Nicholas Frota is a user on lazy8.social. You can follow them or interact with them if you have an account on Mastodon. If you don't, you can sign up here.
Nicholas Frota @nonlinear

Turns out my instance is being abused by movie pirate bots. As a , how can I not only deletes them but prevent it from happening?

Any blacklist? Or do I have to weed it out manually every time? I don't have time or resources for the attacks and I need some help.

@nonlinear I had good luck making instance sign-ups invitation-only for a couple days. Once the bots figured out they couldn't register they quickly moved on and I could reopen. Haven't seen one since.

@nonlinear ...and I just saw this was from a week ago, I hope you've fixed it since then!

@noelle I didn't... But I will.

If i should only close and open after a spike, maybe mastodon could automate that? A brake mechanism, closing direct signups after a threshold? Be it IP or velocity?

Or does "I'm not a robot" actually works? Does it?

@nonlinear It's worth suggesting, anyway. And while I've seen people beat captchas, I don't know how commonplace it is.

@nonlinear Make it invite only at the user level, then ban all the bots?

@nonlinear lol this took some searching, but tracked it down...

You set an environment variable:
github.com/tootsuite/mastodon/

Lemme know if that's unclear or if you have more questions

@slackz I hear you. And this doc is priceless.

But it's still after the fact. And its a build your own blacklist, so each instance gotta fend for themselves.

I mean, of course I can fix it, but it's an instance of 1 and a half admins, so anything that can ease our burden is welcome.

@nonlinear oh for sure. I def hear that. I haven't contributed code yet, but I'm familiar with rails and shit. Workin right now but I'd be happy to try to investigate further and try to get a PR in for this.

Totally agree that moderation stuff needs to be as robust and accessible as poss. Ppl came to this network as an alternative to facebook/twitter cesspools, so we need to have much easier tooling around handling abuse

I'm fairly new to #mastodon, and still learning admin basics myself.

@nonlinear :mastodon: 2.4.1 is supposed to have some improved sign up system to prevent them from creating accounts. I had to disable registrations a couple of times recently in order to prevent the same thing.

@bugaevc @nonlinear yup that’s tricky – I’ve been using a blacklist using nginx config.

Please make sure to report any of those to me, Sergey. Thanks!

@ashfurrow @bugaevc ooh nice, will do.

In the end blacklist of sock puppet farms is good for all of us.

I mean, a Mastodon instance for invasive sock puppets? I don't think it's on anyone's interest.