Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Google Discover adds AI summary and threatens publishers with more traffic

July 15, 2025

Ukrainian hackers claim to have destroyed servers of Russian drone manufacturers

July 15, 2025

Venture acquires a rare Native American-led fund at Betsy Fore's Velvetin venture

July 15, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    Google Discover adds AI summary and threatens publishers with more traffic

    July 15, 2025

    July 15, 2025

    NextDoor's redesign app with AI recommendations, local news, and real-time emergency alerts

    July 15, 2025

    Following YouTube, Meta announces crackdowns on “non-original” Facebook content

    July 14, 2025

    When browser wars get hot, there are the hottest alternatives for Chrome and Safari in 2025

    July 14, 2025
  • Crypto

    Bitcoin surpasses $118K at the second highest high in 24 hours

    July 11, 2025

    Vitalik Buterin reserves for Sam Altman's global project

    June 28, 2025

    Calci will close a $185 million round as rival Polymeruk reportedly seeks $200 million

    June 25, 2025

    Stablecoin Evangelist: Katie Haun's Battle of Digital Dollars

    June 22, 2025

    Hackers steal and destroy millions of Iran's biggest crypto exchanges

    June 18, 2025
  • Security

    Ukrainian hackers claim to have destroyed servers of Russian drone manufacturers

    July 15, 2025

    Doge staff with access to American personal data leaked their private Xai API key

    July 15, 2025

    Episolus informs millions of people that their health data has been stolen

    July 14, 2025

    Trump administration spends $1 billion on “aggressive” hacking operations

    July 14, 2025

    It has been revealed that it has confused the winner of the 2025 audience selection

    July 14, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    Venture acquires a rare Native American-led fund at Betsy Fore's Velvetin venture

    July 15, 2025

    A comprehensive list of 2025 tech layoffs

    July 15, 2025

    Rwazi raises a $12 million Series A to help businesses with consumer insights and intelligence

    July 15, 2025

    TC All Stage is on sale in Boston today

    July 15, 2025

    Brian Cinderman's new fund has a twist, with Peter Thiel as a major supporter

    July 14, 2025
TechBrunchTechBrunch

Spam attack on Twitter/X's rival Mastodon reveals vulnerabilities in Fediverse

TechBrunchBy TechBrunchFebruary 20, 20246 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


The spam attacks that affected open source Over the past few days, attackers have targeted the small Mastodon server by leveraging open registration to automate the creation of spam accounts. Mastodon founder and CEO Eugen Roszko acknowledged the attack in a post over the weekend, and to address the issue, Mastodon's server administrators switched registrations to approval mode and discarded email providers. It added that it is necessary to block.

Rochko points out that this is not the first spam attack to affect Fediverse, but previously only large servers like Mastodon.social were targeted. Because that server is run by Mastodon's own team, they were able to mitigate those attacks themselves. The difference this time is that spammers were targeting smaller or abandoned servers that offered open registration, allowing attackers to quickly create accounts and generate spam. .

Image credits: Eugen Roszko speaks on Mastodon

As reported by Mastodon, this particular attack was fully automated when the attackers realized they could script spam, resulting in a dispute between two sides on Discord, with one side attacking the other. This happened because someone was trying to get the Discord server banned. (Learn more here.) Many of the spammers' other targets were not just Mastodon, but Misskey as well. (Misskey, like Mastodon, Pixelfed, PeerTube, etc., is an open source decentralized blogging platform that uses the ActivityPub protocol and allows users to interact with users on other federated social platforms.) Japan Even in the forum, many of the targets were in Japan.

This spam attack highlighted one of the weaknesses in Fediverse's structure. Mastodon is open source software that anyone can install on their own server, essentially allowing them to establish their own instance or node that utilizes the ActivityPub protocol to connect with other federated social networking servers.

Mastodon's small servers are often hobbyist projects run by hobbyists, so they were vulnerable to this type of attack. If your server administrator doesn't pay attention to your server on a daily basis and suggests open registration, you may be a victim of spam.

