-powered social network start-up" has started cloning posts from across the Fediverse without asking permission. You can find out more in this discussion thread:
https://social.wake.st/@liaizon/112603447990005434
You might want to defederate from Maven, the domains to suspend are:
maven.ly
heymaven.com
This defederation will be much more effective if you have "authorized fetch" switched on, more info about it at https://fedi.tips/authorized-fetch
(via @liaizon)
If you want a really easy way to run @rolle excellent Bird-UI for #mastodon in #docker I've built an image for amd64 and arm64 that you can grab from #gitlab and dockerhub: https://gitlab.com/ric_harvey/docker-mastodon-bird-ui #mastoadmin
Nice quality of life improvement added to the latest #Mastodon code: account cards on hover!
A perfect companion to the upcoming grouped notifications 😃
We need to tune the behaviour a bit, but I am already missing them when using another instance.
All of this will be in 4.3, which we plan to release soon!
So food for thought with moderation on #mastodon. What if we built a system more like discourse.org where users who are more active can help with moderation using trust levels. More info here: https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/ would this be a good idea? #moderation #mastoadmin please boost for reach.
Options: (choose one)
We are happy to announce the first beta release of Mastodon 4.3 🎉 11 months in the works, it is chock-full of improvements, the most prominent being notification grouping and new filtering capabilities, as well as extensive usability overhauls.
Please note that this is a beta, and the stable release is still to come. If you are upgrading your server to it, read the changelog carefully, and open GitHub issues if you encounter anything unexpected.
https://github.com/mastodon/mastodon/releases/tag/v4.3.0-beta.1
If you need help trying to figure out what version of Node, Ruby, Postgres, Redis, Elasticsearch, Libvips, FFmpeg, ImageMagick you need to upgrade your Mastodon instance you can always check out https://www.mastoreqs.com in addition to reading through the release notes of the new version.
Nun ist es endlich so weit. Ich muss mir einen neuen Provider suchen, da mein Provider den Support für #dedizierteServer (d.h. #BareMetal) einstellt.
Wer ist der beste Anbieter für diese in #Deutschland?
Ich würde lieber auf Steintafeln schnitzen, als mich mit #Hetzner, #IONOS ( #1&1 ) auseinanderzusetzen oder darüber nachzudenken, #AWS-Preise zu zahlen. #Contabo sieht gut aus, will aber das Doppelte von dem, was ich derzeit zahle. #Hilfe!
Our August engineering blog post is out - read about the first beta of 4.3, what's coming next, and what the community has been sharing!
https://blog.joinmastodon.org/2024/09/trunk-tidbits-august-2024/
Provedores de Descoberta do Fediverso
@fediadminbr@lemmy.eco.br
O Mastodon vai encabeçar uma proposta para melhorar a busca e descoberta de conteúdo de instâncias do fediverso.
Por meio de "provedores de descoberta", uma instância poderá selecionar nenhum, um ou vários deles para melhorar o sistema de busca.
Mas já que nem tudo que está no fediverso é feito para ser público, além de existirem pessoas sem interesse em serem indexadas, o projeto vai respeitar isso.
Só será indexado quem explicitamente autorizar isso. E dados usados para determinar tendências precisam ser anônimos.
Vale não só para o Mastodon mas para qualquer software do fediverso que se interessar em implementar.
https://mastodon.social/@MastodonEngineering/113125057908864709
@fediadminbr@a.gup.pe