It looks like a new spamming tactic will be to set up your own instance and then just mass spam to other instances from there. Case in point, vive.im I’ve been noticing spam in one magazine from a user of this. I banned them, but they can still post for some reason. Decided to visit the instance and it looks like some default front page with ‘3’ active users. If you look at the user’s account on there they’ve made 12k posts already and seem to have a script set up to push their blogspam 3-4 times per minute.
-
We need a clear process to report and get these kinds of things removed quickly.
-
Bans need to work properly and stop these users from posting.
@ernest , that server has no Public info at all - can we limit/silence or defedrate it ?
As a user on kbin you can block a whole domain. That definitely works on the post level and I would assume the comment level as well but I haven’t tested that part.
Unfortunately I’m looking at this from the perspective of a moderator, and the issue is that despite being banned, they can still post to the microblog.
how do you block them? I would also like to block those two.
on kbin at least you can go to kbin.social/d/<domain you want to block> and click the little 🚫next to the subscribe button.
deleted by creator
Yeah, I was having mixed results too. I’ve blocked a few domains and still had posts from them show up. Others don’t show up at all. I wonder if there’s shenanigans going on in the back end related to this
I think it blocks content from that domain not posts, so if someone there posts a YouTube link you still see it
deleted by creator
That does not work unfortunately…
Seems like manually approving new instances before they are allowed to push content to Kbin would be a good idea. Shouldn’t gatekeep but blindly accepting them means playing an endless game of whack-a-mole.
i don’t agree. I think it is important to maintain a blacklist instead of a whitelist where people would then submit what they need to add which will then will need to be approved etc. It will decrease the federated experience.
That only works if you have a group of responsive admins who can watch that for abuse. It really hasn’t taken long for someone to figure out how to abuse that for spam.
I’m inclined to say I’m not a fan of my idea on a philosophical level, but we can’t ignore the practical considerations here either. Endlessly banning spam instances is not going to be fun and takes away time and effort on the admin’s part that could be better spent on useful things. A site clogged by spam is also not going to be useful, in which case it doesn’t matter how well you adhered to your principles.
These interests are competing, but I think there’s a compromise to be found. I’m going to suggest rate limiting for new instances until they’ve produced a certain amount of content (so say until they’ve produced X comments+links with a minimum Y days), plus a system that automagically puts new instances in the timeout box if enough users report their content. Admins can manually skip the warm up period for new instances, and also review the timeout box to see if it’s actually a concern.
I think Lemmy may be doing something similar, actually. At least, I’ve noticed that smaller instances don’t seem to be federating nearly as well as larger instances. Obviously Mastodon have figured out a way around this as well, so it’s clearly doable.
Can you share an example of an instance that is linked to kbin.social that has been spammy? I’m an example based learner, it will help me wrap my head around it.
vive.im as I said in the initial post. I think it’s a single purpose instance made by that user just to spam his blog
IMHO: We should retain automatic federation approval but with automated de-federation for bad behavior. Thresholds could be increased for “merely very active” instances so they don’t get automatically defederated while newcomers get the threshold for “plebs” 😁
Example: If your instance has just a handful of users spamming like crazy or any number of users spamming the same content/links that would put your instance over such a ban threshold pretty fast.
This doesn’t seem ideal though, because newer instances will be silenced and never get a chance to grow. In any case, it would be reasonably easy to create a kbin and load it up with fake accounts anyways, to get the numbers up. A more standard approach is to simply look at the traffic coming from smaller kbins and if they are sending lots of requests, automatically remove the instance. This could still be caused by one bad actor making it’s way onto a newer server though.
@crossmr thanks for this post, this server has been involved in spam for almost two months so I alerted the microblog side of fedi
I noticed dnc@vive.im was followed by two kbin.social users, and kbin has an “interesting” feature where a microblog post goes into the magazine named after its first hashtag (if it exists), hence why your subs are getting them
i think the two kbin.social users might have followed this user by mistake. i checked their profiles and they both look legitimate to me.
I’ll try to take care of it today and potentially clean up the activity. For now, I’ve limited the traffic from that instance. I’m currently working on additional tools for moderators.
Hell Ernest, 7 months on, this is still an issue.
Thanks Ernest. I definitely think if we’ve blocked a user in a magazine the microblog shouldn’t be picking up stuff from them, and we need to be able to turn on automatic hashtag pickup or not.