It looks like a new spamming tactic will be to set up your own instance and then just mass spam to other instances from there. Case in point, vive.im I’ve been noticing spam in one magazine from a user of this. I banned them, but they can still post for some reason. Decided to visit the instance and it looks like some default front page with ‘3’ active users. If you look at the user’s account on there they’ve made 12k posts already and seem to have a script set up to push their blogspam 3-4 times per minute.

  1. We need a clear process to report and get these kinds of things removed quickly.

  2. Bans need to work properly and stop these users from posting.

  • SirNuke@kbin.social
    link
    fedilink
    arrow-up
    14
    ·
    edit-2
    1 year ago

    Seems like manually approving new instances before they are allowed to push content to Kbin would be a good idea. Shouldn’t gatekeep but blindly accepting them means playing an endless game of whack-a-mole.

    • duringoverflow@kbin.social
      link
      fedilink
      arrow-up
      15
      ·
      1 year ago

      i don’t agree. I think it is important to maintain a blacklist instead of a whitelist where people would then submit what they need to add which will then will need to be approved etc. It will decrease the federated experience.

      • crossmr@kbin.socialOP
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        That only works if you have a group of responsive admins who can watch that for abuse. It really hasn’t taken long for someone to figure out how to abuse that for spam.

        • SirNuke@kbin.social
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          1 year ago

          I’m inclined to say I’m not a fan of my idea on a philosophical level, but we can’t ignore the practical considerations here either. Endlessly banning spam instances is not going to be fun and takes away time and effort on the admin’s part that could be better spent on useful things. A site clogged by spam is also not going to be useful, in which case it doesn’t matter how well you adhered to your principles.

          These interests are competing, but I think there’s a compromise to be found. I’m going to suggest rate limiting for new instances until they’ve produced a certain amount of content (so say until they’ve produced X comments+links with a minimum Y days), plus a system that automagically puts new instances in the timeout box if enough users report their content. Admins can manually skip the warm up period for new instances, and also review the timeout box to see if it’s actually a concern.

          • Haily@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            I think Lemmy may be doing something similar, actually. At least, I’ve noticed that smaller instances don’t seem to be federating nearly as well as larger instances. Obviously Mastodon have figured out a way around this as well, so it’s clearly doable.

        • Books@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Can you share an example of an instance that is linked to kbin.social that has been spammy? I’m an example based learner, it will help me wrap my head around it.

    • riskable@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      IMHO: We should retain automatic federation approval but with automated de-federation for bad behavior. Thresholds could be increased for “merely very active” instances so they don’t get automatically defederated while newcomers get the threshold for “plebs” 😁

      Example: If your instance has just a handful of users spamming like crazy or any number of users spamming the same content/links that would put your instance over such a ban threshold pretty fast.

    • Moonstone@nerdbin.social
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      This doesn’t seem ideal though, because newer instances will be silenced and never get a chance to grow. In any case, it would be reasonably easy to create a kbin and load it up with fake accounts anyways, to get the numbers up. A more standard approach is to simply look at the traffic coming from smaller kbins and if they are sending lots of requests, automatically remove the instance. This could still be caused by one bad actor making it’s way onto a newer server though.

  • TheOneCurly@feddit.online
    link
    fedilink
    arrow-up
    14
    ·
    1 year ago

    As a user on kbin you can block a whole domain. That definitely works on the post level and I would assume the comment level as well but I haven’t tested that part.

  • ernest@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I’ll try to take care of it today and potentially clean up the activity. For now, I’ve limited the traffic from that instance. I’m currently working on additional tools for moderators.

    • crossmr@kbin.socialOP
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Thanks Ernest. I definitely think if we’ve blocked a user in a magazine the microblog shouldn’t be picking up stuff from them, and we need to be able to turn on automatic hashtag pickup or not.

    • crossmr@kbin.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Hey Ernest, not sure if you did something or not, but still picking up posts from this guy

  • Rairii@haqueers.com
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    @crossmr thanks for this post, this server has been involved in spam for almost two months so I alerted the microblog side of fedi

    I noticed [email protected] was followed by two kbin.social users, and kbin has an “interesting” feature where a microblog post goes into the magazine named after its first hashtag (if it exists), hence why your subs are getting them

    i think the two kbin.social users might have followed this user by mistake. i checked their profiles and they both look legitimate to me.

  • zakatak@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I would like some kind of content-warning type situation, but where I can define what kind of content I want to restrict. And then, somehow, instances have tags associated which then apply to all of their users so that I can have a warning that users of a given instance have a reputation for sharing content that I would like a warning about first.

    I would still want the content to be posted, but I would prefer that it requires me to actively unhide the content and default to always seeing it.