This might spark outrage but can we note ips to accounts so if they mass register, other servers get notified through federation and deactivate those (new) accounts or block registration at all?
The idea would be:
- I register an acocunt, my ip gets noted, I assume they federate immediately?
- i register another account on the same ip since no relog/isp change happened, my ip came through federation, i dont get blocked since this could have been a mistake
- i register another account, gets blocked for mass registration
The obvious way around this would be changing your ip constantly but its at least uncomfortable for an attacker.
Now comes the kicker:
- I start spamming, get banned
- I spam with another account, same ip, same ban reason on another server, ip ban gets triggered since they’re close in time
- ip ban shuts me down for 12 hrs? i will change the ip anyway but it slows down the attack again and makes automation hard.
Feel free to poke holes in this. i‘m trying to find solutions, not be right. But please be gentle, I‘m trying to help.
If you’re thinking of the recent spam wave, they were using Tor. It’s reasonably easy to block all Tor traffic. However, then you block all Tor users. You can’t identify one Tor user from another, which is pretty much the point of Tor.
Thanks for pointing this out.
I feel like there is great potential for a „brace“ action federating in case of an attack where maybe tor stops functioning when one or more (trusted) servers recognize an attack.
This could include disabling tor for a certain amount of time.
Maybe we should also disable posts without comment history or account age of x. Then again, we could disable accounts from posting that have lain dormant for x amount of time.
Literally tons of ways to combat this.
Have you heard of Fediseer? Instances guarantee each other, and if there is say a spam attack from an instance, the instance that guaranteed them could remove the guarantee then any instance that syncs their federation to Fediseer would be defederated until the instance was guaranteed again. There’s a bit more to it, but that’s the basics.
Rest assured, where there are problems there are people working on solutions! But things take time