Or as one server administrator @Chris@mastodon.cosmicnation.co put it: “Some instance administrators were reminded that they had instances. And we also learned that there were many abandoned instances, with the door wide open for unauthorized registration.”

Over the past few days, server administrators have worked together to create an ongoing list of abandoned instances that other administrators can use as the basis for blocklists to protect their users from spam attacks. Administrators decided it was easiest to wait out attacks or abandon Mastodon altogether, so many servers were simply shut down.

Tapbots' popular third-party Mastodon app Ivory now has a custom filter called “Potential Spam” that allows users to mute mentions of spam.[フィルター]We have released an emergency update to add to the tab. The company said that while affected users could turn on the filter to catch most spam, it did not stop them from receiving spam push notifications.

As of this morning, the attacks appear to be subsiding. Technologist and researcher Tim Chambers (@tchambers@indieweb.social) said today, for the first time in four days, that his 40 spam accounts should be suspended on servers he manages. said that it was less than Mastodon told TechCrunch that Mastodon has multiple tools on active servers with a reactive moderation team to prevent automated account registration, including approval mode, CAPTCHAs, and various blocking tools. As a result, the attacker was dealt with very quickly. He also pointed out that the spam attacks are ending now that the two hacker groups have apparently reconciled.

Some saw the experience as a positive for the social network and the wider Fediverse, as it revealed weaknesses that could now be discussed and addressed, but they were angered by the experience and Lochko's lack of response in the early stages of the attack. There were also people.

“This has ruined my Mastodon experience. It makes me want to walk away and give up,” wrote one Mastodon server administrator sam@urbanists.social. “And Mr. Eugen's continued silence on this issue does not help that,” they said.

Renaud Chape, Mastodon's chief technology officer, said the attack forced the company to improve its software.

“Currently, there are no good built-in tools to handle this, as this is a complex problem. Federated networks are not easy — but there are many ways to improve our ability to fight spam and fraud.” I have an idea,” he said. “These are things we will be working on over the next few months. We are always working to improve our software (our last release introduced optional capture support). The workaround is to toggle the settings on new instances so that they don't default to wide open, and add a banner that notifies administrators that fully open instances should be actively moderated. Therefore, this requires a careful decision by management,” Chaput added.

Since the introduction of Instagram Threads, another Twitter/X competitor, which also plans to federate using ActivityPub, the use of Mastodon has been on the decline.

Last October, Mastodon's monthly active users had grown to about 1.8 million. By the time Threads was released to the public, that number had dropped to 1.5 million. This month, with the public launch of Bluesky, another decentralized social network based on a different protocol (i.e. not part of the same Fediverse, at least until a bridge is built), Mastodon usage will be active for the month The number of users has decreased to 1 million.

According to the company's website, Mastodon is still in use there. The broader Fediverse, which includes Mastodon and other apps, has about 2.9 million monthly active users. While Thread's entry into this space dwarfs other Mastodon servers and may provide Meta's technical expertise in areas such as spam prevention, many believe that Meta's ultimate goal is , is concerned that by becoming the default client of choice for users and using its service, they are essentially hijacking the Fediverse. Essential resources for expanding your app adoption in Meta.

February 20th, updated at 1:31pm on the 24th to add comments from Mastodon CTO.



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Google Discover adds AI summary and threatens publishers with more traffic

July 15, 2025

July 15, 2025

NextDoor's redesign app with AI recommendations, local news, and real-time emergency alerts

July 15, 2025

Following YouTube, Meta announces crackdowns on “non-original” Facebook content

July 14, 2025

When browser wars get hot, there are the hottest alternatives for Chrome and Safari in 2025

July 14, 2025

Elon Musk's Groke makes AI companions, including goth anime girls

July 14, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

Google Discover adds AI summary and threatens publishers with more traffic

July 15, 2025

Ukrainian hackers claim to have destroyed servers of Russian drone manufacturers

July 15, 2025

Venture acquires a rare Native American-led fund at Betsy Fore's Velvetin venture

July 15, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.